diff --git a/operators/ack-ec2-controller/1.2.21/bundle.Dockerfile b/operators/ack-ec2-controller/1.2.21/bundle.Dockerfile new file mode 100644 index 00000000000..50ccfac3d94 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-ec2-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-controller.clusterserviceversion.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..5ea535ee010 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-controller.clusterserviceversion.yaml @@ -0,0 +1,724 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "DHCPOptions", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "ElasticIPAddress", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "Instance", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "InternetGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "NATGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "RouteTable", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "SecurityGroup", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "Subnet", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "TransitGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "VPC", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "VPCEndpoint", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/ec2-controller:1.2.21 + createdAt: "2024-09-16T17:52:57Z" + description: AWS EC2 controller is a service controller for managing EC2 resources + in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-ec2-controller.v1.2.21 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: DHCPOptions represents the state of an AWS ec2 DHCPOptions resource. + displayName: DHCPOptions + kind: DHCPOptions + name: dhcpoptions.ec2.services.k8s.aws + version: v1alpha1 + - description: ElasticIPAddress represents the state of an AWS ec2 ElasticIPAddress + resource. + displayName: ElasticIPAddress + kind: ElasticIPAddress + name: elasticipaddresses.ec2.services.k8s.aws + version: v1alpha1 + - description: FlowLog represents the state of an AWS ec2 FlowLog resource. + displayName: FlowLog + kind: FlowLog + name: flowlogs.ec2.services.k8s.aws + version: v1alpha1 + - description: Instance represents the state of an AWS ec2 Instance resource. + displayName: Instance + kind: Instance + name: instances.ec2.services.k8s.aws + version: v1alpha1 + - description: InternetGateway represents the state of an AWS ec2 InternetGateway + resource. + displayName: InternetGateway + kind: InternetGateway + name: internetgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: NATGateway represents the state of an AWS ec2 NATGateway resource. + displayName: NATGateway + kind: NATGateway + name: natgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: NetworkACL represents the state of an AWS ec2 NetworkACL resource. + displayName: NetworkACL + kind: NetworkACL + name: networkacls.ec2.services.k8s.aws + version: v1alpha1 + - description: RouteTable represents the state of an AWS ec2 RouteTable resource. + displayName: RouteTable + kind: RouteTable + name: routetables.ec2.services.k8s.aws + version: v1alpha1 + - description: SecurityGroup represents the state of an AWS ec2 SecurityGroup + resource. + displayName: SecurityGroup + kind: SecurityGroup + name: securitygroups.ec2.services.k8s.aws + version: v1alpha1 + - description: Subnet represents the state of an AWS ec2 Subnet resource. + displayName: Subnet + kind: Subnet + name: subnets.ec2.services.k8s.aws + version: v1alpha1 + - description: TransitGateway represents the state of an AWS ec2 TransitGateway + resource. + displayName: TransitGateway + kind: TransitGateway + name: transitgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCEndpoint represents the state of an AWS ec2 VPCEndpoint resource. + displayName: VPCEndpoint + kind: VPCEndpoint + name: vpcendpoints.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCEndpointServiceConfiguration represents the state of an AWS + ec2 VPCEndpointServiceConfiguration resource. + displayName: VPCEndpointServiceConfiguration + kind: VPCEndpointServiceConfiguration + name: vpcendpointserviceconfigurations.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCPeeringConnection represents the state of an AWS ec2 VPCPeeringConnection + resource. + displayName: VPCPeeringConnection + kind: VPCPeeringConnection + name: vpcpeeringconnections.ec2.services.k8s.aws + version: v1alpha1 + - description: VPC represents the state of an AWS ec2 VPC resource. + displayName: VPC + kind: VPC + name: vpcs.ec2.services.k8s.aws + version: v1alpha1 + description: |- + Manage Elastic Compute Cloud (EC2) resources in AWS from within your Kubernetes cluster. + + **About Amazon EC2** + + Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic. + + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. + + **Pre-Installation Steps** + + Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) + displayName: AWS Controllers for Kubernetes - Amazon EC2 + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - elasticipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - elasticipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - flowlogs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - flowlogs/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - instances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - instances/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - internetgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - internetgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - natgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - networkacls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - networkacls/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - routetables/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - subnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - subnets/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - transitgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - transitgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpoints/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpointserviceconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpointserviceconfigurations/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcpeeringconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcpeeringconnections/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcs/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + verbs: + - get + - patch + - update + serviceAccountName: ack-ec2-controller + deployments: + - label: + app.kubernetes.io/name: ack-ec2-controller + app.kubernetes.io/part-of: ack-system + name: ack-ec2-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-ec2-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-ec2-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-ec2-user-config + optional: false + - secretRef: + name: ack-ec2-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/ec2-controller:1.2.21 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-ec2-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-ec2-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - ec2 + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon EC2 Developer Resources + url: https://aws.amazon.com/ec2/resources/ + maintainers: + - email: ack-maintainers@amazon.com + name: ec2 maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 1.2.21 diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-metrics-service_v1_service.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..535fe868fdc --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-ec2-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-ec2-controller + type: NodePort +status: + loadBalancer: {} diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..3c9b1f90003 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-ec2-reader +rules: +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - get + - list + - watch diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..d331061459e --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-ec2-writer +rules: +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - get + - patch + - update diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_dhcpoptions.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_dhcpoptions.yaml new file mode 100644 index 00000000000..4c9ac493224 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_dhcpoptions.yaml @@ -0,0 +1,188 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: dhcpoptions.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: DHCPOptions + listKind: DHCPOptionsList + plural: dhcpoptions + singular: dhcpoptions + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.dhcpOptionsID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DHCPOptions is the Schema for the DHCPOptions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DhcpOptionsSpec defines the desired state of DhcpOptions. + + + Describes a set of DHCP options. + properties: + dhcpConfigurations: + description: A DHCP configuration option. + items: + properties: + key: + type: string + values: + items: + type: string + type: array + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpc: + items: + type: string + type: array + vpcRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + required: + - dhcpConfigurations + type: object + status: + description: DHCPOptionsStatus defines the observed state of DHCPOptions + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + dhcpOptionsID: + description: The ID of the set of DHCP options. + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + DHCP options set. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml new file mode 100644 index 00000000000..71bb94438eb --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml @@ -0,0 +1,191 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: elasticipaddresses.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: ElasticIPAddress + listKind: ElasticIPAddressList + plural: elasticipaddresses + singular: elasticipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.allocationID + name: ALLOCATION-ID + type: string + - jsonPath: .status.publicIP + name: PUBLIC-IP + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ElasticIPAddress is the Schema for the ElasticIPAddresses API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ElasticIPAddressSpec defines the desired state of ElasticIPAddress. + properties: + address: + description: |- + [EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address + pool. + type: string + customerOwnedIPv4Pool: + description: |- + The ID of a customer-owned address pool. Use this parameter to let Amazon + EC2 select an address from the address pool. Alternatively, specify a specific + address from the address pool. + type: string + networkBorderGroup: + description: |- + A unique set of Availability Zones, Local Zones, or Wavelength Zones from + which Amazon Web Services advertises IP addresses. Use this parameter to + limit the IP address to this location. IP addresses cannot move between network + border groups. + + + Use DescribeAvailabilityZones (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) + to view the network border groups. + + + You cannot use a network border group with EC2 Classic. If you attempt this + operation on EC2 Classic, you receive an InvalidParameterCombination error. + type: string + publicIPv4Pool: + description: |- + The ID of an address pool that you own. Use this parameter to let Amazon + EC2 select an address from the address pool. To specify a specific address + from the address pool, use the Address parameter instead. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: ElasticIPAddressStatus defines the observed state of ElasticIPAddress + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + allocationID: + description: |- + [EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation + of the Elastic IP address for use with instances in a VPC. + type: string + carrierIP: + description: |- + The carrier IP address. This option is only available for network interfaces + which reside in a subnet in a Wavelength Zone (for example an EC2 instance). + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + customerOwnedIP: + description: The customer-owned IP address. + type: string + publicIP: + description: The Elastic IP address. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_flowlogs.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_flowlogs.yaml new file mode 100644 index 00000000000..2291baa4a02 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_flowlogs.yaml @@ -0,0 +1,272 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: flowlogs.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: FlowLog + listKind: FlowLogList + plural: flowlogs + singular: flowlog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FlowLog is the Schema for the FlowLogs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + FlowLogSpec defines the desired state of FlowLog. + + + Describes a flow log. + properties: + deliverLogsPermissionARN: + description: |- + The ARN for the IAM role that permits Amazon EC2 to publish flow logs to + a CloudWatch Logs log group in your account. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + type: string + destinationOptions: + description: The destination options. + properties: + fileFormat: + type: string + hiveCompatiblePartitions: + type: boolean + perHourPartition: + type: boolean + type: object + logDestination: + description: |- + The destination to which the flow log data is to be published. Flow log data + can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The + value specified for this parameter depends on the value specified for LogDestinationType. + + + If LogDestinationType is not specified or cloud-watch-logs, specify the Amazon + Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish + to a log group called my-logs, specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs. + Alternatively, use LogGroupName instead. + + + If LogDestinationType is s3, specify the ARN of the Amazon S3 bucket. You + can also specify a subfolder in the bucket. To specify a subfolder in the + bucket, use the following ARN format: bucket_ARN/subfolder_name/. For example, + to specify a subfolder named my-logs in a bucket named my-bucket, use the + following ARN: arn:aws:s3:::my-bucket/my-logs/. You cannot use AWSLogs as + a subfolder name. This is a reserved term. + type: string + logDestinationType: + description: |- + The type of destination to which the flow log data is to be published. Flow + log data can be published to CloudWatch Logs or Amazon S3. To publish flow + log data to CloudWatch Logs, specify cloud-watch-logs. To publish flow log + data to Amazon S3, specify s3. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + + + Default: cloud-watch-logs + type: string + logFormat: + description: |- + The fields to include in the flow log record, in the order in which they + should appear. For a list of available fields, see Flow log records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records). + If you omit this parameter, the flow log is created using the default format. + If you specify this parameter, you must specify at least one field. + + + Specify the fields using the ${field-id} format, separated by spaces. For + the CLI, surround this parameter value with single quotes on Linux or double + quotes on Windows. + type: string + logGroupName: + description: |- + The name of a new or existing CloudWatch Logs log group where Amazon EC2 + publishes your flow logs. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + type: string + maxAggregationInterval: + description: |- + The maximum interval of time during which a flow of packets is captured and + aggregated into a flow log record. You can specify 60 seconds (1 minute) + or 600 seconds (10 minutes). + + + When a network interface is attached to a Nitro-based instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances), + the aggregation interval is always 60 seconds or less, regardless of the + value that you specify. + + + Default: 600 + format: int64 + type: integer + resourceID: + type: string + resourceType: + description: |- + The type of resource for which to create the flow log. For example, if you + specified a VPC ID for the ResourceId property, specify VPC for this property. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + trafficType: + description: |- + The type of traffic to log. You can log traffic that the resource accepts + or rejects, or all traffic. + type: string + required: + - resourceID + - resourceType + type: object + status: + description: FlowLogStatus defines the observed state of FlowLog + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + clientToken: + description: |- + Unique, case-sensitive identifier that you provide to ensure the idempotency + of the request. + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + flowLogID: + type: string + unsuccessful: + description: Information about the flow logs that could not be created + successfully. + items: + description: Information about items that were not successfully + processed in a batch call. + properties: + error: + description: |- + Information about the error that occurred. For more information about errors, + see Error codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). + properties: + code: + type: string + message: + type: string + type: object + resourceID: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_instances.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_instances.yaml new file mode 100644 index 00000000000..e5893051e9a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_instances.yaml @@ -0,0 +1,885 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: instances.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: Instance + listKind: InstanceList + plural: instances + singular: instance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.instanceID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Instance is the Schema for the Instances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + InstanceSpec defines the desired state of Instance. + + + Describes an instance. + properties: + blockDeviceMappings: + description: |- + The block device mapping, which defines the EBS volumes and instance store + volumes to attach to the instance at launch. For more information, see Block + device mappings (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) + in the Amazon EC2 User Guide. + items: + description: |- + Describes a block device mapping, which defines the EBS volumes and instance + store volumes to attach to an instance at launch. + properties: + deviceName: + type: string + ebs: + description: Describes a block device for an EBS volume. + properties: + deleteOnTermination: + type: boolean + encrypted: + type: boolean + iops: + format: int64 + type: integer + kmsKeyID: + type: string + outpostARN: + type: string + snapshotID: + type: string + throughput: + format: int64 + type: integer + volumeSize: + format: int64 + type: integer + volumeType: + type: string + type: object + noDevice: + type: string + virtualName: + type: string + type: object + type: array + capacityReservationSpecification: + description: |- + Information about the Capacity Reservation targeting option. If you do not + specify this parameter, the instance's Capacity Reservation preference defaults + to open, which enables it to run in any open Capacity Reservation that has + matching attributes (instance type, platform, Availability Zone). + properties: + capacityReservationPreference: + type: string + capacityReservationTarget: + description: Describes a target Capacity Reservation or Capacity + Reservation group. + properties: + capacityReservationID: + type: string + capacityReservationResourceGroupARN: + type: string + type: object + type: object + cpuOptions: + description: |- + The CPU options for the instance. For more information, see Optimize CPU + options (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) + in the Amazon EC2 User Guide. + properties: + coreCount: + format: int64 + type: integer + threadsPerCore: + format: int64 + type: integer + type: object + creditSpecification: + description: |- + The credit option for CPU usage of the burstable performance instance. Valid + values are standard and unlimited. To change this attribute after launch, + use ModifyInstanceCreditSpecification (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html). + For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) + in the Amazon EC2 User Guide. + + + Default: standard (T2 instances) or unlimited (T3/T3a/T4g instances) + + + For T3 instances with host tenancy, only standard is supported. + properties: + cpuCredits: + type: string + type: object + disableAPIStop: + description: |- + Indicates whether an instance is enabled for stop protection. For more information, + see Stop protection (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection). + type: boolean + disableAPITermination: + description: |- + If you set this parameter to true, you can't terminate the instance using + the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute + after launch, use ModifyInstanceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). + Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, + you can terminate the instance by running the shutdown command from the instance. + + + Default: false + type: boolean + ebsOptimized: + description: |- + Indicates whether the instance is optimized for Amazon EBS I/O. This optimization + provides dedicated throughput to Amazon EBS and an optimized configuration + stack to provide optimal Amazon EBS I/O performance. This optimization isn't + available with all instance types. Additional usage charges apply when using + an EBS-optimized instance. + + + Default: false + type: boolean + elasticGPUSpecification: + description: |- + An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource + that you can attach to your Windows instance to accelerate the graphics performance + of your applications. For more information, see Amazon EC2 Elastic GPUs (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html) + in the Amazon EC2 User Guide. + items: + description: A specification for an Elastic Graphics accelerator. + properties: + type_: + type: string + type: object + type: array + elasticInferenceAccelerators: + description: |- + An elastic inference accelerator to associate with the instance. Elastic + inference accelerators are a resource you can attach to your Amazon EC2 instances + to accelerate your Deep Learning (DL) inference workloads. + + + You cannot specify accelerators from different generations in the same request. + items: + description: Describes an elastic inference accelerator. + properties: + count: + format: int64 + type: integer + type_: + type: string + type: object + type: array + enclaveOptions: + description: |- + Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) + in the Amazon Web Services Nitro Enclaves User Guide. + + + You can't enable Amazon Web Services Nitro Enclaves and hibernation on the + same instance. + properties: + enabled: + type: boolean + type: object + hibernationOptions: + description: |- + Indicates whether an instance is enabled for hibernation. For more information, + see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) + in the Amazon EC2 User Guide. + + + You can't enable hibernation and Amazon Web Services Nitro Enclaves on the + same instance. + properties: + configured: + type: boolean + type: object + iamInstanceProfile: + description: The name or Amazon Resource Name (ARN) of an IAM instance + profile. + properties: + arn: + type: string + name: + type: string + type: object + imageID: + description: |- + The ID of the AMI. An AMI ID is required to launch an instance and must be + specified here or in a launch template. + type: string + instanceInitiatedShutdownBehavior: + description: |- + Indicates whether an instance stops or terminates when you initiate shutdown + from the instance (using the operating system command for system shutdown). + + + Default: stop + type: string + instanceMarketOptions: + description: |- + The market (purchasing) option for the instances. + + + For RunInstances, persistent Spot Instance requests are only supported when + InstanceInterruptionBehavior is set to either hibernate or stop. + properties: + marketType: + type: string + spotOptions: + description: The options for Spot Instances. + properties: + blockDurationMinutes: + format: int64 + type: integer + instanceInterruptionBehavior: + type: string + maxPrice: + type: string + spotInstanceType: + type: string + validUntil: + format: date-time + type: string + type: object + type: object + instanceType: + description: |- + The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + in the Amazon EC2 User Guide. + + + Default: m1.small + type: string + ipv6AddressCount: + description: |- + [EC2-VPC] The number of IPv6 addresses to associate with the primary network + interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. + You cannot specify this option and the option to assign specific IPv6 addresses + in the same request. You can specify this option if you've specified a minimum + number of instances to launch. + + + You cannot specify this option and the network interfaces option in the same + request. + format: int64 + type: integer + ipv6Addresses: + description: |- + [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with + the primary network interface. You cannot specify this option and the option + to assign a number of IPv6 addresses in the same request. You cannot specify + this option if you've specified a minimum number of instances to launch. + + + You cannot specify this option and the network interfaces option in the same + request. + items: + description: Describes an IPv6 address. + properties: + ipv6Address: + type: string + type: object + type: array + kernelID: + description: |- + The ID of the kernel. + + + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more + information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + in the Amazon EC2 User Guide. + type: string + keyName: + description: |- + The name of the key pair. You can create a key pair using CreateKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html) + or ImportKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html). + + + If you do not specify a key pair, you can't connect to the instance unless + you choose an AMI that is configured to allow users another way to log in. + type: string + launchTemplate: + description: |- + The launch template to use to launch the instances. Any parameters that you + specify in RunInstances override the same parameters in the launch template. + You can specify either the name or ID of a launch template, but not both. + properties: + launchTemplateID: + type: string + launchTemplateName: + type: string + version: + type: string + type: object + licenseSpecifications: + description: The license configurations. + items: + description: Describes a license configuration. + properties: + licenseConfigurationARN: + type: string + type: object + type: array + maintenanceOptions: + description: The maintenance and recovery options for the instance. + properties: + autoRecovery: + type: string + type: object + maxCount: + description: |- + The maximum number of instances to launch. If you specify more instances + than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches + the largest possible number of instances above MinCount. + + + Constraints: Between 1 and the maximum number you're allowed for the specified + instance type. For more information about the default limits, and how to + request an increase, see How many instances can I run in Amazon EC2 (http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2) + in the Amazon EC2 FAQ. + format: int64 + type: integer + metadataOptions: + description: |- + The metadata options for the instance. For more information, see Instance + metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). + properties: + httpEndpoint: + type: string + httpProtocolIPv6: + type: string + httpPutResponseHopLimit: + format: int64 + type: integer + httpTokens: + type: string + instanceMetadataTags: + type: string + type: object + minCount: + description: |- + The minimum number of instances to launch. If you specify a minimum that + is more instances than Amazon EC2 can launch in the target Availability Zone, + Amazon EC2 launches no instances. + + + Constraints: Between 1 and the maximum number you're allowed for the specified + instance type. For more information about the default limits, and how to + request an increase, see How many instances can I run in Amazon EC2 (http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2) + in the Amazon EC2 General FAQ. + format: int64 + type: integer + monitoring: + description: Specifies whether detailed monitoring is enabled for + the instance. + properties: + enabled: + type: boolean + type: object + networkInterfaces: + description: |- + The network interfaces to associate with the instance. If you specify a network + interface, you must specify any security groups and subnets as part of the + network interface. + items: + description: Describes a network interface. + properties: + associateCarrierIPAddress: + type: boolean + associatePublicIPAddress: + type: boolean + deleteOnTermination: + type: boolean + description: + type: string + deviceIndex: + format: int64 + type: integer + interfaceType: + type: string + ipv4PrefixCount: + format: int64 + type: integer + ipv4Prefixes: + items: + description: Describes the IPv4 prefix option for a network + interface. + properties: + ipv4Prefix: + type: string + type: object + type: array + ipv6AddressCount: + format: int64 + type: integer + ipv6Addresses: + items: + description: Describes an IPv6 address. + properties: + ipv6Address: + type: string + type: object + type: array + ipv6PrefixCount: + format: int64 + type: integer + ipv6Prefixes: + items: + description: Describes the IPv4 prefix option for a network + interface. + properties: + ipv6Prefix: + type: string + type: object + type: array + networkCardIndex: + format: int64 + type: integer + networkInterfaceID: + type: string + privateIPAddress: + type: string + privateIPAddresses: + items: + description: Describes a secondary private IPv4 address for + a network interface. + properties: + primary: + type: boolean + privateIPAddress: + type: string + type: object + type: array + secondaryPrivateIPAddressCount: + format: int64 + type: integer + subnetID: + type: string + type: object + type: array + placement: + description: The placement for the instance. + properties: + affinity: + type: string + availabilityZone: + type: string + groupName: + type: string + hostID: + type: string + hostResourceGroupARN: + type: string + partitionNumber: + format: int64 + type: integer + spreadDomain: + type: string + tenancy: + type: string + type: object + privateDNSNameOptions: + description: |- + The options for the instance hostname. The default values are inherited from + the subnet. + properties: + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + type: object + privateIPAddress: + description: |- + [EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 + address range of the subnet. + + + Only one private IP address can be designated as primary. You can't specify + this option if you've specified the option to designate a private IP address + as the primary IP address in a network interface specification. You cannot + specify this option if you're launching more than one instance in the request. + + + You cannot specify this option and the network interfaces option in the same + request. + type: string + ramDiskID: + description: |- + The ID of the RAM disk to select. Some kernels require additional drivers + at launch. Check the kernel requirements for information about whether you + need to specify a RAM disk. To find kernel requirements, go to the Amazon + Web Services Resource Center and search for the kernel ID. + + + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more + information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + in the Amazon EC2 User Guide. + type: string + securityGroupIDs: + description: |- + The IDs of the security groups. You can create a security group using CreateSecurityGroup + (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html). + + + If you specify a network interface, you must specify any security groups + as part of the network interface. + items: + type: string + type: array + securityGroups: + description: |- + [EC2-Classic, default VPC] The names of the security groups. For a nondefault + VPC, you must use security group IDs instead. + + + If you specify a network interface, you must specify any security groups + as part of the network interface. + + + Default: Amazon EC2 uses the default security group. + items: + type: string + type: array + subnetID: + description: |- + [EC2-VPC] The ID of the subnet to launch the instance into. + + + If you specify a network interface, you must specify any subnets as part + of the network interface. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + userData: + description: |- + The user data script to make available to the instance. For more information, + see Run commands on your Linux instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) + and Run commands on your Windows instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html). + If you are using a command line tool, base64-encoding is performed for you, + and you can load the text from a file. Otherwise, you must provide base64-encoded + text. User data is limited to 16 KB. + type: string + type: object + status: + description: InstanceStatus defines the observed state of Instance + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + amiLaunchIndex: + description: |- + The AMI launch index, which can be used to find this instance in the launch + group. + format: int64 + type: integer + architecture: + description: The architecture of the image. + type: string + bootMode: + description: |- + The boot mode of the instance. For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) + in the Amazon EC2 User Guide. + type: string + capacityReservationID: + description: The ID of the Capacity Reservation. + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + elasticGPUAssociations: + description: The Elastic GPU associated with the instance. + items: + description: Describes the association between an instance and an + Elastic Graphics accelerator. + properties: + elasticGPUAssociationID: + type: string + elasticGPUAssociationState: + type: string + elasticGPUAssociationTime: + type: string + elasticGPUID: + type: string + type: object + type: array + elasticInferenceAcceleratorAssociations: + description: The elastic inference accelerator associated with the + instance. + items: + description: Describes the association between an instance and an + elastic inference accelerator. + properties: + elasticInferenceAcceleratorARN: + type: string + elasticInferenceAcceleratorAssociationID: + type: string + elasticInferenceAcceleratorAssociationState: + type: string + elasticInferenceAcceleratorAssociationTime: + format: date-time + type: string + type: object + type: array + enaSupport: + description: Specifies whether enhanced networking with ENA is enabled. + type: boolean + hypervisor: + description: |- + The hypervisor type of the instance. The value xen is used for both Xen and + Nitro hypervisors. + type: string + instanceID: + description: The ID of the instance. + type: string + instanceLifecycle: + description: Indicates whether this is a Spot Instance or a Scheduled + Instance. + type: string + ipv6Address: + description: The IPv6 address assigned to the instance. + type: string + launchTime: + description: The time the instance was launched. + format: date-time + type: string + licenses: + description: The license configurations for the instance. + items: + description: Describes a license configuration. + properties: + licenseConfigurationARN: + type: string + type: object + type: array + outpostARN: + description: The Amazon Resource Name (ARN) of the Outpost. + type: string + platform: + description: The value is Windows for Windows instances; otherwise + blank. + type: string + platformDetails: + description: |- + The platform details value for the instance. For more information, see AMI + billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + in the Amazon EC2 User Guide. + type: string + privateDNSName: + description: |- + (IPv4 only) The private DNS hostname name assigned to the instance. This + DNS hostname can only be used inside the Amazon EC2 network. This name is + not available until the instance enters the running state. + + + [EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private + DNS hostnames if you've enabled DNS resolution and DNS hostnames in your + VPC. If you are not using the Amazon-provided DNS server in your VPC, your + custom domain name servers must resolve the hostname as appropriate. + type: string + productCodes: + description: The product codes attached to this instance, if applicable. + items: + description: Describes a product code. + properties: + productCodeID: + type: string + productCodeType: + type: string + type: object + type: array + publicDNSName: + description: |- + (IPv4 only) The public DNS name assigned to the instance. This name is not + available until the instance enters the running state. For EC2-VPC, this + name is only available if you've enabled DNS hostnames for your VPC. + type: string + publicIPAddress: + description: |- + The public IPv4 address, or the Carrier IP address assigned to the instance, + if applicable. + + + A Carrier IP address only applies to an instance launched in a subnet associated + with a Wavelength Zone. + type: string + rootDeviceName: + description: The device name of the root device volume (for example, + /dev/sda1). + type: string + rootDeviceType: + description: |- + The root device type used by the AMI. The AMI can use an EBS volume or an + instance store volume. + type: string + sourceDestCheck: + description: Indicates whether source/destination checking is enabled. + type: boolean + spotInstanceRequestID: + description: If the request is a Spot Instance request, the ID of + the request. + type: string + sriovNetSupport: + description: |- + Specifies whether enhanced networking with the Intel 82599 Virtual Function + interface is enabled. + type: string + state: + description: The current state of the instance. + properties: + code: + format: int64 + type: integer + name: + type: string + type: object + stateReason: + description: The reason for the most recent state transition. + properties: + code: + type: string + message: + type: string + type: object + stateTransitionReason: + description: The reason for the most recent state transition. This + might be an empty string. + type: string + tpmSupport: + description: |- + If the instance is configured for NitroTPM support, the value is v2.0. For + more information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) + in the Amazon EC2 User Guide. + type: string + usageOperation: + description: |- + The usage operation value for the instance. For more information, see AMI + billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + in the Amazon EC2 User Guide. + type: string + usageOperationUpdateTime: + description: The time that the usage operation was last updated. + format: date-time + type: string + virtualizationType: + description: The virtualization type of the instance. + type: string + vpcID: + description: '[EC2-VPC] The ID of the VPC in which the instance is + running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_internetgateways.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_internetgateways.yaml new file mode 100644 index 00000000000..60ef4b70e54 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_internetgateways.yaml @@ -0,0 +1,207 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: internetgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: InternetGateway + listKind: InternetGatewayList + plural: internetgateways + singular: internetgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.internetGatewayID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: InternetGateway is the Schema for the InternetGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + InternetGatewaySpec defines the desired state of InternetGateway. + + + Describes an internet gateway. + properties: + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + routeTables: + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpc: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: InternetGatewayStatus defines the observed state of InternetGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + attachments: + description: Any VPCs attached to the internet gateway. + items: + description: |- + Describes the attachment of a VPC to an internet gateway or an egress-only + internet gateway. + properties: + state: + type: string + vpcID: + type: string + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + internetGatewayID: + description: The ID of the internet gateway. + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + internet gateway. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_natgateways.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_natgateways.yaml new file mode 100644 index 00000000000..30519b24f70 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_natgateways.yaml @@ -0,0 +1,307 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: natgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: NATGateway + listKind: NATGatewayList + plural: natgateways + singular: natgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.natGatewayID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NATGateway is the Schema for the NATGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NatGatewaySpec defines the desired state of NatGateway. + + + Describes a NAT gateway. + properties: + allocationID: + description: |- + [Public NAT gateways only] The allocation ID of an Elastic IP address to + associate with the NAT gateway. You cannot specify an Elastic IP address + with a private NAT gateway. If the Elastic IP address is associated with + another resource, you must first disassociate it. + type: string + allocationRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + connectivityType: + description: |- + Indicates whether the NAT gateway supports public or private connectivity. + The default is public connectivity. + type: string + subnetID: + description: The subnet in which to create the NAT gateway. + type: string + subnetRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: NATGatewayStatus defines the observed state of NATGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + createTime: + description: The date and time the NAT gateway was created. + format: date-time + type: string + deleteTime: + description: The date and time the NAT gateway was deleted, if applicable. + format: date-time + type: string + failureCode: + description: |- + If the NAT gateway could not be created, specifies the error code for the + failure. (InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound + | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound) + type: string + failureMessage: + description: |- + If the NAT gateway could not be created, specifies the error message for + the failure, that corresponds to the error code. + + + * For InsufficientFreeAddressesInSubnet: "Subnet has insufficient free + addresses to create this NAT gateway" + + + * For Gateway.NotAttached: "Network vpc-xxxxxxxx has no Internet gateway + attached" + + + * For InvalidAllocationID.NotFound: "Elastic IP address eipalloc-xxxxxxxx + could not be associated with this NAT gateway" + + + * For Resource.AlreadyAssociated: "Elastic IP address eipalloc-xxxxxxxx + is already associated" + + + * For InternalError: "Network interface eni-xxxxxxxx, created and used + internally by this NAT gateway is in an invalid state. Please try again." + + + * For InvalidSubnetID.NotFound: "The specified subnet subnet-xxxxxxxx + does not exist or could not be found." + type: string + natGatewayAddresses: + description: |- + Information about the IP addresses and network interface associated with + the NAT gateway. + items: + description: Describes the IP addresses and network interface associated + with a NAT gateway. + properties: + allocationID: + type: string + networkInterfaceID: + type: string + privateIP: + type: string + publicIP: + type: string + type: object + type: array + natGatewayID: + description: The ID of the NAT gateway. + type: string + provisionedBandwidth: + description: |- + Reserved. If you need to sustain traffic greater than the documented limits + (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), + contact us through the Support Center (https://console.aws.amazon.com/support/home?). + properties: + provisionTime: + format: date-time + type: string + provisioned: + type: string + requestTime: + format: date-time + type: string + requested: + type: string + status: + type: string + type: object + state: + description: |- + The state of the NAT gateway. + + + * pending: The NAT gateway is being created and is not ready to process + traffic. + + + * failed: The NAT gateway could not be created. Check the failureCode + and failureMessage fields for the reason. + + + * available: The NAT gateway is able to process traffic. This status remains + until you delete the NAT gateway, and does not indicate the health of + the NAT gateway. + + + * deleting: The NAT gateway is in the process of being terminated and + may still be processing traffic. + + + * deleted: The NAT gateway has been terminated and is no longer processing + traffic. + type: string + vpcID: + description: The ID of the VPC in which the NAT gateway is located. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_networkacls.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_networkacls.yaml new file mode 100644 index 00000000000..313890903a0 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_networkacls.yaml @@ -0,0 +1,241 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: networkacls.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: NetworkACL + listKind: NetworkACLList + plural: networkacls + singular: networkacl + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkACL is the Schema for the NetworkACLS API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NetworkAclSpec defines the desired state of NetworkAcl. + + + Describes a network ACL. + properties: + associations: + items: + description: Describes an association between a network ACL and + a subnet. + properties: + networkACLAssociationID: + type: string + networkACLID: + type: string + subnetID: + type: string + subnetRef: + description: Reference field for SubnetID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + entries: + items: + description: Describes an entry in a network ACL. + properties: + cidrBlock: + type: string + egress: + type: boolean + icmpTypeCode: + description: Describes the ICMP type and code. + properties: + code: + format: int64 + type: integer + type_: + format: int64 + type: integer + type: object + ipv6CIDRBlock: + type: string + portRange: + description: Describes a range of ports. + properties: + from: + format: int64 + type: integer + to: + format: int64 + type: integer + type: object + protocol: + type: string + ruleAction: + type: string + ruleNumber: + format: int64 + type: integer + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: NetworkACLStatus defines the observed state of NetworkACL + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + id: + description: The ID of the network ACL. + type: string + isDefault: + description: Indicates whether this is the default network ACL for + the VPC. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + network ACL. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_routetables.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_routetables.yaml new file mode 100644 index 00000000000..a05a44bdd8e --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_routetables.yaml @@ -0,0 +1,351 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: routetables.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: RouteTable + listKind: RouteTableList + plural: routetables + singular: routetable + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.routeTableID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: RouteTable is the Schema for the RouteTables API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + RouteTableSpec defines the desired state of RouteTable. + + + Describes a route table. + properties: + routes: + items: + properties: + carrierGatewayID: + type: string + coreNetworkARN: + type: string + destinationCIDRBlock: + type: string + destinationIPv6CIDRBlock: + type: string + destinationPrefixListID: + type: string + egressOnlyInternetGatewayID: + type: string + gatewayID: + type: string + gatewayRef: + description: Reference field for GatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + instanceID: + type: string + localGatewayID: + type: string + natGatewayID: + type: string + natGatewayRef: + description: Reference field for NATGatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + networkInterfaceID: + type: string + transitGatewayID: + type: string + transitGatewayRef: + description: Reference field for TransitGatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + vpcEndpointID: + type: string + vpcEndpointRef: + description: Reference field for VPCEndpointID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + vpcPeeringConnectionID: + type: string + vpcPeeringConnectionRef: + description: Reference field for VPCPeeringConnectionID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: RouteTableStatus defines the observed state of RouteTable + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + associations: + description: The associations between the route table and one or more + subnets or a gateway. + items: + description: Describes an association between a route table and + a subnet or gateway. + properties: + associationState: + description: |- + Describes the state of an association between a route table and a subnet + or gateway. + properties: + state: + type: string + statusMessage: + type: string + type: object + gatewayID: + type: string + main: + type: boolean + routeTableAssociationID: + type: string + routeTableID: + type: string + subnetID: + type: string + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + ownerID: + description: The ID of the Amazon Web Services account that owns the + route table. + type: string + propagatingVGWs: + description: Any virtual private gateway (VGW) propagating routes. + items: + description: Describes a virtual private gateway propagating route. + properties: + gatewayID: + type: string + type: object + type: array + routeStatuses: + description: The routes in the route table. + items: + description: Describes a route in a route table. + properties: + carrierGatewayID: + type: string + coreNetworkARN: + type: string + destinationCIDRBlock: + type: string + destinationIPv6CIDRBlock: + type: string + destinationPrefixListID: + type: string + egressOnlyInternetGatewayID: + type: string + gatewayID: + type: string + instanceID: + type: string + instanceOwnerID: + type: string + localGatewayID: + type: string + natGatewayID: + type: string + networkInterfaceID: + type: string + origin: + type: string + state: + type: string + transitGatewayID: + type: string + vpcPeeringConnectionID: + type: string + type: object + type: array + routeTableID: + description: The ID of the route table. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_securitygroups.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_securitygroups.yaml new file mode 100644 index 00000000000..0828cacecfc --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_securitygroups.yaml @@ -0,0 +1,433 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: securitygroups.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: SecurityGroup + listKind: SecurityGroupList + plural: securitygroups + singular: securitygroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecurityGroup is the Schema for the SecurityGroups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + SecurityGroupSpec defines the desired state of SecurityGroup. + + + Describes a security group. + properties: + description: + description: |- + A description for the security group. This is informational only. + + + Constraints: Up to 255 characters in length + + + Constraints for EC2-Classic: ASCII characters + + + Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + type: string + egressRules: + items: + description: Describes a set of permissions for a security group + rule. + properties: + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + ipRanges: + items: + description: Describes an IPv4 range. + properties: + cidrIP: + type: string + description: + type: string + type: object + type: array + ipv6Ranges: + items: + description: '[EC2-VPC only] Describes an IPv6 range.' + properties: + cidrIPv6: + type: string + description: + type: string + type: object + type: array + prefixListIDs: + items: + description: Describes a prefix list ID. + properties: + description: + type: string + prefixListID: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + userIDGroupPairs: + items: + description: |- + Describes a security group and Amazon Web Services account ID pair. + + + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + properties: + description: + type: string + groupID: + type: string + groupName: + type: string + groupRef: + description: Reference field for GroupID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + peeringStatus: + type: string + userID: + type: string + vpcID: + type: string + vpcPeeringConnectionID: + type: string + vpcRef: + description: Reference field for VPCID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + type: object + type: array + ingressRules: + items: + description: Describes a set of permissions for a security group + rule. + properties: + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + ipRanges: + items: + description: Describes an IPv4 range. + properties: + cidrIP: + type: string + description: + type: string + type: object + type: array + ipv6Ranges: + items: + description: '[EC2-VPC only] Describes an IPv6 range.' + properties: + cidrIPv6: + type: string + description: + type: string + type: object + type: array + prefixListIDs: + items: + description: Describes a prefix list ID. + properties: + description: + type: string + prefixListID: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + userIDGroupPairs: + items: + description: |- + Describes a security group and Amazon Web Services account ID pair. + + + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + properties: + description: + type: string + groupID: + type: string + groupName: + type: string + groupRef: + description: Reference field for GroupID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + peeringStatus: + type: string + userID: + type: string + vpcID: + type: string + vpcPeeringConnectionID: + type: string + vpcRef: + description: Reference field for VPCID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + type: object + type: array + name: + description: |- + The name of the security group. + + + Constraints: Up to 255 characters in length. Cannot start with sg-. + + + Constraints for EC2-Classic: ASCII characters + + + Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: '[EC2-VPC] The ID of the VPC. Required for EC2-VPC.' + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + required: + - description + - name + type: object + status: + description: SecurityGroupStatus defines the observed state of SecurityGroup + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + id: + description: The ID of the security group. + type: string + rules: + description: Information about security group rules. + items: + description: Describes a security group rule. + properties: + cidrIPv4: + type: string + cidrIPv6: + type: string + description: + type: string + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + isEgress: + type: boolean + prefixListID: + type: string + securityGroupRuleID: + type: string + tags: + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_subnets.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_subnets.yaml new file mode 100644 index 00000000000..955ab852974 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_subnets.yaml @@ -0,0 +1,317 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: subnets.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: Subnet + listKind: SubnetList + plural: subnets + singular: subnet + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.subnetID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Subnet is the Schema for the Subnets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + SubnetSpec defines the desired state of Subnet. + + + Describes a subnet. + properties: + assignIPv6AddressOnCreation: + type: boolean + availabilityZone: + description: |- + The Availability Zone or Local Zone for the subnet. + + + Default: Amazon Web Services selects one for you. If you create more than + one subnet in your VPC, we do not necessarily select a different zone for + each subnet. + + + To create a subnet in a Local Zone, set this value to the Local Zone ID, + for example us-west-2-lax-1a. For information about the Regions that support + Local Zones, see Available Regions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) + in the Amazon Elastic Compute Cloud User Guide. + + + To create a subnet in an Outpost, set this value to the Availability Zone + for the Outpost and specify the Outpost ARN. + type: string + availabilityZoneID: + description: The AZ ID or the Local Zone ID of the subnet. + type: string + cidrBlock: + description: |- + The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. + We modify the specified CIDR block to its canonical form; for example, if + you specify 100.68.0.18/18, we modify it to 100.68.0.0/18. + + + This parameter is not supported for an IPv6 only subnet. + type: string + customerOwnedIPv4Pool: + type: string + enableDNS64: + type: boolean + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + ipv6CIDRBlock: + description: |- + The IPv6 network range for the subnet, in CIDR notation. The subnet size + must use a /64 prefix length. + + + This parameter is required for an IPv6 only subnet. + type: string + ipv6Native: + description: Indicates whether to create an IPv6 only subnet. + type: boolean + mapPublicIPOnLaunch: + type: boolean + outpostARN: + description: |- + The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost + ARN, you must also specify the Availability Zone of the Outpost subnet. + type: string + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + routeTables: + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: SubnetStatus defines the observed state of Subnet + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + availableIPAddressCount: + description: |- + The number of unused private IPv4 addresses in the subnet. The IPv4 addresses + for any stopped instances are considered unavailable. + format: int64 + type: integer + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + defaultForAZ: + description: Indicates whether this is the default subnet for the + Availability Zone. + type: boolean + enableLniAtDeviceIndex: + description: |- + Indicates the device position for local network interfaces in this subnet. + For example, 1 indicates local network interfaces in this subnet are the + secondary network interface (eth1). + format: int64 + type: integer + ipv6CIDRBlockAssociationSet: + description: Information about the IPv6 CIDR blocks associated with + the subnet. + items: + description: Describes an association between a subnet and an IPv6 + CIDR block. + properties: + associationID: + type: string + ipv6CIDRBlock: + type: string + ipv6CIDRBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + type: object + type: array + mapCustomerOwnedIPOnLaunch: + description: |- + Indicates whether a network interface created in this subnet (including a + network interface created by RunInstances) receives a customer-owned IPv4 + address. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + subnet. + type: string + privateDNSNameOptionsOnLaunch: + description: |- + The type of hostnames to assign to instances in the subnet at launch. An + instance hostname is based on the IPv4 address or ID of the instance. + properties: + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + type: object + state: + description: The current state of the subnet. + type: string + subnetID: + description: The ID of the subnet. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_transitgateways.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_transitgateways.yaml new file mode 100644 index 00000000000..1fa67895985 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_transitgateways.yaml @@ -0,0 +1,187 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: transitgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: TransitGateway + listKind: TransitGatewayList + plural: transitgateways + singular: transitgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.transitGatewayID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TransitGateway is the Schema for the TransitGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + TransitGatewaySpec defines the desired state of TransitGateway. + + + Describes a transit gateway. + properties: + description: + description: A description of the transit gateway. + type: string + options: + description: The transit gateway options. + properties: + amazonSideASN: + format: int64 + type: integer + autoAcceptSharedAttachments: + type: string + defaultRouteTableAssociation: + type: string + defaultRouteTablePropagation: + type: string + dnsSupport: + type: string + multicastSupport: + type: string + transitGatewayCIDRBlocks: + items: + type: string + type: array + vpnECMPSupport: + type: string + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: TransitGatewayStatus defines the observed state of TransitGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTime: + description: The creation time. + format: date-time + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + transit gateway. + type: string + state: + description: The state of the transit gateway. + type: string + transitGatewayID: + description: The ID of the transit gateway. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcendpoints.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcendpoints.yaml new file mode 100644 index 00000000000..9b21629b51c --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcendpoints.yaml @@ -0,0 +1,348 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcendpoints.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCEndpoint + listKind: VPCEndpointList + plural: vpcendpoints + singular: vpcendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.vpcEndpointID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCEndpoint is the Schema for the VPCEndpoints API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcEndpointSpec defines the desired state of VpcEndpoint. + + + Describes a VPC endpoint. + properties: + dnsOptions: + description: The DNS options for the endpoint. + properties: + dnsRecordIPType: + type: string + type: object + ipAddressType: + description: The IP address type for the endpoint. + type: string + policyDocument: + description: |- + (Interface and gateway endpoints) A policy to attach to the endpoint that + controls access to the service. The policy must be in valid JSON format. + If this parameter is not specified, we attach a default policy that allows + full access to the service. + type: string + privateDNSEnabled: + description: |- + (Interface endpoint) Indicates whether to associate a private hosted zone + with the specified VPC. The private hosted zone contains a record set for + the default public DNS name for the service for the Region (for example, + kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses + of the endpoint network interfaces in the VPC. This enables you to make requests + to the default public DNS name for the service instead of the public DNS + names that are automatically generated by the VPC endpoint service. + + + To use a private hosted zone, you must set the following VPC attributes to + true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to + set the VPC attributes. + + + Default: true + type: boolean + routeTableIDs: + description: (Gateway endpoint) One or more route table IDs. + items: + type: string + type: array + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + securityGroupIDs: + description: |- + (Interface endpoint) The ID of one or more security groups to associate with + the endpoint network interface. + items: + type: string + type: array + securityGroupRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + serviceName: + description: |- + The service name. To get a list of available services, use the DescribeVpcEndpointServices + request, or get the name from the service provider. + type: string + subnetIDs: + description: |- + (Interface and Gateway Load Balancer endpoints) The ID of one or more subnets + in which to create an endpoint network interface. For a Gateway Load Balancer + endpoint, you can specify one subnet only. + items: + type: string + type: array + subnetRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcEndpointType: + description: |- + The type of endpoint. + + + Default: Gateway + type: string + vpcID: + description: The ID of the VPC in which the endpoint will be used. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + required: + - serviceName + type: object + status: + description: VPCEndpointStatus defines the observed state of VPCEndpoint + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTimestamp: + description: The date and time that the endpoint was created. + format: date-time + type: string + dnsEntries: + description: (Interface endpoint) The DNS entries for the endpoint. + items: + description: Describes a DNS entry. + properties: + dnsName: + type: string + hostedZoneID: + type: string + type: object + type: array + groups: + description: |- + (Interface endpoint) Information about the security groups that are associated + with the network interface. + items: + description: Describes a security group. + properties: + groupID: + type: string + groupName: + type: string + type: object + type: array + lastError: + description: The last error that occurred for endpoint. + properties: + code: + type: string + message: + type: string + type: object + networkInterfaceIDs: + description: (Interface endpoint) One or more network interfaces for + the endpoint. + items: + type: string + type: array + ownerID: + description: The ID of the Amazon Web Services account that owns the + endpoint. + type: string + requesterManaged: + description: Indicates whether the endpoint is being managed by its + service. + type: boolean + state: + description: The state of the endpoint. + type: string + vpcEndpointID: + description: The ID of the endpoint. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml new file mode 100644 index 00000000000..ab828ec115a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml @@ -0,0 +1,232 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcendpointserviceconfigurations.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCEndpointServiceConfiguration + listKind: VPCEndpointServiceConfigurationList + plural: vpcendpointserviceconfigurations + singular: vpcendpointserviceconfiguration + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.serviceID + name: ServiceID + type: string + - jsonPath: .status.serviceState + name: ServiceState + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCEndpointServiceConfiguration is the Schema for the VPCEndpointServiceConfigurations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VpcEndpointServiceConfigurationSpec defines the desired state + of VpcEndpointServiceConfiguration. + properties: + acceptanceRequired: + description: |- + Indicates whether requests from service consumers to create an endpoint to + your service must be accepted manually. + type: boolean + allowedPrincipals: + description: |- + The Amazon Resource Names (ARN) of one or more principals. Permissions are + granted to the principals in this list. To grant permissions to all principals, + specify an asterisk (*). + items: + type: string + type: array + gatewayLoadBalancerARNs: + description: The Amazon Resource Names (ARNs) of one or more Gateway + Load Balancers. + items: + type: string + type: array + networkLoadBalancerARNs: + description: |- + The Amazon Resource Names (ARNs) of one or more Network Load Balancers for + your service. + items: + type: string + type: array + privateDNSName: + description: |- + (Interface endpoint configuration) The private DNS name to assign to the + VPC endpoint service. + type: string + supportedIPAddressTypes: + description: The supported IP address types. The possible values are + ipv4 and ipv6. + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: VPCEndpointServiceConfigurationStatus defines the observed + state of VPCEndpointServiceConfiguration + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + availabilityZones: + description: The Availability Zones in which the service is available. + items: + type: string + type: array + baseEndpointDNSNames: + description: The DNS names for the service. + items: + type: string + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + managesVPCEndpoints: + description: |- + Indicates whether the service manages its VPC endpoints. Management of the + service VPC endpoints using the VPC endpoint API is restricted. + type: boolean + payerResponsibility: + description: The payer responsibility. + type: string + privateDNSNameConfiguration: + description: Information about the endpoint service private DNS name + configuration. + properties: + name: + type: string + state: + type: string + type_: + type: string + value: + type: string + type: object + serviceID: + description: The ID of the service. + type: string + serviceName: + description: The name of the service. + type: string + serviceState: + description: The service state. + type: string + serviceType: + description: The type of service. + items: + description: Describes the type of service for a VPC endpoint. + properties: + serviceType: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml new file mode 100644 index 00000000000..38a2f7517a4 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml @@ -0,0 +1,333 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcpeeringconnections.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCPeeringConnection + listKind: VPCPeeringConnectionList + plural: vpcpeeringconnections + singular: vpcpeeringconnection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCPeeringConnection is the Schema for the VPCPeeringConnections + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcPeeringConnectionSpec defines the desired state of VpcPeeringConnection. + + + Describes a VPC peering connection. + properties: + acceptRequest: + type: boolean + accepterPeeringConnectionOptions: + description: The VPC peering connection options for the accepter VPC. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + peerOwnerID: + description: |- + The Amazon Web Services account ID of the owner of the accepter VPC. + + + Default: Your Amazon Web Services account ID + type: string + peerRegion: + description: |- + The Region code for the accepter VPC, if the accepter VPC is located in a + Region other than the Region in which you make the request. + + + Default: The Region in which you make the request. + type: string + peerVPCID: + description: |- + The ID of the VPC with which you are creating the VPC peering connection. + You must specify this parameter in the request. + type: string + peerVPCRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + requesterPeeringConnectionOptions: + description: The VPC peering connection options for the requester + VPC. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the requester VPC. You must specify this parameter + in the request. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: VPCPeeringConnectionStatus defines the observed state of + VPCPeeringConnection + properties: + accepterVPCInfo: + description: |- + Information about the accepter VPC. CIDR block information is only returned + when describing an active VPC peering connection. + properties: + cidrBlock: + type: string + cidrBlockSet: + items: + description: Describes an IPv4 CIDR block. + properties: + cidrBlock: + type: string + type: object + type: array + ipv6CIDRBlockSet: + items: + description: Describes an IPv6 CIDR block. + properties: + ipv6CIDRBlock: + type: string + type: object + type: array + ownerID: + type: string + peeringOptions: + description: |- + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + + + Describes the VPC peering connection options. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + region: + type: string + vpcID: + type: string + type: object + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + expirationTime: + description: The time that an unaccepted VPC peering connection will + expire. + format: date-time + type: string + requesterVPCInfo: + description: |- + Information about the requester VPC. CIDR block information is only returned + when describing an active VPC peering connection. + properties: + cidrBlock: + type: string + cidrBlockSet: + items: + description: Describes an IPv4 CIDR block. + properties: + cidrBlock: + type: string + type: object + type: array + ipv6CIDRBlockSet: + items: + description: Describes an IPv6 CIDR block. + properties: + ipv6CIDRBlock: + type: string + type: object + type: array + ownerID: + type: string + peeringOptions: + description: |- + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + + + Describes the VPC peering connection options. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + region: + type: string + vpcID: + type: string + type: object + status: + description: The status of the VPC peering connection. + properties: + code: + type: string + message: + type: string + type: object + vpcPeeringConnectionID: + description: The ID of the VPC peering connection. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcs.yaml b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcs.yaml new file mode 100644 index 00000000000..70c81398a50 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/manifests/ec2.services.k8s.aws_vpcs.yaml @@ -0,0 +1,297 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcs.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPC + listKind: VPCList + plural: vpcs + singular: vpc + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.vpcID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPC is the Schema for the VPCS API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcSpec defines the desired state of Vpc. + + + Describes a VPC. + properties: + amazonProvidedIPv6CIDRBlock: + description: |- + Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for + the VPC. You cannot specify the range of IP addresses, or the size of the + CIDR block. + type: boolean + cidrBlocks: + items: + type: string + type: array + disallowSecurityGroupDefaultRules: + type: boolean + enableDNSHostnames: + description: The attribute value. The valid values are true or false. + type: boolean + enableDNSSupport: + description: The attribute value. The valid values are true or false. + type: boolean + instanceTenancy: + description: |- + The tenancy options for instances launched into the VPC. For default, instances + are launched with shared tenancy by default. You can launch instances with + any tenancy into a shared tenancy VPC. For dedicated, instances are launched + as dedicated tenancy instances by default. You can only launch instances + with a tenancy of dedicated or host into a dedicated tenancy VPC. + + + Important: The host value cannot be used with this parameter. Use the default + or dedicated values only. + + + Default: default + type: string + ipv4IPAMPoolID: + description: |- + The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. + For more information, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + type: string + ipv4NetmaskLength: + description: |- + The netmask length of the IPv4 CIDR you want to allocate to this VPC from + an Amazon VPC IP Address Manager (IPAM) pool. For more information about + IPAM, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + format: int64 + type: integer + ipv6CIDRBlock: + description: |- + The IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool + in the request. + + + To let Amazon choose the IPv6 CIDR block for you, omit this parameter. + type: string + ipv6CIDRBlockNetworkBorderGroup: + description: |- + The name of the location from which we advertise the IPV6 CIDR block. Use + this parameter to limit the address to this location. + + + You must set AmazonProvidedIpv6CidrBlock to true to use this parameter. + type: string + ipv6IPAMPoolID: + description: |- + The ID of an IPv6 IPAM pool which will be used to allocate this VPC an IPv6 + CIDR. IPAM is a VPC feature that you can use to automate your IP address + management workflows including assigning, tracking, troubleshooting, and + auditing IP addresses across Amazon Web Services Regions and accounts throughout + your Amazon Web Services Organization. For more information, see What is + IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + type: string + ipv6NetmaskLength: + description: |- + The netmask length of the IPv6 CIDR you want to allocate to this VPC from + an Amazon VPC IP Address Manager (IPAM) pool. For more information about + IPAM, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + format: int64 + type: integer + ipv6Pool: + description: The ID of an IPv6 address pool from which to allocate + the IPv6 CIDR block. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - cidrBlocks + type: object + status: + description: VPCStatus defines the observed state of VPC + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + cidrBlockAssociationSet: + description: Information about the IPv4 CIDR blocks associated with + the VPC. + items: + description: Describes an IPv4 CIDR block associated with a VPC. + properties: + associationID: + type: string + cidrBlock: + type: string + cidrBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + dhcpOptionsID: + description: The ID of the set of DHCP options you've associated with + the VPC. + type: string + ipv6CIDRBlockAssociationSet: + description: Information about the IPv6 CIDR blocks associated with + the VPC. + items: + description: Describes an IPv6 CIDR block associated with a VPC. + properties: + associationID: + type: string + ipv6CIDRBlock: + type: string + ipv6CIDRBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + ipv6Pool: + type: string + networkBorderGroup: + type: string + type: object + type: array + isDefault: + description: Indicates whether the VPC is the default VPC. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + VPC. + type: string + securityGroupDefaultRulesExist: + type: boolean + state: + description: The current state of the VPC. + type: string + vpcID: + description: The ID of the VPC. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.21/metadata/annotations.yaml b/operators/ack-ec2-controller/1.2.21/metadata/annotations.yaml new file mode 100644 index 00000000000..09db878affb --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-ec2-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-ec2-controller/1.2.21/tests/scorecard/config.yaml b/operators/ack-ec2-controller/1.2.21/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.21/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/ack-ec2-controller/1.2.22/bundle.Dockerfile b/operators/ack-ec2-controller/1.2.22/bundle.Dockerfile new file mode 100644 index 00000000000..50ccfac3d94 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-ec2-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-controller.clusterserviceversion.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..8d9d067ed4d --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-controller.clusterserviceversion.yaml @@ -0,0 +1,724 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "DHCPOptions", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "ElasticIPAddress", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "Instance", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "InternetGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "NATGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "RouteTable", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "SecurityGroup", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "Subnet", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "TransitGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "VPC", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "VPCEndpoint", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/ec2-controller:1.2.22 + createdAt: "2024-09-17T18:58:52Z" + description: AWS EC2 controller is a service controller for managing EC2 resources + in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-ec2-controller.v1.2.22 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: DHCPOptions represents the state of an AWS ec2 DHCPOptions resource. + displayName: DHCPOptions + kind: DHCPOptions + name: dhcpoptions.ec2.services.k8s.aws + version: v1alpha1 + - description: ElasticIPAddress represents the state of an AWS ec2 ElasticIPAddress + resource. + displayName: ElasticIPAddress + kind: ElasticIPAddress + name: elasticipaddresses.ec2.services.k8s.aws + version: v1alpha1 + - description: FlowLog represents the state of an AWS ec2 FlowLog resource. + displayName: FlowLog + kind: FlowLog + name: flowlogs.ec2.services.k8s.aws + version: v1alpha1 + - description: Instance represents the state of an AWS ec2 Instance resource. + displayName: Instance + kind: Instance + name: instances.ec2.services.k8s.aws + version: v1alpha1 + - description: InternetGateway represents the state of an AWS ec2 InternetGateway + resource. + displayName: InternetGateway + kind: InternetGateway + name: internetgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: NATGateway represents the state of an AWS ec2 NATGateway resource. + displayName: NATGateway + kind: NATGateway + name: natgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: NetworkACL represents the state of an AWS ec2 NetworkACL resource. + displayName: NetworkACL + kind: NetworkACL + name: networkacls.ec2.services.k8s.aws + version: v1alpha1 + - description: RouteTable represents the state of an AWS ec2 RouteTable resource. + displayName: RouteTable + kind: RouteTable + name: routetables.ec2.services.k8s.aws + version: v1alpha1 + - description: SecurityGroup represents the state of an AWS ec2 SecurityGroup + resource. + displayName: SecurityGroup + kind: SecurityGroup + name: securitygroups.ec2.services.k8s.aws + version: v1alpha1 + - description: Subnet represents the state of an AWS ec2 Subnet resource. + displayName: Subnet + kind: Subnet + name: subnets.ec2.services.k8s.aws + version: v1alpha1 + - description: TransitGateway represents the state of an AWS ec2 TransitGateway + resource. + displayName: TransitGateway + kind: TransitGateway + name: transitgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCEndpoint represents the state of an AWS ec2 VPCEndpoint resource. + displayName: VPCEndpoint + kind: VPCEndpoint + name: vpcendpoints.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCEndpointServiceConfiguration represents the state of an AWS + ec2 VPCEndpointServiceConfiguration resource. + displayName: VPCEndpointServiceConfiguration + kind: VPCEndpointServiceConfiguration + name: vpcendpointserviceconfigurations.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCPeeringConnection represents the state of an AWS ec2 VPCPeeringConnection + resource. + displayName: VPCPeeringConnection + kind: VPCPeeringConnection + name: vpcpeeringconnections.ec2.services.k8s.aws + version: v1alpha1 + - description: VPC represents the state of an AWS ec2 VPC resource. + displayName: VPC + kind: VPC + name: vpcs.ec2.services.k8s.aws + version: v1alpha1 + description: |- + Manage Elastic Compute Cloud (EC2) resources in AWS from within your Kubernetes cluster. + + **About Amazon EC2** + + Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic. + + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. + + **Pre-Installation Steps** + + Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) + displayName: AWS Controllers for Kubernetes - Amazon EC2 + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - elasticipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - elasticipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - flowlogs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - flowlogs/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - instances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - instances/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - internetgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - internetgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - natgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - networkacls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - networkacls/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - routetables/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - subnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - subnets/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - transitgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - transitgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpoints/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpointserviceconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpointserviceconfigurations/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcpeeringconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcpeeringconnections/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcs/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + verbs: + - get + - patch + - update + serviceAccountName: ack-ec2-controller + deployments: + - label: + app.kubernetes.io/name: ack-ec2-controller + app.kubernetes.io/part-of: ack-system + name: ack-ec2-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-ec2-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-ec2-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-ec2-user-config + optional: false + - secretRef: + name: ack-ec2-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/ec2-controller:1.2.22 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-ec2-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-ec2-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - ec2 + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon EC2 Developer Resources + url: https://aws.amazon.com/ec2/resources/ + maintainers: + - email: ack-maintainers@amazon.com + name: ec2 maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 1.2.22 diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-metrics-service_v1_service.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..535fe868fdc --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-ec2-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-ec2-controller + type: NodePort +status: + loadBalancer: {} diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..3c9b1f90003 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-ec2-reader +rules: +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - get + - list + - watch diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..d331061459e --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-ec2-writer +rules: +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - get + - patch + - update diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_dhcpoptions.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_dhcpoptions.yaml new file mode 100644 index 00000000000..4c9ac493224 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_dhcpoptions.yaml @@ -0,0 +1,188 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: dhcpoptions.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: DHCPOptions + listKind: DHCPOptionsList + plural: dhcpoptions + singular: dhcpoptions + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.dhcpOptionsID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DHCPOptions is the Schema for the DHCPOptions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DhcpOptionsSpec defines the desired state of DhcpOptions. + + + Describes a set of DHCP options. + properties: + dhcpConfigurations: + description: A DHCP configuration option. + items: + properties: + key: + type: string + values: + items: + type: string + type: array + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpc: + items: + type: string + type: array + vpcRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + required: + - dhcpConfigurations + type: object + status: + description: DHCPOptionsStatus defines the observed state of DHCPOptions + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + dhcpOptionsID: + description: The ID of the set of DHCP options. + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + DHCP options set. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml new file mode 100644 index 00000000000..71bb94438eb --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml @@ -0,0 +1,191 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: elasticipaddresses.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: ElasticIPAddress + listKind: ElasticIPAddressList + plural: elasticipaddresses + singular: elasticipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.allocationID + name: ALLOCATION-ID + type: string + - jsonPath: .status.publicIP + name: PUBLIC-IP + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ElasticIPAddress is the Schema for the ElasticIPAddresses API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ElasticIPAddressSpec defines the desired state of ElasticIPAddress. + properties: + address: + description: |- + [EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address + pool. + type: string + customerOwnedIPv4Pool: + description: |- + The ID of a customer-owned address pool. Use this parameter to let Amazon + EC2 select an address from the address pool. Alternatively, specify a specific + address from the address pool. + type: string + networkBorderGroup: + description: |- + A unique set of Availability Zones, Local Zones, or Wavelength Zones from + which Amazon Web Services advertises IP addresses. Use this parameter to + limit the IP address to this location. IP addresses cannot move between network + border groups. + + + Use DescribeAvailabilityZones (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) + to view the network border groups. + + + You cannot use a network border group with EC2 Classic. If you attempt this + operation on EC2 Classic, you receive an InvalidParameterCombination error. + type: string + publicIPv4Pool: + description: |- + The ID of an address pool that you own. Use this parameter to let Amazon + EC2 select an address from the address pool. To specify a specific address + from the address pool, use the Address parameter instead. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: ElasticIPAddressStatus defines the observed state of ElasticIPAddress + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + allocationID: + description: |- + [EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation + of the Elastic IP address for use with instances in a VPC. + type: string + carrierIP: + description: |- + The carrier IP address. This option is only available for network interfaces + which reside in a subnet in a Wavelength Zone (for example an EC2 instance). + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + customerOwnedIP: + description: The customer-owned IP address. + type: string + publicIP: + description: The Elastic IP address. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_flowlogs.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_flowlogs.yaml new file mode 100644 index 00000000000..2291baa4a02 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_flowlogs.yaml @@ -0,0 +1,272 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: flowlogs.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: FlowLog + listKind: FlowLogList + plural: flowlogs + singular: flowlog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FlowLog is the Schema for the FlowLogs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + FlowLogSpec defines the desired state of FlowLog. + + + Describes a flow log. + properties: + deliverLogsPermissionARN: + description: |- + The ARN for the IAM role that permits Amazon EC2 to publish flow logs to + a CloudWatch Logs log group in your account. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + type: string + destinationOptions: + description: The destination options. + properties: + fileFormat: + type: string + hiveCompatiblePartitions: + type: boolean + perHourPartition: + type: boolean + type: object + logDestination: + description: |- + The destination to which the flow log data is to be published. Flow log data + can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The + value specified for this parameter depends on the value specified for LogDestinationType. + + + If LogDestinationType is not specified or cloud-watch-logs, specify the Amazon + Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish + to a log group called my-logs, specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs. + Alternatively, use LogGroupName instead. + + + If LogDestinationType is s3, specify the ARN of the Amazon S3 bucket. You + can also specify a subfolder in the bucket. To specify a subfolder in the + bucket, use the following ARN format: bucket_ARN/subfolder_name/. For example, + to specify a subfolder named my-logs in a bucket named my-bucket, use the + following ARN: arn:aws:s3:::my-bucket/my-logs/. You cannot use AWSLogs as + a subfolder name. This is a reserved term. + type: string + logDestinationType: + description: |- + The type of destination to which the flow log data is to be published. Flow + log data can be published to CloudWatch Logs or Amazon S3. To publish flow + log data to CloudWatch Logs, specify cloud-watch-logs. To publish flow log + data to Amazon S3, specify s3. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + + + Default: cloud-watch-logs + type: string + logFormat: + description: |- + The fields to include in the flow log record, in the order in which they + should appear. For a list of available fields, see Flow log records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records). + If you omit this parameter, the flow log is created using the default format. + If you specify this parameter, you must specify at least one field. + + + Specify the fields using the ${field-id} format, separated by spaces. For + the CLI, surround this parameter value with single quotes on Linux or double + quotes on Windows. + type: string + logGroupName: + description: |- + The name of a new or existing CloudWatch Logs log group where Amazon EC2 + publishes your flow logs. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + type: string + maxAggregationInterval: + description: |- + The maximum interval of time during which a flow of packets is captured and + aggregated into a flow log record. You can specify 60 seconds (1 minute) + or 600 seconds (10 minutes). + + + When a network interface is attached to a Nitro-based instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances), + the aggregation interval is always 60 seconds or less, regardless of the + value that you specify. + + + Default: 600 + format: int64 + type: integer + resourceID: + type: string + resourceType: + description: |- + The type of resource for which to create the flow log. For example, if you + specified a VPC ID for the ResourceId property, specify VPC for this property. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + trafficType: + description: |- + The type of traffic to log. You can log traffic that the resource accepts + or rejects, or all traffic. + type: string + required: + - resourceID + - resourceType + type: object + status: + description: FlowLogStatus defines the observed state of FlowLog + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + clientToken: + description: |- + Unique, case-sensitive identifier that you provide to ensure the idempotency + of the request. + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + flowLogID: + type: string + unsuccessful: + description: Information about the flow logs that could not be created + successfully. + items: + description: Information about items that were not successfully + processed in a batch call. + properties: + error: + description: |- + Information about the error that occurred. For more information about errors, + see Error codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). + properties: + code: + type: string + message: + type: string + type: object + resourceID: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_instances.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_instances.yaml new file mode 100644 index 00000000000..e5893051e9a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_instances.yaml @@ -0,0 +1,885 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: instances.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: Instance + listKind: InstanceList + plural: instances + singular: instance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.instanceID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Instance is the Schema for the Instances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + InstanceSpec defines the desired state of Instance. + + + Describes an instance. + properties: + blockDeviceMappings: + description: |- + The block device mapping, which defines the EBS volumes and instance store + volumes to attach to the instance at launch. For more information, see Block + device mappings (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) + in the Amazon EC2 User Guide. + items: + description: |- + Describes a block device mapping, which defines the EBS volumes and instance + store volumes to attach to an instance at launch. + properties: + deviceName: + type: string + ebs: + description: Describes a block device for an EBS volume. + properties: + deleteOnTermination: + type: boolean + encrypted: + type: boolean + iops: + format: int64 + type: integer + kmsKeyID: + type: string + outpostARN: + type: string + snapshotID: + type: string + throughput: + format: int64 + type: integer + volumeSize: + format: int64 + type: integer + volumeType: + type: string + type: object + noDevice: + type: string + virtualName: + type: string + type: object + type: array + capacityReservationSpecification: + description: |- + Information about the Capacity Reservation targeting option. If you do not + specify this parameter, the instance's Capacity Reservation preference defaults + to open, which enables it to run in any open Capacity Reservation that has + matching attributes (instance type, platform, Availability Zone). + properties: + capacityReservationPreference: + type: string + capacityReservationTarget: + description: Describes a target Capacity Reservation or Capacity + Reservation group. + properties: + capacityReservationID: + type: string + capacityReservationResourceGroupARN: + type: string + type: object + type: object + cpuOptions: + description: |- + The CPU options for the instance. For more information, see Optimize CPU + options (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) + in the Amazon EC2 User Guide. + properties: + coreCount: + format: int64 + type: integer + threadsPerCore: + format: int64 + type: integer + type: object + creditSpecification: + description: |- + The credit option for CPU usage of the burstable performance instance. Valid + values are standard and unlimited. To change this attribute after launch, + use ModifyInstanceCreditSpecification (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html). + For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) + in the Amazon EC2 User Guide. + + + Default: standard (T2 instances) or unlimited (T3/T3a/T4g instances) + + + For T3 instances with host tenancy, only standard is supported. + properties: + cpuCredits: + type: string + type: object + disableAPIStop: + description: |- + Indicates whether an instance is enabled for stop protection. For more information, + see Stop protection (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection). + type: boolean + disableAPITermination: + description: |- + If you set this parameter to true, you can't terminate the instance using + the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute + after launch, use ModifyInstanceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). + Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, + you can terminate the instance by running the shutdown command from the instance. + + + Default: false + type: boolean + ebsOptimized: + description: |- + Indicates whether the instance is optimized for Amazon EBS I/O. This optimization + provides dedicated throughput to Amazon EBS and an optimized configuration + stack to provide optimal Amazon EBS I/O performance. This optimization isn't + available with all instance types. Additional usage charges apply when using + an EBS-optimized instance. + + + Default: false + type: boolean + elasticGPUSpecification: + description: |- + An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource + that you can attach to your Windows instance to accelerate the graphics performance + of your applications. For more information, see Amazon EC2 Elastic GPUs (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html) + in the Amazon EC2 User Guide. + items: + description: A specification for an Elastic Graphics accelerator. + properties: + type_: + type: string + type: object + type: array + elasticInferenceAccelerators: + description: |- + An elastic inference accelerator to associate with the instance. Elastic + inference accelerators are a resource you can attach to your Amazon EC2 instances + to accelerate your Deep Learning (DL) inference workloads. + + + You cannot specify accelerators from different generations in the same request. + items: + description: Describes an elastic inference accelerator. + properties: + count: + format: int64 + type: integer + type_: + type: string + type: object + type: array + enclaveOptions: + description: |- + Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) + in the Amazon Web Services Nitro Enclaves User Guide. + + + You can't enable Amazon Web Services Nitro Enclaves and hibernation on the + same instance. + properties: + enabled: + type: boolean + type: object + hibernationOptions: + description: |- + Indicates whether an instance is enabled for hibernation. For more information, + see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) + in the Amazon EC2 User Guide. + + + You can't enable hibernation and Amazon Web Services Nitro Enclaves on the + same instance. + properties: + configured: + type: boolean + type: object + iamInstanceProfile: + description: The name or Amazon Resource Name (ARN) of an IAM instance + profile. + properties: + arn: + type: string + name: + type: string + type: object + imageID: + description: |- + The ID of the AMI. An AMI ID is required to launch an instance and must be + specified here or in a launch template. + type: string + instanceInitiatedShutdownBehavior: + description: |- + Indicates whether an instance stops or terminates when you initiate shutdown + from the instance (using the operating system command for system shutdown). + + + Default: stop + type: string + instanceMarketOptions: + description: |- + The market (purchasing) option for the instances. + + + For RunInstances, persistent Spot Instance requests are only supported when + InstanceInterruptionBehavior is set to either hibernate or stop. + properties: + marketType: + type: string + spotOptions: + description: The options for Spot Instances. + properties: + blockDurationMinutes: + format: int64 + type: integer + instanceInterruptionBehavior: + type: string + maxPrice: + type: string + spotInstanceType: + type: string + validUntil: + format: date-time + type: string + type: object + type: object + instanceType: + description: |- + The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + in the Amazon EC2 User Guide. + + + Default: m1.small + type: string + ipv6AddressCount: + description: |- + [EC2-VPC] The number of IPv6 addresses to associate with the primary network + interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. + You cannot specify this option and the option to assign specific IPv6 addresses + in the same request. You can specify this option if you've specified a minimum + number of instances to launch. + + + You cannot specify this option and the network interfaces option in the same + request. + format: int64 + type: integer + ipv6Addresses: + description: |- + [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with + the primary network interface. You cannot specify this option and the option + to assign a number of IPv6 addresses in the same request. You cannot specify + this option if you've specified a minimum number of instances to launch. + + + You cannot specify this option and the network interfaces option in the same + request. + items: + description: Describes an IPv6 address. + properties: + ipv6Address: + type: string + type: object + type: array + kernelID: + description: |- + The ID of the kernel. + + + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more + information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + in the Amazon EC2 User Guide. + type: string + keyName: + description: |- + The name of the key pair. You can create a key pair using CreateKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html) + or ImportKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html). + + + If you do not specify a key pair, you can't connect to the instance unless + you choose an AMI that is configured to allow users another way to log in. + type: string + launchTemplate: + description: |- + The launch template to use to launch the instances. Any parameters that you + specify in RunInstances override the same parameters in the launch template. + You can specify either the name or ID of a launch template, but not both. + properties: + launchTemplateID: + type: string + launchTemplateName: + type: string + version: + type: string + type: object + licenseSpecifications: + description: The license configurations. + items: + description: Describes a license configuration. + properties: + licenseConfigurationARN: + type: string + type: object + type: array + maintenanceOptions: + description: The maintenance and recovery options for the instance. + properties: + autoRecovery: + type: string + type: object + maxCount: + description: |- + The maximum number of instances to launch. If you specify more instances + than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches + the largest possible number of instances above MinCount. + + + Constraints: Between 1 and the maximum number you're allowed for the specified + instance type. For more information about the default limits, and how to + request an increase, see How many instances can I run in Amazon EC2 (http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2) + in the Amazon EC2 FAQ. + format: int64 + type: integer + metadataOptions: + description: |- + The metadata options for the instance. For more information, see Instance + metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). + properties: + httpEndpoint: + type: string + httpProtocolIPv6: + type: string + httpPutResponseHopLimit: + format: int64 + type: integer + httpTokens: + type: string + instanceMetadataTags: + type: string + type: object + minCount: + description: |- + The minimum number of instances to launch. If you specify a minimum that + is more instances than Amazon EC2 can launch in the target Availability Zone, + Amazon EC2 launches no instances. + + + Constraints: Between 1 and the maximum number you're allowed for the specified + instance type. For more information about the default limits, and how to + request an increase, see How many instances can I run in Amazon EC2 (http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2) + in the Amazon EC2 General FAQ. + format: int64 + type: integer + monitoring: + description: Specifies whether detailed monitoring is enabled for + the instance. + properties: + enabled: + type: boolean + type: object + networkInterfaces: + description: |- + The network interfaces to associate with the instance. If you specify a network + interface, you must specify any security groups and subnets as part of the + network interface. + items: + description: Describes a network interface. + properties: + associateCarrierIPAddress: + type: boolean + associatePublicIPAddress: + type: boolean + deleteOnTermination: + type: boolean + description: + type: string + deviceIndex: + format: int64 + type: integer + interfaceType: + type: string + ipv4PrefixCount: + format: int64 + type: integer + ipv4Prefixes: + items: + description: Describes the IPv4 prefix option for a network + interface. + properties: + ipv4Prefix: + type: string + type: object + type: array + ipv6AddressCount: + format: int64 + type: integer + ipv6Addresses: + items: + description: Describes an IPv6 address. + properties: + ipv6Address: + type: string + type: object + type: array + ipv6PrefixCount: + format: int64 + type: integer + ipv6Prefixes: + items: + description: Describes the IPv4 prefix option for a network + interface. + properties: + ipv6Prefix: + type: string + type: object + type: array + networkCardIndex: + format: int64 + type: integer + networkInterfaceID: + type: string + privateIPAddress: + type: string + privateIPAddresses: + items: + description: Describes a secondary private IPv4 address for + a network interface. + properties: + primary: + type: boolean + privateIPAddress: + type: string + type: object + type: array + secondaryPrivateIPAddressCount: + format: int64 + type: integer + subnetID: + type: string + type: object + type: array + placement: + description: The placement for the instance. + properties: + affinity: + type: string + availabilityZone: + type: string + groupName: + type: string + hostID: + type: string + hostResourceGroupARN: + type: string + partitionNumber: + format: int64 + type: integer + spreadDomain: + type: string + tenancy: + type: string + type: object + privateDNSNameOptions: + description: |- + The options for the instance hostname. The default values are inherited from + the subnet. + properties: + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + type: object + privateIPAddress: + description: |- + [EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 + address range of the subnet. + + + Only one private IP address can be designated as primary. You can't specify + this option if you've specified the option to designate a private IP address + as the primary IP address in a network interface specification. You cannot + specify this option if you're launching more than one instance in the request. + + + You cannot specify this option and the network interfaces option in the same + request. + type: string + ramDiskID: + description: |- + The ID of the RAM disk to select. Some kernels require additional drivers + at launch. Check the kernel requirements for information about whether you + need to specify a RAM disk. To find kernel requirements, go to the Amazon + Web Services Resource Center and search for the kernel ID. + + + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more + information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + in the Amazon EC2 User Guide. + type: string + securityGroupIDs: + description: |- + The IDs of the security groups. You can create a security group using CreateSecurityGroup + (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html). + + + If you specify a network interface, you must specify any security groups + as part of the network interface. + items: + type: string + type: array + securityGroups: + description: |- + [EC2-Classic, default VPC] The names of the security groups. For a nondefault + VPC, you must use security group IDs instead. + + + If you specify a network interface, you must specify any security groups + as part of the network interface. + + + Default: Amazon EC2 uses the default security group. + items: + type: string + type: array + subnetID: + description: |- + [EC2-VPC] The ID of the subnet to launch the instance into. + + + If you specify a network interface, you must specify any subnets as part + of the network interface. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + userData: + description: |- + The user data script to make available to the instance. For more information, + see Run commands on your Linux instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) + and Run commands on your Windows instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html). + If you are using a command line tool, base64-encoding is performed for you, + and you can load the text from a file. Otherwise, you must provide base64-encoded + text. User data is limited to 16 KB. + type: string + type: object + status: + description: InstanceStatus defines the observed state of Instance + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + amiLaunchIndex: + description: |- + The AMI launch index, which can be used to find this instance in the launch + group. + format: int64 + type: integer + architecture: + description: The architecture of the image. + type: string + bootMode: + description: |- + The boot mode of the instance. For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) + in the Amazon EC2 User Guide. + type: string + capacityReservationID: + description: The ID of the Capacity Reservation. + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + elasticGPUAssociations: + description: The Elastic GPU associated with the instance. + items: + description: Describes the association between an instance and an + Elastic Graphics accelerator. + properties: + elasticGPUAssociationID: + type: string + elasticGPUAssociationState: + type: string + elasticGPUAssociationTime: + type: string + elasticGPUID: + type: string + type: object + type: array + elasticInferenceAcceleratorAssociations: + description: The elastic inference accelerator associated with the + instance. + items: + description: Describes the association between an instance and an + elastic inference accelerator. + properties: + elasticInferenceAcceleratorARN: + type: string + elasticInferenceAcceleratorAssociationID: + type: string + elasticInferenceAcceleratorAssociationState: + type: string + elasticInferenceAcceleratorAssociationTime: + format: date-time + type: string + type: object + type: array + enaSupport: + description: Specifies whether enhanced networking with ENA is enabled. + type: boolean + hypervisor: + description: |- + The hypervisor type of the instance. The value xen is used for both Xen and + Nitro hypervisors. + type: string + instanceID: + description: The ID of the instance. + type: string + instanceLifecycle: + description: Indicates whether this is a Spot Instance or a Scheduled + Instance. + type: string + ipv6Address: + description: The IPv6 address assigned to the instance. + type: string + launchTime: + description: The time the instance was launched. + format: date-time + type: string + licenses: + description: The license configurations for the instance. + items: + description: Describes a license configuration. + properties: + licenseConfigurationARN: + type: string + type: object + type: array + outpostARN: + description: The Amazon Resource Name (ARN) of the Outpost. + type: string + platform: + description: The value is Windows for Windows instances; otherwise + blank. + type: string + platformDetails: + description: |- + The platform details value for the instance. For more information, see AMI + billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + in the Amazon EC2 User Guide. + type: string + privateDNSName: + description: |- + (IPv4 only) The private DNS hostname name assigned to the instance. This + DNS hostname can only be used inside the Amazon EC2 network. This name is + not available until the instance enters the running state. + + + [EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private + DNS hostnames if you've enabled DNS resolution and DNS hostnames in your + VPC. If you are not using the Amazon-provided DNS server in your VPC, your + custom domain name servers must resolve the hostname as appropriate. + type: string + productCodes: + description: The product codes attached to this instance, if applicable. + items: + description: Describes a product code. + properties: + productCodeID: + type: string + productCodeType: + type: string + type: object + type: array + publicDNSName: + description: |- + (IPv4 only) The public DNS name assigned to the instance. This name is not + available until the instance enters the running state. For EC2-VPC, this + name is only available if you've enabled DNS hostnames for your VPC. + type: string + publicIPAddress: + description: |- + The public IPv4 address, or the Carrier IP address assigned to the instance, + if applicable. + + + A Carrier IP address only applies to an instance launched in a subnet associated + with a Wavelength Zone. + type: string + rootDeviceName: + description: The device name of the root device volume (for example, + /dev/sda1). + type: string + rootDeviceType: + description: |- + The root device type used by the AMI. The AMI can use an EBS volume or an + instance store volume. + type: string + sourceDestCheck: + description: Indicates whether source/destination checking is enabled. + type: boolean + spotInstanceRequestID: + description: If the request is a Spot Instance request, the ID of + the request. + type: string + sriovNetSupport: + description: |- + Specifies whether enhanced networking with the Intel 82599 Virtual Function + interface is enabled. + type: string + state: + description: The current state of the instance. + properties: + code: + format: int64 + type: integer + name: + type: string + type: object + stateReason: + description: The reason for the most recent state transition. + properties: + code: + type: string + message: + type: string + type: object + stateTransitionReason: + description: The reason for the most recent state transition. This + might be an empty string. + type: string + tpmSupport: + description: |- + If the instance is configured for NitroTPM support, the value is v2.0. For + more information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) + in the Amazon EC2 User Guide. + type: string + usageOperation: + description: |- + The usage operation value for the instance. For more information, see AMI + billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + in the Amazon EC2 User Guide. + type: string + usageOperationUpdateTime: + description: The time that the usage operation was last updated. + format: date-time + type: string + virtualizationType: + description: The virtualization type of the instance. + type: string + vpcID: + description: '[EC2-VPC] The ID of the VPC in which the instance is + running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_internetgateways.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_internetgateways.yaml new file mode 100644 index 00000000000..60ef4b70e54 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_internetgateways.yaml @@ -0,0 +1,207 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: internetgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: InternetGateway + listKind: InternetGatewayList + plural: internetgateways + singular: internetgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.internetGatewayID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: InternetGateway is the Schema for the InternetGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + InternetGatewaySpec defines the desired state of InternetGateway. + + + Describes an internet gateway. + properties: + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + routeTables: + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpc: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: InternetGatewayStatus defines the observed state of InternetGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + attachments: + description: Any VPCs attached to the internet gateway. + items: + description: |- + Describes the attachment of a VPC to an internet gateway or an egress-only + internet gateway. + properties: + state: + type: string + vpcID: + type: string + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + internetGatewayID: + description: The ID of the internet gateway. + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + internet gateway. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_natgateways.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_natgateways.yaml new file mode 100644 index 00000000000..30519b24f70 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_natgateways.yaml @@ -0,0 +1,307 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: natgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: NATGateway + listKind: NATGatewayList + plural: natgateways + singular: natgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.natGatewayID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NATGateway is the Schema for the NATGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NatGatewaySpec defines the desired state of NatGateway. + + + Describes a NAT gateway. + properties: + allocationID: + description: |- + [Public NAT gateways only] The allocation ID of an Elastic IP address to + associate with the NAT gateway. You cannot specify an Elastic IP address + with a private NAT gateway. If the Elastic IP address is associated with + another resource, you must first disassociate it. + type: string + allocationRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + connectivityType: + description: |- + Indicates whether the NAT gateway supports public or private connectivity. + The default is public connectivity. + type: string + subnetID: + description: The subnet in which to create the NAT gateway. + type: string + subnetRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: NATGatewayStatus defines the observed state of NATGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + createTime: + description: The date and time the NAT gateway was created. + format: date-time + type: string + deleteTime: + description: The date and time the NAT gateway was deleted, if applicable. + format: date-time + type: string + failureCode: + description: |- + If the NAT gateway could not be created, specifies the error code for the + failure. (InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound + | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound) + type: string + failureMessage: + description: |- + If the NAT gateway could not be created, specifies the error message for + the failure, that corresponds to the error code. + + + * For InsufficientFreeAddressesInSubnet: "Subnet has insufficient free + addresses to create this NAT gateway" + + + * For Gateway.NotAttached: "Network vpc-xxxxxxxx has no Internet gateway + attached" + + + * For InvalidAllocationID.NotFound: "Elastic IP address eipalloc-xxxxxxxx + could not be associated with this NAT gateway" + + + * For Resource.AlreadyAssociated: "Elastic IP address eipalloc-xxxxxxxx + is already associated" + + + * For InternalError: "Network interface eni-xxxxxxxx, created and used + internally by this NAT gateway is in an invalid state. Please try again." + + + * For InvalidSubnetID.NotFound: "The specified subnet subnet-xxxxxxxx + does not exist or could not be found." + type: string + natGatewayAddresses: + description: |- + Information about the IP addresses and network interface associated with + the NAT gateway. + items: + description: Describes the IP addresses and network interface associated + with a NAT gateway. + properties: + allocationID: + type: string + networkInterfaceID: + type: string + privateIP: + type: string + publicIP: + type: string + type: object + type: array + natGatewayID: + description: The ID of the NAT gateway. + type: string + provisionedBandwidth: + description: |- + Reserved. If you need to sustain traffic greater than the documented limits + (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), + contact us through the Support Center (https://console.aws.amazon.com/support/home?). + properties: + provisionTime: + format: date-time + type: string + provisioned: + type: string + requestTime: + format: date-time + type: string + requested: + type: string + status: + type: string + type: object + state: + description: |- + The state of the NAT gateway. + + + * pending: The NAT gateway is being created and is not ready to process + traffic. + + + * failed: The NAT gateway could not be created. Check the failureCode + and failureMessage fields for the reason. + + + * available: The NAT gateway is able to process traffic. This status remains + until you delete the NAT gateway, and does not indicate the health of + the NAT gateway. + + + * deleting: The NAT gateway is in the process of being terminated and + may still be processing traffic. + + + * deleted: The NAT gateway has been terminated and is no longer processing + traffic. + type: string + vpcID: + description: The ID of the VPC in which the NAT gateway is located. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_networkacls.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_networkacls.yaml new file mode 100644 index 00000000000..313890903a0 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_networkacls.yaml @@ -0,0 +1,241 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: networkacls.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: NetworkACL + listKind: NetworkACLList + plural: networkacls + singular: networkacl + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkACL is the Schema for the NetworkACLS API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NetworkAclSpec defines the desired state of NetworkAcl. + + + Describes a network ACL. + properties: + associations: + items: + description: Describes an association between a network ACL and + a subnet. + properties: + networkACLAssociationID: + type: string + networkACLID: + type: string + subnetID: + type: string + subnetRef: + description: Reference field for SubnetID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + entries: + items: + description: Describes an entry in a network ACL. + properties: + cidrBlock: + type: string + egress: + type: boolean + icmpTypeCode: + description: Describes the ICMP type and code. + properties: + code: + format: int64 + type: integer + type_: + format: int64 + type: integer + type: object + ipv6CIDRBlock: + type: string + portRange: + description: Describes a range of ports. + properties: + from: + format: int64 + type: integer + to: + format: int64 + type: integer + type: object + protocol: + type: string + ruleAction: + type: string + ruleNumber: + format: int64 + type: integer + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: NetworkACLStatus defines the observed state of NetworkACL + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + id: + description: The ID of the network ACL. + type: string + isDefault: + description: Indicates whether this is the default network ACL for + the VPC. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + network ACL. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_routetables.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_routetables.yaml new file mode 100644 index 00000000000..a05a44bdd8e --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_routetables.yaml @@ -0,0 +1,351 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: routetables.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: RouteTable + listKind: RouteTableList + plural: routetables + singular: routetable + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.routeTableID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: RouteTable is the Schema for the RouteTables API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + RouteTableSpec defines the desired state of RouteTable. + + + Describes a route table. + properties: + routes: + items: + properties: + carrierGatewayID: + type: string + coreNetworkARN: + type: string + destinationCIDRBlock: + type: string + destinationIPv6CIDRBlock: + type: string + destinationPrefixListID: + type: string + egressOnlyInternetGatewayID: + type: string + gatewayID: + type: string + gatewayRef: + description: Reference field for GatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + instanceID: + type: string + localGatewayID: + type: string + natGatewayID: + type: string + natGatewayRef: + description: Reference field for NATGatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + networkInterfaceID: + type: string + transitGatewayID: + type: string + transitGatewayRef: + description: Reference field for TransitGatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + vpcEndpointID: + type: string + vpcEndpointRef: + description: Reference field for VPCEndpointID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + vpcPeeringConnectionID: + type: string + vpcPeeringConnectionRef: + description: Reference field for VPCPeeringConnectionID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: RouteTableStatus defines the observed state of RouteTable + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + associations: + description: The associations between the route table and one or more + subnets or a gateway. + items: + description: Describes an association between a route table and + a subnet or gateway. + properties: + associationState: + description: |- + Describes the state of an association between a route table and a subnet + or gateway. + properties: + state: + type: string + statusMessage: + type: string + type: object + gatewayID: + type: string + main: + type: boolean + routeTableAssociationID: + type: string + routeTableID: + type: string + subnetID: + type: string + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + ownerID: + description: The ID of the Amazon Web Services account that owns the + route table. + type: string + propagatingVGWs: + description: Any virtual private gateway (VGW) propagating routes. + items: + description: Describes a virtual private gateway propagating route. + properties: + gatewayID: + type: string + type: object + type: array + routeStatuses: + description: The routes in the route table. + items: + description: Describes a route in a route table. + properties: + carrierGatewayID: + type: string + coreNetworkARN: + type: string + destinationCIDRBlock: + type: string + destinationIPv6CIDRBlock: + type: string + destinationPrefixListID: + type: string + egressOnlyInternetGatewayID: + type: string + gatewayID: + type: string + instanceID: + type: string + instanceOwnerID: + type: string + localGatewayID: + type: string + natGatewayID: + type: string + networkInterfaceID: + type: string + origin: + type: string + state: + type: string + transitGatewayID: + type: string + vpcPeeringConnectionID: + type: string + type: object + type: array + routeTableID: + description: The ID of the route table. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_securitygroups.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_securitygroups.yaml new file mode 100644 index 00000000000..0828cacecfc --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_securitygroups.yaml @@ -0,0 +1,433 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: securitygroups.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: SecurityGroup + listKind: SecurityGroupList + plural: securitygroups + singular: securitygroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecurityGroup is the Schema for the SecurityGroups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + SecurityGroupSpec defines the desired state of SecurityGroup. + + + Describes a security group. + properties: + description: + description: |- + A description for the security group. This is informational only. + + + Constraints: Up to 255 characters in length + + + Constraints for EC2-Classic: ASCII characters + + + Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + type: string + egressRules: + items: + description: Describes a set of permissions for a security group + rule. + properties: + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + ipRanges: + items: + description: Describes an IPv4 range. + properties: + cidrIP: + type: string + description: + type: string + type: object + type: array + ipv6Ranges: + items: + description: '[EC2-VPC only] Describes an IPv6 range.' + properties: + cidrIPv6: + type: string + description: + type: string + type: object + type: array + prefixListIDs: + items: + description: Describes a prefix list ID. + properties: + description: + type: string + prefixListID: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + userIDGroupPairs: + items: + description: |- + Describes a security group and Amazon Web Services account ID pair. + + + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + properties: + description: + type: string + groupID: + type: string + groupName: + type: string + groupRef: + description: Reference field for GroupID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + peeringStatus: + type: string + userID: + type: string + vpcID: + type: string + vpcPeeringConnectionID: + type: string + vpcRef: + description: Reference field for VPCID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + type: object + type: array + ingressRules: + items: + description: Describes a set of permissions for a security group + rule. + properties: + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + ipRanges: + items: + description: Describes an IPv4 range. + properties: + cidrIP: + type: string + description: + type: string + type: object + type: array + ipv6Ranges: + items: + description: '[EC2-VPC only] Describes an IPv6 range.' + properties: + cidrIPv6: + type: string + description: + type: string + type: object + type: array + prefixListIDs: + items: + description: Describes a prefix list ID. + properties: + description: + type: string + prefixListID: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + userIDGroupPairs: + items: + description: |- + Describes a security group and Amazon Web Services account ID pair. + + + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + properties: + description: + type: string + groupID: + type: string + groupName: + type: string + groupRef: + description: Reference field for GroupID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + peeringStatus: + type: string + userID: + type: string + vpcID: + type: string + vpcPeeringConnectionID: + type: string + vpcRef: + description: Reference field for VPCID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + type: object + type: array + name: + description: |- + The name of the security group. + + + Constraints: Up to 255 characters in length. Cannot start with sg-. + + + Constraints for EC2-Classic: ASCII characters + + + Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: '[EC2-VPC] The ID of the VPC. Required for EC2-VPC.' + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + required: + - description + - name + type: object + status: + description: SecurityGroupStatus defines the observed state of SecurityGroup + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + id: + description: The ID of the security group. + type: string + rules: + description: Information about security group rules. + items: + description: Describes a security group rule. + properties: + cidrIPv4: + type: string + cidrIPv6: + type: string + description: + type: string + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + isEgress: + type: boolean + prefixListID: + type: string + securityGroupRuleID: + type: string + tags: + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_subnets.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_subnets.yaml new file mode 100644 index 00000000000..955ab852974 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_subnets.yaml @@ -0,0 +1,317 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: subnets.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: Subnet + listKind: SubnetList + plural: subnets + singular: subnet + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.subnetID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Subnet is the Schema for the Subnets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + SubnetSpec defines the desired state of Subnet. + + + Describes a subnet. + properties: + assignIPv6AddressOnCreation: + type: boolean + availabilityZone: + description: |- + The Availability Zone or Local Zone for the subnet. + + + Default: Amazon Web Services selects one for you. If you create more than + one subnet in your VPC, we do not necessarily select a different zone for + each subnet. + + + To create a subnet in a Local Zone, set this value to the Local Zone ID, + for example us-west-2-lax-1a. For information about the Regions that support + Local Zones, see Available Regions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) + in the Amazon Elastic Compute Cloud User Guide. + + + To create a subnet in an Outpost, set this value to the Availability Zone + for the Outpost and specify the Outpost ARN. + type: string + availabilityZoneID: + description: The AZ ID or the Local Zone ID of the subnet. + type: string + cidrBlock: + description: |- + The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. + We modify the specified CIDR block to its canonical form; for example, if + you specify 100.68.0.18/18, we modify it to 100.68.0.0/18. + + + This parameter is not supported for an IPv6 only subnet. + type: string + customerOwnedIPv4Pool: + type: string + enableDNS64: + type: boolean + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + ipv6CIDRBlock: + description: |- + The IPv6 network range for the subnet, in CIDR notation. The subnet size + must use a /64 prefix length. + + + This parameter is required for an IPv6 only subnet. + type: string + ipv6Native: + description: Indicates whether to create an IPv6 only subnet. + type: boolean + mapPublicIPOnLaunch: + type: boolean + outpostARN: + description: |- + The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost + ARN, you must also specify the Availability Zone of the Outpost subnet. + type: string + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + routeTables: + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: SubnetStatus defines the observed state of Subnet + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + availableIPAddressCount: + description: |- + The number of unused private IPv4 addresses in the subnet. The IPv4 addresses + for any stopped instances are considered unavailable. + format: int64 + type: integer + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + defaultForAZ: + description: Indicates whether this is the default subnet for the + Availability Zone. + type: boolean + enableLniAtDeviceIndex: + description: |- + Indicates the device position for local network interfaces in this subnet. + For example, 1 indicates local network interfaces in this subnet are the + secondary network interface (eth1). + format: int64 + type: integer + ipv6CIDRBlockAssociationSet: + description: Information about the IPv6 CIDR blocks associated with + the subnet. + items: + description: Describes an association between a subnet and an IPv6 + CIDR block. + properties: + associationID: + type: string + ipv6CIDRBlock: + type: string + ipv6CIDRBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + type: object + type: array + mapCustomerOwnedIPOnLaunch: + description: |- + Indicates whether a network interface created in this subnet (including a + network interface created by RunInstances) receives a customer-owned IPv4 + address. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + subnet. + type: string + privateDNSNameOptionsOnLaunch: + description: |- + The type of hostnames to assign to instances in the subnet at launch. An + instance hostname is based on the IPv4 address or ID of the instance. + properties: + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + type: object + state: + description: The current state of the subnet. + type: string + subnetID: + description: The ID of the subnet. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_transitgateways.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_transitgateways.yaml new file mode 100644 index 00000000000..1fa67895985 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_transitgateways.yaml @@ -0,0 +1,187 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: transitgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: TransitGateway + listKind: TransitGatewayList + plural: transitgateways + singular: transitgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.transitGatewayID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TransitGateway is the Schema for the TransitGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + TransitGatewaySpec defines the desired state of TransitGateway. + + + Describes a transit gateway. + properties: + description: + description: A description of the transit gateway. + type: string + options: + description: The transit gateway options. + properties: + amazonSideASN: + format: int64 + type: integer + autoAcceptSharedAttachments: + type: string + defaultRouteTableAssociation: + type: string + defaultRouteTablePropagation: + type: string + dnsSupport: + type: string + multicastSupport: + type: string + transitGatewayCIDRBlocks: + items: + type: string + type: array + vpnECMPSupport: + type: string + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: TransitGatewayStatus defines the observed state of TransitGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTime: + description: The creation time. + format: date-time + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + transit gateway. + type: string + state: + description: The state of the transit gateway. + type: string + transitGatewayID: + description: The ID of the transit gateway. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcendpoints.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcendpoints.yaml new file mode 100644 index 00000000000..9b21629b51c --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcendpoints.yaml @@ -0,0 +1,348 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcendpoints.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCEndpoint + listKind: VPCEndpointList + plural: vpcendpoints + singular: vpcendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.vpcEndpointID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCEndpoint is the Schema for the VPCEndpoints API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcEndpointSpec defines the desired state of VpcEndpoint. + + + Describes a VPC endpoint. + properties: + dnsOptions: + description: The DNS options for the endpoint. + properties: + dnsRecordIPType: + type: string + type: object + ipAddressType: + description: The IP address type for the endpoint. + type: string + policyDocument: + description: |- + (Interface and gateway endpoints) A policy to attach to the endpoint that + controls access to the service. The policy must be in valid JSON format. + If this parameter is not specified, we attach a default policy that allows + full access to the service. + type: string + privateDNSEnabled: + description: |- + (Interface endpoint) Indicates whether to associate a private hosted zone + with the specified VPC. The private hosted zone contains a record set for + the default public DNS name for the service for the Region (for example, + kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses + of the endpoint network interfaces in the VPC. This enables you to make requests + to the default public DNS name for the service instead of the public DNS + names that are automatically generated by the VPC endpoint service. + + + To use a private hosted zone, you must set the following VPC attributes to + true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to + set the VPC attributes. + + + Default: true + type: boolean + routeTableIDs: + description: (Gateway endpoint) One or more route table IDs. + items: + type: string + type: array + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + securityGroupIDs: + description: |- + (Interface endpoint) The ID of one or more security groups to associate with + the endpoint network interface. + items: + type: string + type: array + securityGroupRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + serviceName: + description: |- + The service name. To get a list of available services, use the DescribeVpcEndpointServices + request, or get the name from the service provider. + type: string + subnetIDs: + description: |- + (Interface and Gateway Load Balancer endpoints) The ID of one or more subnets + in which to create an endpoint network interface. For a Gateway Load Balancer + endpoint, you can specify one subnet only. + items: + type: string + type: array + subnetRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcEndpointType: + description: |- + The type of endpoint. + + + Default: Gateway + type: string + vpcID: + description: The ID of the VPC in which the endpoint will be used. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + required: + - serviceName + type: object + status: + description: VPCEndpointStatus defines the observed state of VPCEndpoint + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTimestamp: + description: The date and time that the endpoint was created. + format: date-time + type: string + dnsEntries: + description: (Interface endpoint) The DNS entries for the endpoint. + items: + description: Describes a DNS entry. + properties: + dnsName: + type: string + hostedZoneID: + type: string + type: object + type: array + groups: + description: |- + (Interface endpoint) Information about the security groups that are associated + with the network interface. + items: + description: Describes a security group. + properties: + groupID: + type: string + groupName: + type: string + type: object + type: array + lastError: + description: The last error that occurred for endpoint. + properties: + code: + type: string + message: + type: string + type: object + networkInterfaceIDs: + description: (Interface endpoint) One or more network interfaces for + the endpoint. + items: + type: string + type: array + ownerID: + description: The ID of the Amazon Web Services account that owns the + endpoint. + type: string + requesterManaged: + description: Indicates whether the endpoint is being managed by its + service. + type: boolean + state: + description: The state of the endpoint. + type: string + vpcEndpointID: + description: The ID of the endpoint. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml new file mode 100644 index 00000000000..ab828ec115a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml @@ -0,0 +1,232 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcendpointserviceconfigurations.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCEndpointServiceConfiguration + listKind: VPCEndpointServiceConfigurationList + plural: vpcendpointserviceconfigurations + singular: vpcendpointserviceconfiguration + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.serviceID + name: ServiceID + type: string + - jsonPath: .status.serviceState + name: ServiceState + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCEndpointServiceConfiguration is the Schema for the VPCEndpointServiceConfigurations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VpcEndpointServiceConfigurationSpec defines the desired state + of VpcEndpointServiceConfiguration. + properties: + acceptanceRequired: + description: |- + Indicates whether requests from service consumers to create an endpoint to + your service must be accepted manually. + type: boolean + allowedPrincipals: + description: |- + The Amazon Resource Names (ARN) of one or more principals. Permissions are + granted to the principals in this list. To grant permissions to all principals, + specify an asterisk (*). + items: + type: string + type: array + gatewayLoadBalancerARNs: + description: The Amazon Resource Names (ARNs) of one or more Gateway + Load Balancers. + items: + type: string + type: array + networkLoadBalancerARNs: + description: |- + The Amazon Resource Names (ARNs) of one or more Network Load Balancers for + your service. + items: + type: string + type: array + privateDNSName: + description: |- + (Interface endpoint configuration) The private DNS name to assign to the + VPC endpoint service. + type: string + supportedIPAddressTypes: + description: The supported IP address types. The possible values are + ipv4 and ipv6. + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: VPCEndpointServiceConfigurationStatus defines the observed + state of VPCEndpointServiceConfiguration + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + availabilityZones: + description: The Availability Zones in which the service is available. + items: + type: string + type: array + baseEndpointDNSNames: + description: The DNS names for the service. + items: + type: string + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + managesVPCEndpoints: + description: |- + Indicates whether the service manages its VPC endpoints. Management of the + service VPC endpoints using the VPC endpoint API is restricted. + type: boolean + payerResponsibility: + description: The payer responsibility. + type: string + privateDNSNameConfiguration: + description: Information about the endpoint service private DNS name + configuration. + properties: + name: + type: string + state: + type: string + type_: + type: string + value: + type: string + type: object + serviceID: + description: The ID of the service. + type: string + serviceName: + description: The name of the service. + type: string + serviceState: + description: The service state. + type: string + serviceType: + description: The type of service. + items: + description: Describes the type of service for a VPC endpoint. + properties: + serviceType: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml new file mode 100644 index 00000000000..38a2f7517a4 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml @@ -0,0 +1,333 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcpeeringconnections.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCPeeringConnection + listKind: VPCPeeringConnectionList + plural: vpcpeeringconnections + singular: vpcpeeringconnection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCPeeringConnection is the Schema for the VPCPeeringConnections + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcPeeringConnectionSpec defines the desired state of VpcPeeringConnection. + + + Describes a VPC peering connection. + properties: + acceptRequest: + type: boolean + accepterPeeringConnectionOptions: + description: The VPC peering connection options for the accepter VPC. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + peerOwnerID: + description: |- + The Amazon Web Services account ID of the owner of the accepter VPC. + + + Default: Your Amazon Web Services account ID + type: string + peerRegion: + description: |- + The Region code for the accepter VPC, if the accepter VPC is located in a + Region other than the Region in which you make the request. + + + Default: The Region in which you make the request. + type: string + peerVPCID: + description: |- + The ID of the VPC with which you are creating the VPC peering connection. + You must specify this parameter in the request. + type: string + peerVPCRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + requesterPeeringConnectionOptions: + description: The VPC peering connection options for the requester + VPC. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the requester VPC. You must specify this parameter + in the request. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: VPCPeeringConnectionStatus defines the observed state of + VPCPeeringConnection + properties: + accepterVPCInfo: + description: |- + Information about the accepter VPC. CIDR block information is only returned + when describing an active VPC peering connection. + properties: + cidrBlock: + type: string + cidrBlockSet: + items: + description: Describes an IPv4 CIDR block. + properties: + cidrBlock: + type: string + type: object + type: array + ipv6CIDRBlockSet: + items: + description: Describes an IPv6 CIDR block. + properties: + ipv6CIDRBlock: + type: string + type: object + type: array + ownerID: + type: string + peeringOptions: + description: |- + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + + + Describes the VPC peering connection options. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + region: + type: string + vpcID: + type: string + type: object + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + expirationTime: + description: The time that an unaccepted VPC peering connection will + expire. + format: date-time + type: string + requesterVPCInfo: + description: |- + Information about the requester VPC. CIDR block information is only returned + when describing an active VPC peering connection. + properties: + cidrBlock: + type: string + cidrBlockSet: + items: + description: Describes an IPv4 CIDR block. + properties: + cidrBlock: + type: string + type: object + type: array + ipv6CIDRBlockSet: + items: + description: Describes an IPv6 CIDR block. + properties: + ipv6CIDRBlock: + type: string + type: object + type: array + ownerID: + type: string + peeringOptions: + description: |- + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + + + Describes the VPC peering connection options. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + region: + type: string + vpcID: + type: string + type: object + status: + description: The status of the VPC peering connection. + properties: + code: + type: string + message: + type: string + type: object + vpcPeeringConnectionID: + description: The ID of the VPC peering connection. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcs.yaml b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcs.yaml new file mode 100644 index 00000000000..70c81398a50 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/manifests/ec2.services.k8s.aws_vpcs.yaml @@ -0,0 +1,297 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcs.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPC + listKind: VPCList + plural: vpcs + singular: vpc + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.vpcID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPC is the Schema for the VPCS API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcSpec defines the desired state of Vpc. + + + Describes a VPC. + properties: + amazonProvidedIPv6CIDRBlock: + description: |- + Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for + the VPC. You cannot specify the range of IP addresses, or the size of the + CIDR block. + type: boolean + cidrBlocks: + items: + type: string + type: array + disallowSecurityGroupDefaultRules: + type: boolean + enableDNSHostnames: + description: The attribute value. The valid values are true or false. + type: boolean + enableDNSSupport: + description: The attribute value. The valid values are true or false. + type: boolean + instanceTenancy: + description: |- + The tenancy options for instances launched into the VPC. For default, instances + are launched with shared tenancy by default. You can launch instances with + any tenancy into a shared tenancy VPC. For dedicated, instances are launched + as dedicated tenancy instances by default. You can only launch instances + with a tenancy of dedicated or host into a dedicated tenancy VPC. + + + Important: The host value cannot be used with this parameter. Use the default + or dedicated values only. + + + Default: default + type: string + ipv4IPAMPoolID: + description: |- + The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. + For more information, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + type: string + ipv4NetmaskLength: + description: |- + The netmask length of the IPv4 CIDR you want to allocate to this VPC from + an Amazon VPC IP Address Manager (IPAM) pool. For more information about + IPAM, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + format: int64 + type: integer + ipv6CIDRBlock: + description: |- + The IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool + in the request. + + + To let Amazon choose the IPv6 CIDR block for you, omit this parameter. + type: string + ipv6CIDRBlockNetworkBorderGroup: + description: |- + The name of the location from which we advertise the IPV6 CIDR block. Use + this parameter to limit the address to this location. + + + You must set AmazonProvidedIpv6CidrBlock to true to use this parameter. + type: string + ipv6IPAMPoolID: + description: |- + The ID of an IPv6 IPAM pool which will be used to allocate this VPC an IPv6 + CIDR. IPAM is a VPC feature that you can use to automate your IP address + management workflows including assigning, tracking, troubleshooting, and + auditing IP addresses across Amazon Web Services Regions and accounts throughout + your Amazon Web Services Organization. For more information, see What is + IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + type: string + ipv6NetmaskLength: + description: |- + The netmask length of the IPv6 CIDR you want to allocate to this VPC from + an Amazon VPC IP Address Manager (IPAM) pool. For more information about + IPAM, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + format: int64 + type: integer + ipv6Pool: + description: The ID of an IPv6 address pool from which to allocate + the IPv6 CIDR block. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - cidrBlocks + type: object + status: + description: VPCStatus defines the observed state of VPC + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + cidrBlockAssociationSet: + description: Information about the IPv4 CIDR blocks associated with + the VPC. + items: + description: Describes an IPv4 CIDR block associated with a VPC. + properties: + associationID: + type: string + cidrBlock: + type: string + cidrBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + dhcpOptionsID: + description: The ID of the set of DHCP options you've associated with + the VPC. + type: string + ipv6CIDRBlockAssociationSet: + description: Information about the IPv6 CIDR blocks associated with + the VPC. + items: + description: Describes an IPv6 CIDR block associated with a VPC. + properties: + associationID: + type: string + ipv6CIDRBlock: + type: string + ipv6CIDRBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + ipv6Pool: + type: string + networkBorderGroup: + type: string + type: object + type: array + isDefault: + description: Indicates whether the VPC is the default VPC. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + VPC. + type: string + securityGroupDefaultRulesExist: + type: boolean + state: + description: The current state of the VPC. + type: string + vpcID: + description: The ID of the VPC. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.22/metadata/annotations.yaml b/operators/ack-ec2-controller/1.2.22/metadata/annotations.yaml new file mode 100644 index 00000000000..09db878affb --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-ec2-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-ec2-controller/1.2.22/tests/scorecard/config.yaml b/operators/ack-ec2-controller/1.2.22/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.22/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/ack-ec2-controller/1.2.23/bundle.Dockerfile b/operators/ack-ec2-controller/1.2.23/bundle.Dockerfile new file mode 100644 index 00000000000..50ccfac3d94 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-ec2-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-controller.clusterserviceversion.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..f1f8fc016a5 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-controller.clusterserviceversion.yaml @@ -0,0 +1,724 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "DHCPOptions", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "ElasticIPAddress", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "Instance", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "InternetGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "NATGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "RouteTable", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "SecurityGroup", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "Subnet", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "TransitGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "VPC", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "VPCEndpoint", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/ec2-controller:1.2.23 + createdAt: "2024-09-17T22:59:55Z" + description: AWS EC2 controller is a service controller for managing EC2 resources + in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-ec2-controller.v1.2.23 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: DHCPOptions represents the state of an AWS ec2 DHCPOptions resource. + displayName: DHCPOptions + kind: DHCPOptions + name: dhcpoptions.ec2.services.k8s.aws + version: v1alpha1 + - description: ElasticIPAddress represents the state of an AWS ec2 ElasticIPAddress + resource. + displayName: ElasticIPAddress + kind: ElasticIPAddress + name: elasticipaddresses.ec2.services.k8s.aws + version: v1alpha1 + - description: FlowLog represents the state of an AWS ec2 FlowLog resource. + displayName: FlowLog + kind: FlowLog + name: flowlogs.ec2.services.k8s.aws + version: v1alpha1 + - description: Instance represents the state of an AWS ec2 Instance resource. + displayName: Instance + kind: Instance + name: instances.ec2.services.k8s.aws + version: v1alpha1 + - description: InternetGateway represents the state of an AWS ec2 InternetGateway + resource. + displayName: InternetGateway + kind: InternetGateway + name: internetgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: NATGateway represents the state of an AWS ec2 NATGateway resource. + displayName: NATGateway + kind: NATGateway + name: natgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: NetworkACL represents the state of an AWS ec2 NetworkACL resource. + displayName: NetworkACL + kind: NetworkACL + name: networkacls.ec2.services.k8s.aws + version: v1alpha1 + - description: RouteTable represents the state of an AWS ec2 RouteTable resource. + displayName: RouteTable + kind: RouteTable + name: routetables.ec2.services.k8s.aws + version: v1alpha1 + - description: SecurityGroup represents the state of an AWS ec2 SecurityGroup + resource. + displayName: SecurityGroup + kind: SecurityGroup + name: securitygroups.ec2.services.k8s.aws + version: v1alpha1 + - description: Subnet represents the state of an AWS ec2 Subnet resource. + displayName: Subnet + kind: Subnet + name: subnets.ec2.services.k8s.aws + version: v1alpha1 + - description: TransitGateway represents the state of an AWS ec2 TransitGateway + resource. + displayName: TransitGateway + kind: TransitGateway + name: transitgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCEndpoint represents the state of an AWS ec2 VPCEndpoint resource. + displayName: VPCEndpoint + kind: VPCEndpoint + name: vpcendpoints.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCEndpointServiceConfiguration represents the state of an AWS + ec2 VPCEndpointServiceConfiguration resource. + displayName: VPCEndpointServiceConfiguration + kind: VPCEndpointServiceConfiguration + name: vpcendpointserviceconfigurations.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCPeeringConnection represents the state of an AWS ec2 VPCPeeringConnection + resource. + displayName: VPCPeeringConnection + kind: VPCPeeringConnection + name: vpcpeeringconnections.ec2.services.k8s.aws + version: v1alpha1 + - description: VPC represents the state of an AWS ec2 VPC resource. + displayName: VPC + kind: VPC + name: vpcs.ec2.services.k8s.aws + version: v1alpha1 + description: |- + Manage Elastic Compute Cloud (EC2) resources in AWS from within your Kubernetes cluster. + + **About Amazon EC2** + + Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic. + + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. + + **Pre-Installation Steps** + + Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) + displayName: AWS Controllers for Kubernetes - Amazon EC2 + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - elasticipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - elasticipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - flowlogs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - flowlogs/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - instances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - instances/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - internetgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - internetgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - natgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - networkacls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - networkacls/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - routetables/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - subnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - subnets/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - transitgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - transitgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpoints/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpointserviceconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpointserviceconfigurations/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcpeeringconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcpeeringconnections/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcs/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + verbs: + - get + - patch + - update + serviceAccountName: ack-ec2-controller + deployments: + - label: + app.kubernetes.io/name: ack-ec2-controller + app.kubernetes.io/part-of: ack-system + name: ack-ec2-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-ec2-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-ec2-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-ec2-user-config + optional: false + - secretRef: + name: ack-ec2-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/ec2-controller:1.2.23 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-ec2-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-ec2-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - ec2 + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon EC2 Developer Resources + url: https://aws.amazon.com/ec2/resources/ + maintainers: + - email: ack-maintainers@amazon.com + name: ec2 maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 1.2.23 diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-metrics-service_v1_service.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..535fe868fdc --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-ec2-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-ec2-controller + type: NodePort +status: + loadBalancer: {} diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..3c9b1f90003 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-ec2-reader +rules: +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - get + - list + - watch diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..d331061459e --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-ec2-writer +rules: +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - get + - patch + - update diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_dhcpoptions.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_dhcpoptions.yaml new file mode 100644 index 00000000000..4c9ac493224 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_dhcpoptions.yaml @@ -0,0 +1,188 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: dhcpoptions.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: DHCPOptions + listKind: DHCPOptionsList + plural: dhcpoptions + singular: dhcpoptions + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.dhcpOptionsID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DHCPOptions is the Schema for the DHCPOptions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DhcpOptionsSpec defines the desired state of DhcpOptions. + + + Describes a set of DHCP options. + properties: + dhcpConfigurations: + description: A DHCP configuration option. + items: + properties: + key: + type: string + values: + items: + type: string + type: array + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpc: + items: + type: string + type: array + vpcRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + required: + - dhcpConfigurations + type: object + status: + description: DHCPOptionsStatus defines the observed state of DHCPOptions + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + dhcpOptionsID: + description: The ID of the set of DHCP options. + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + DHCP options set. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml new file mode 100644 index 00000000000..71bb94438eb --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml @@ -0,0 +1,191 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: elasticipaddresses.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: ElasticIPAddress + listKind: ElasticIPAddressList + plural: elasticipaddresses + singular: elasticipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.allocationID + name: ALLOCATION-ID + type: string + - jsonPath: .status.publicIP + name: PUBLIC-IP + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ElasticIPAddress is the Schema for the ElasticIPAddresses API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ElasticIPAddressSpec defines the desired state of ElasticIPAddress. + properties: + address: + description: |- + [EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address + pool. + type: string + customerOwnedIPv4Pool: + description: |- + The ID of a customer-owned address pool. Use this parameter to let Amazon + EC2 select an address from the address pool. Alternatively, specify a specific + address from the address pool. + type: string + networkBorderGroup: + description: |- + A unique set of Availability Zones, Local Zones, or Wavelength Zones from + which Amazon Web Services advertises IP addresses. Use this parameter to + limit the IP address to this location. IP addresses cannot move between network + border groups. + + + Use DescribeAvailabilityZones (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) + to view the network border groups. + + + You cannot use a network border group with EC2 Classic. If you attempt this + operation on EC2 Classic, you receive an InvalidParameterCombination error. + type: string + publicIPv4Pool: + description: |- + The ID of an address pool that you own. Use this parameter to let Amazon + EC2 select an address from the address pool. To specify a specific address + from the address pool, use the Address parameter instead. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: ElasticIPAddressStatus defines the observed state of ElasticIPAddress + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + allocationID: + description: |- + [EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation + of the Elastic IP address for use with instances in a VPC. + type: string + carrierIP: + description: |- + The carrier IP address. This option is only available for network interfaces + which reside in a subnet in a Wavelength Zone (for example an EC2 instance). + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + customerOwnedIP: + description: The customer-owned IP address. + type: string + publicIP: + description: The Elastic IP address. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_flowlogs.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_flowlogs.yaml new file mode 100644 index 00000000000..2291baa4a02 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_flowlogs.yaml @@ -0,0 +1,272 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: flowlogs.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: FlowLog + listKind: FlowLogList + plural: flowlogs + singular: flowlog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FlowLog is the Schema for the FlowLogs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + FlowLogSpec defines the desired state of FlowLog. + + + Describes a flow log. + properties: + deliverLogsPermissionARN: + description: |- + The ARN for the IAM role that permits Amazon EC2 to publish flow logs to + a CloudWatch Logs log group in your account. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + type: string + destinationOptions: + description: The destination options. + properties: + fileFormat: + type: string + hiveCompatiblePartitions: + type: boolean + perHourPartition: + type: boolean + type: object + logDestination: + description: |- + The destination to which the flow log data is to be published. Flow log data + can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The + value specified for this parameter depends on the value specified for LogDestinationType. + + + If LogDestinationType is not specified or cloud-watch-logs, specify the Amazon + Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish + to a log group called my-logs, specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs. + Alternatively, use LogGroupName instead. + + + If LogDestinationType is s3, specify the ARN of the Amazon S3 bucket. You + can also specify a subfolder in the bucket. To specify a subfolder in the + bucket, use the following ARN format: bucket_ARN/subfolder_name/. For example, + to specify a subfolder named my-logs in a bucket named my-bucket, use the + following ARN: arn:aws:s3:::my-bucket/my-logs/. You cannot use AWSLogs as + a subfolder name. This is a reserved term. + type: string + logDestinationType: + description: |- + The type of destination to which the flow log data is to be published. Flow + log data can be published to CloudWatch Logs or Amazon S3. To publish flow + log data to CloudWatch Logs, specify cloud-watch-logs. To publish flow log + data to Amazon S3, specify s3. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + + + Default: cloud-watch-logs + type: string + logFormat: + description: |- + The fields to include in the flow log record, in the order in which they + should appear. For a list of available fields, see Flow log records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records). + If you omit this parameter, the flow log is created using the default format. + If you specify this parameter, you must specify at least one field. + + + Specify the fields using the ${field-id} format, separated by spaces. For + the CLI, surround this parameter value with single quotes on Linux or double + quotes on Windows. + type: string + logGroupName: + description: |- + The name of a new or existing CloudWatch Logs log group where Amazon EC2 + publishes your flow logs. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + type: string + maxAggregationInterval: + description: |- + The maximum interval of time during which a flow of packets is captured and + aggregated into a flow log record. You can specify 60 seconds (1 minute) + or 600 seconds (10 minutes). + + + When a network interface is attached to a Nitro-based instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances), + the aggregation interval is always 60 seconds or less, regardless of the + value that you specify. + + + Default: 600 + format: int64 + type: integer + resourceID: + type: string + resourceType: + description: |- + The type of resource for which to create the flow log. For example, if you + specified a VPC ID for the ResourceId property, specify VPC for this property. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + trafficType: + description: |- + The type of traffic to log. You can log traffic that the resource accepts + or rejects, or all traffic. + type: string + required: + - resourceID + - resourceType + type: object + status: + description: FlowLogStatus defines the observed state of FlowLog + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + clientToken: + description: |- + Unique, case-sensitive identifier that you provide to ensure the idempotency + of the request. + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + flowLogID: + type: string + unsuccessful: + description: Information about the flow logs that could not be created + successfully. + items: + description: Information about items that were not successfully + processed in a batch call. + properties: + error: + description: |- + Information about the error that occurred. For more information about errors, + see Error codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). + properties: + code: + type: string + message: + type: string + type: object + resourceID: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_instances.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_instances.yaml new file mode 100644 index 00000000000..e5893051e9a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_instances.yaml @@ -0,0 +1,885 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: instances.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: Instance + listKind: InstanceList + plural: instances + singular: instance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.instanceID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Instance is the Schema for the Instances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + InstanceSpec defines the desired state of Instance. + + + Describes an instance. + properties: + blockDeviceMappings: + description: |- + The block device mapping, which defines the EBS volumes and instance store + volumes to attach to the instance at launch. For more information, see Block + device mappings (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) + in the Amazon EC2 User Guide. + items: + description: |- + Describes a block device mapping, which defines the EBS volumes and instance + store volumes to attach to an instance at launch. + properties: + deviceName: + type: string + ebs: + description: Describes a block device for an EBS volume. + properties: + deleteOnTermination: + type: boolean + encrypted: + type: boolean + iops: + format: int64 + type: integer + kmsKeyID: + type: string + outpostARN: + type: string + snapshotID: + type: string + throughput: + format: int64 + type: integer + volumeSize: + format: int64 + type: integer + volumeType: + type: string + type: object + noDevice: + type: string + virtualName: + type: string + type: object + type: array + capacityReservationSpecification: + description: |- + Information about the Capacity Reservation targeting option. If you do not + specify this parameter, the instance's Capacity Reservation preference defaults + to open, which enables it to run in any open Capacity Reservation that has + matching attributes (instance type, platform, Availability Zone). + properties: + capacityReservationPreference: + type: string + capacityReservationTarget: + description: Describes a target Capacity Reservation or Capacity + Reservation group. + properties: + capacityReservationID: + type: string + capacityReservationResourceGroupARN: + type: string + type: object + type: object + cpuOptions: + description: |- + The CPU options for the instance. For more information, see Optimize CPU + options (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) + in the Amazon EC2 User Guide. + properties: + coreCount: + format: int64 + type: integer + threadsPerCore: + format: int64 + type: integer + type: object + creditSpecification: + description: |- + The credit option for CPU usage of the burstable performance instance. Valid + values are standard and unlimited. To change this attribute after launch, + use ModifyInstanceCreditSpecification (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html). + For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) + in the Amazon EC2 User Guide. + + + Default: standard (T2 instances) or unlimited (T3/T3a/T4g instances) + + + For T3 instances with host tenancy, only standard is supported. + properties: + cpuCredits: + type: string + type: object + disableAPIStop: + description: |- + Indicates whether an instance is enabled for stop protection. For more information, + see Stop protection (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection). + type: boolean + disableAPITermination: + description: |- + If you set this parameter to true, you can't terminate the instance using + the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute + after launch, use ModifyInstanceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). + Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, + you can terminate the instance by running the shutdown command from the instance. + + + Default: false + type: boolean + ebsOptimized: + description: |- + Indicates whether the instance is optimized for Amazon EBS I/O. This optimization + provides dedicated throughput to Amazon EBS and an optimized configuration + stack to provide optimal Amazon EBS I/O performance. This optimization isn't + available with all instance types. Additional usage charges apply when using + an EBS-optimized instance. + + + Default: false + type: boolean + elasticGPUSpecification: + description: |- + An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource + that you can attach to your Windows instance to accelerate the graphics performance + of your applications. For more information, see Amazon EC2 Elastic GPUs (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html) + in the Amazon EC2 User Guide. + items: + description: A specification for an Elastic Graphics accelerator. + properties: + type_: + type: string + type: object + type: array + elasticInferenceAccelerators: + description: |- + An elastic inference accelerator to associate with the instance. Elastic + inference accelerators are a resource you can attach to your Amazon EC2 instances + to accelerate your Deep Learning (DL) inference workloads. + + + You cannot specify accelerators from different generations in the same request. + items: + description: Describes an elastic inference accelerator. + properties: + count: + format: int64 + type: integer + type_: + type: string + type: object + type: array + enclaveOptions: + description: |- + Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) + in the Amazon Web Services Nitro Enclaves User Guide. + + + You can't enable Amazon Web Services Nitro Enclaves and hibernation on the + same instance. + properties: + enabled: + type: boolean + type: object + hibernationOptions: + description: |- + Indicates whether an instance is enabled for hibernation. For more information, + see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) + in the Amazon EC2 User Guide. + + + You can't enable hibernation and Amazon Web Services Nitro Enclaves on the + same instance. + properties: + configured: + type: boolean + type: object + iamInstanceProfile: + description: The name or Amazon Resource Name (ARN) of an IAM instance + profile. + properties: + arn: + type: string + name: + type: string + type: object + imageID: + description: |- + The ID of the AMI. An AMI ID is required to launch an instance and must be + specified here or in a launch template. + type: string + instanceInitiatedShutdownBehavior: + description: |- + Indicates whether an instance stops or terminates when you initiate shutdown + from the instance (using the operating system command for system shutdown). + + + Default: stop + type: string + instanceMarketOptions: + description: |- + The market (purchasing) option for the instances. + + + For RunInstances, persistent Spot Instance requests are only supported when + InstanceInterruptionBehavior is set to either hibernate or stop. + properties: + marketType: + type: string + spotOptions: + description: The options for Spot Instances. + properties: + blockDurationMinutes: + format: int64 + type: integer + instanceInterruptionBehavior: + type: string + maxPrice: + type: string + spotInstanceType: + type: string + validUntil: + format: date-time + type: string + type: object + type: object + instanceType: + description: |- + The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + in the Amazon EC2 User Guide. + + + Default: m1.small + type: string + ipv6AddressCount: + description: |- + [EC2-VPC] The number of IPv6 addresses to associate with the primary network + interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. + You cannot specify this option and the option to assign specific IPv6 addresses + in the same request. You can specify this option if you've specified a minimum + number of instances to launch. + + + You cannot specify this option and the network interfaces option in the same + request. + format: int64 + type: integer + ipv6Addresses: + description: |- + [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with + the primary network interface. You cannot specify this option and the option + to assign a number of IPv6 addresses in the same request. You cannot specify + this option if you've specified a minimum number of instances to launch. + + + You cannot specify this option and the network interfaces option in the same + request. + items: + description: Describes an IPv6 address. + properties: + ipv6Address: + type: string + type: object + type: array + kernelID: + description: |- + The ID of the kernel. + + + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more + information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + in the Amazon EC2 User Guide. + type: string + keyName: + description: |- + The name of the key pair. You can create a key pair using CreateKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html) + or ImportKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html). + + + If you do not specify a key pair, you can't connect to the instance unless + you choose an AMI that is configured to allow users another way to log in. + type: string + launchTemplate: + description: |- + The launch template to use to launch the instances. Any parameters that you + specify in RunInstances override the same parameters in the launch template. + You can specify either the name or ID of a launch template, but not both. + properties: + launchTemplateID: + type: string + launchTemplateName: + type: string + version: + type: string + type: object + licenseSpecifications: + description: The license configurations. + items: + description: Describes a license configuration. + properties: + licenseConfigurationARN: + type: string + type: object + type: array + maintenanceOptions: + description: The maintenance and recovery options for the instance. + properties: + autoRecovery: + type: string + type: object + maxCount: + description: |- + The maximum number of instances to launch. If you specify more instances + than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches + the largest possible number of instances above MinCount. + + + Constraints: Between 1 and the maximum number you're allowed for the specified + instance type. For more information about the default limits, and how to + request an increase, see How many instances can I run in Amazon EC2 (http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2) + in the Amazon EC2 FAQ. + format: int64 + type: integer + metadataOptions: + description: |- + The metadata options for the instance. For more information, see Instance + metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). + properties: + httpEndpoint: + type: string + httpProtocolIPv6: + type: string + httpPutResponseHopLimit: + format: int64 + type: integer + httpTokens: + type: string + instanceMetadataTags: + type: string + type: object + minCount: + description: |- + The minimum number of instances to launch. If you specify a minimum that + is more instances than Amazon EC2 can launch in the target Availability Zone, + Amazon EC2 launches no instances. + + + Constraints: Between 1 and the maximum number you're allowed for the specified + instance type. For more information about the default limits, and how to + request an increase, see How many instances can I run in Amazon EC2 (http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2) + in the Amazon EC2 General FAQ. + format: int64 + type: integer + monitoring: + description: Specifies whether detailed monitoring is enabled for + the instance. + properties: + enabled: + type: boolean + type: object + networkInterfaces: + description: |- + The network interfaces to associate with the instance. If you specify a network + interface, you must specify any security groups and subnets as part of the + network interface. + items: + description: Describes a network interface. + properties: + associateCarrierIPAddress: + type: boolean + associatePublicIPAddress: + type: boolean + deleteOnTermination: + type: boolean + description: + type: string + deviceIndex: + format: int64 + type: integer + interfaceType: + type: string + ipv4PrefixCount: + format: int64 + type: integer + ipv4Prefixes: + items: + description: Describes the IPv4 prefix option for a network + interface. + properties: + ipv4Prefix: + type: string + type: object + type: array + ipv6AddressCount: + format: int64 + type: integer + ipv6Addresses: + items: + description: Describes an IPv6 address. + properties: + ipv6Address: + type: string + type: object + type: array + ipv6PrefixCount: + format: int64 + type: integer + ipv6Prefixes: + items: + description: Describes the IPv4 prefix option for a network + interface. + properties: + ipv6Prefix: + type: string + type: object + type: array + networkCardIndex: + format: int64 + type: integer + networkInterfaceID: + type: string + privateIPAddress: + type: string + privateIPAddresses: + items: + description: Describes a secondary private IPv4 address for + a network interface. + properties: + primary: + type: boolean + privateIPAddress: + type: string + type: object + type: array + secondaryPrivateIPAddressCount: + format: int64 + type: integer + subnetID: + type: string + type: object + type: array + placement: + description: The placement for the instance. + properties: + affinity: + type: string + availabilityZone: + type: string + groupName: + type: string + hostID: + type: string + hostResourceGroupARN: + type: string + partitionNumber: + format: int64 + type: integer + spreadDomain: + type: string + tenancy: + type: string + type: object + privateDNSNameOptions: + description: |- + The options for the instance hostname. The default values are inherited from + the subnet. + properties: + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + type: object + privateIPAddress: + description: |- + [EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 + address range of the subnet. + + + Only one private IP address can be designated as primary. You can't specify + this option if you've specified the option to designate a private IP address + as the primary IP address in a network interface specification. You cannot + specify this option if you're launching more than one instance in the request. + + + You cannot specify this option and the network interfaces option in the same + request. + type: string + ramDiskID: + description: |- + The ID of the RAM disk to select. Some kernels require additional drivers + at launch. Check the kernel requirements for information about whether you + need to specify a RAM disk. To find kernel requirements, go to the Amazon + Web Services Resource Center and search for the kernel ID. + + + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more + information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + in the Amazon EC2 User Guide. + type: string + securityGroupIDs: + description: |- + The IDs of the security groups. You can create a security group using CreateSecurityGroup + (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html). + + + If you specify a network interface, you must specify any security groups + as part of the network interface. + items: + type: string + type: array + securityGroups: + description: |- + [EC2-Classic, default VPC] The names of the security groups. For a nondefault + VPC, you must use security group IDs instead. + + + If you specify a network interface, you must specify any security groups + as part of the network interface. + + + Default: Amazon EC2 uses the default security group. + items: + type: string + type: array + subnetID: + description: |- + [EC2-VPC] The ID of the subnet to launch the instance into. + + + If you specify a network interface, you must specify any subnets as part + of the network interface. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + userData: + description: |- + The user data script to make available to the instance. For more information, + see Run commands on your Linux instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) + and Run commands on your Windows instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html). + If you are using a command line tool, base64-encoding is performed for you, + and you can load the text from a file. Otherwise, you must provide base64-encoded + text. User data is limited to 16 KB. + type: string + type: object + status: + description: InstanceStatus defines the observed state of Instance + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + amiLaunchIndex: + description: |- + The AMI launch index, which can be used to find this instance in the launch + group. + format: int64 + type: integer + architecture: + description: The architecture of the image. + type: string + bootMode: + description: |- + The boot mode of the instance. For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) + in the Amazon EC2 User Guide. + type: string + capacityReservationID: + description: The ID of the Capacity Reservation. + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + elasticGPUAssociations: + description: The Elastic GPU associated with the instance. + items: + description: Describes the association between an instance and an + Elastic Graphics accelerator. + properties: + elasticGPUAssociationID: + type: string + elasticGPUAssociationState: + type: string + elasticGPUAssociationTime: + type: string + elasticGPUID: + type: string + type: object + type: array + elasticInferenceAcceleratorAssociations: + description: The elastic inference accelerator associated with the + instance. + items: + description: Describes the association between an instance and an + elastic inference accelerator. + properties: + elasticInferenceAcceleratorARN: + type: string + elasticInferenceAcceleratorAssociationID: + type: string + elasticInferenceAcceleratorAssociationState: + type: string + elasticInferenceAcceleratorAssociationTime: + format: date-time + type: string + type: object + type: array + enaSupport: + description: Specifies whether enhanced networking with ENA is enabled. + type: boolean + hypervisor: + description: |- + The hypervisor type of the instance. The value xen is used for both Xen and + Nitro hypervisors. + type: string + instanceID: + description: The ID of the instance. + type: string + instanceLifecycle: + description: Indicates whether this is a Spot Instance or a Scheduled + Instance. + type: string + ipv6Address: + description: The IPv6 address assigned to the instance. + type: string + launchTime: + description: The time the instance was launched. + format: date-time + type: string + licenses: + description: The license configurations for the instance. + items: + description: Describes a license configuration. + properties: + licenseConfigurationARN: + type: string + type: object + type: array + outpostARN: + description: The Amazon Resource Name (ARN) of the Outpost. + type: string + platform: + description: The value is Windows for Windows instances; otherwise + blank. + type: string + platformDetails: + description: |- + The platform details value for the instance. For more information, see AMI + billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + in the Amazon EC2 User Guide. + type: string + privateDNSName: + description: |- + (IPv4 only) The private DNS hostname name assigned to the instance. This + DNS hostname can only be used inside the Amazon EC2 network. This name is + not available until the instance enters the running state. + + + [EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private + DNS hostnames if you've enabled DNS resolution and DNS hostnames in your + VPC. If you are not using the Amazon-provided DNS server in your VPC, your + custom domain name servers must resolve the hostname as appropriate. + type: string + productCodes: + description: The product codes attached to this instance, if applicable. + items: + description: Describes a product code. + properties: + productCodeID: + type: string + productCodeType: + type: string + type: object + type: array + publicDNSName: + description: |- + (IPv4 only) The public DNS name assigned to the instance. This name is not + available until the instance enters the running state. For EC2-VPC, this + name is only available if you've enabled DNS hostnames for your VPC. + type: string + publicIPAddress: + description: |- + The public IPv4 address, or the Carrier IP address assigned to the instance, + if applicable. + + + A Carrier IP address only applies to an instance launched in a subnet associated + with a Wavelength Zone. + type: string + rootDeviceName: + description: The device name of the root device volume (for example, + /dev/sda1). + type: string + rootDeviceType: + description: |- + The root device type used by the AMI. The AMI can use an EBS volume or an + instance store volume. + type: string + sourceDestCheck: + description: Indicates whether source/destination checking is enabled. + type: boolean + spotInstanceRequestID: + description: If the request is a Spot Instance request, the ID of + the request. + type: string + sriovNetSupport: + description: |- + Specifies whether enhanced networking with the Intel 82599 Virtual Function + interface is enabled. + type: string + state: + description: The current state of the instance. + properties: + code: + format: int64 + type: integer + name: + type: string + type: object + stateReason: + description: The reason for the most recent state transition. + properties: + code: + type: string + message: + type: string + type: object + stateTransitionReason: + description: The reason for the most recent state transition. This + might be an empty string. + type: string + tpmSupport: + description: |- + If the instance is configured for NitroTPM support, the value is v2.0. For + more information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) + in the Amazon EC2 User Guide. + type: string + usageOperation: + description: |- + The usage operation value for the instance. For more information, see AMI + billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + in the Amazon EC2 User Guide. + type: string + usageOperationUpdateTime: + description: The time that the usage operation was last updated. + format: date-time + type: string + virtualizationType: + description: The virtualization type of the instance. + type: string + vpcID: + description: '[EC2-VPC] The ID of the VPC in which the instance is + running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_internetgateways.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_internetgateways.yaml new file mode 100644 index 00000000000..60ef4b70e54 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_internetgateways.yaml @@ -0,0 +1,207 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: internetgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: InternetGateway + listKind: InternetGatewayList + plural: internetgateways + singular: internetgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.internetGatewayID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: InternetGateway is the Schema for the InternetGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + InternetGatewaySpec defines the desired state of InternetGateway. + + + Describes an internet gateway. + properties: + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + routeTables: + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpc: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: InternetGatewayStatus defines the observed state of InternetGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + attachments: + description: Any VPCs attached to the internet gateway. + items: + description: |- + Describes the attachment of a VPC to an internet gateway or an egress-only + internet gateway. + properties: + state: + type: string + vpcID: + type: string + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + internetGatewayID: + description: The ID of the internet gateway. + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + internet gateway. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_natgateways.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_natgateways.yaml new file mode 100644 index 00000000000..30519b24f70 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_natgateways.yaml @@ -0,0 +1,307 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: natgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: NATGateway + listKind: NATGatewayList + plural: natgateways + singular: natgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.natGatewayID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NATGateway is the Schema for the NATGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NatGatewaySpec defines the desired state of NatGateway. + + + Describes a NAT gateway. + properties: + allocationID: + description: |- + [Public NAT gateways only] The allocation ID of an Elastic IP address to + associate with the NAT gateway. You cannot specify an Elastic IP address + with a private NAT gateway. If the Elastic IP address is associated with + another resource, you must first disassociate it. + type: string + allocationRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + connectivityType: + description: |- + Indicates whether the NAT gateway supports public or private connectivity. + The default is public connectivity. + type: string + subnetID: + description: The subnet in which to create the NAT gateway. + type: string + subnetRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: NATGatewayStatus defines the observed state of NATGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + createTime: + description: The date and time the NAT gateway was created. + format: date-time + type: string + deleteTime: + description: The date and time the NAT gateway was deleted, if applicable. + format: date-time + type: string + failureCode: + description: |- + If the NAT gateway could not be created, specifies the error code for the + failure. (InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound + | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound) + type: string + failureMessage: + description: |- + If the NAT gateway could not be created, specifies the error message for + the failure, that corresponds to the error code. + + + * For InsufficientFreeAddressesInSubnet: "Subnet has insufficient free + addresses to create this NAT gateway" + + + * For Gateway.NotAttached: "Network vpc-xxxxxxxx has no Internet gateway + attached" + + + * For InvalidAllocationID.NotFound: "Elastic IP address eipalloc-xxxxxxxx + could not be associated with this NAT gateway" + + + * For Resource.AlreadyAssociated: "Elastic IP address eipalloc-xxxxxxxx + is already associated" + + + * For InternalError: "Network interface eni-xxxxxxxx, created and used + internally by this NAT gateway is in an invalid state. Please try again." + + + * For InvalidSubnetID.NotFound: "The specified subnet subnet-xxxxxxxx + does not exist or could not be found." + type: string + natGatewayAddresses: + description: |- + Information about the IP addresses and network interface associated with + the NAT gateway. + items: + description: Describes the IP addresses and network interface associated + with a NAT gateway. + properties: + allocationID: + type: string + networkInterfaceID: + type: string + privateIP: + type: string + publicIP: + type: string + type: object + type: array + natGatewayID: + description: The ID of the NAT gateway. + type: string + provisionedBandwidth: + description: |- + Reserved. If you need to sustain traffic greater than the documented limits + (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), + contact us through the Support Center (https://console.aws.amazon.com/support/home?). + properties: + provisionTime: + format: date-time + type: string + provisioned: + type: string + requestTime: + format: date-time + type: string + requested: + type: string + status: + type: string + type: object + state: + description: |- + The state of the NAT gateway. + + + * pending: The NAT gateway is being created and is not ready to process + traffic. + + + * failed: The NAT gateway could not be created. Check the failureCode + and failureMessage fields for the reason. + + + * available: The NAT gateway is able to process traffic. This status remains + until you delete the NAT gateway, and does not indicate the health of + the NAT gateway. + + + * deleting: The NAT gateway is in the process of being terminated and + may still be processing traffic. + + + * deleted: The NAT gateway has been terminated and is no longer processing + traffic. + type: string + vpcID: + description: The ID of the VPC in which the NAT gateway is located. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_networkacls.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_networkacls.yaml new file mode 100644 index 00000000000..313890903a0 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_networkacls.yaml @@ -0,0 +1,241 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: networkacls.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: NetworkACL + listKind: NetworkACLList + plural: networkacls + singular: networkacl + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkACL is the Schema for the NetworkACLS API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NetworkAclSpec defines the desired state of NetworkAcl. + + + Describes a network ACL. + properties: + associations: + items: + description: Describes an association between a network ACL and + a subnet. + properties: + networkACLAssociationID: + type: string + networkACLID: + type: string + subnetID: + type: string + subnetRef: + description: Reference field for SubnetID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + entries: + items: + description: Describes an entry in a network ACL. + properties: + cidrBlock: + type: string + egress: + type: boolean + icmpTypeCode: + description: Describes the ICMP type and code. + properties: + code: + format: int64 + type: integer + type_: + format: int64 + type: integer + type: object + ipv6CIDRBlock: + type: string + portRange: + description: Describes a range of ports. + properties: + from: + format: int64 + type: integer + to: + format: int64 + type: integer + type: object + protocol: + type: string + ruleAction: + type: string + ruleNumber: + format: int64 + type: integer + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: NetworkACLStatus defines the observed state of NetworkACL + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + id: + description: The ID of the network ACL. + type: string + isDefault: + description: Indicates whether this is the default network ACL for + the VPC. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + network ACL. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_routetables.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_routetables.yaml new file mode 100644 index 00000000000..a05a44bdd8e --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_routetables.yaml @@ -0,0 +1,351 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: routetables.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: RouteTable + listKind: RouteTableList + plural: routetables + singular: routetable + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.routeTableID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: RouteTable is the Schema for the RouteTables API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + RouteTableSpec defines the desired state of RouteTable. + + + Describes a route table. + properties: + routes: + items: + properties: + carrierGatewayID: + type: string + coreNetworkARN: + type: string + destinationCIDRBlock: + type: string + destinationIPv6CIDRBlock: + type: string + destinationPrefixListID: + type: string + egressOnlyInternetGatewayID: + type: string + gatewayID: + type: string + gatewayRef: + description: Reference field for GatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + instanceID: + type: string + localGatewayID: + type: string + natGatewayID: + type: string + natGatewayRef: + description: Reference field for NATGatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + networkInterfaceID: + type: string + transitGatewayID: + type: string + transitGatewayRef: + description: Reference field for TransitGatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + vpcEndpointID: + type: string + vpcEndpointRef: + description: Reference field for VPCEndpointID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + vpcPeeringConnectionID: + type: string + vpcPeeringConnectionRef: + description: Reference field for VPCPeeringConnectionID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: RouteTableStatus defines the observed state of RouteTable + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + associations: + description: The associations between the route table and one or more + subnets or a gateway. + items: + description: Describes an association between a route table and + a subnet or gateway. + properties: + associationState: + description: |- + Describes the state of an association between a route table and a subnet + or gateway. + properties: + state: + type: string + statusMessage: + type: string + type: object + gatewayID: + type: string + main: + type: boolean + routeTableAssociationID: + type: string + routeTableID: + type: string + subnetID: + type: string + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + ownerID: + description: The ID of the Amazon Web Services account that owns the + route table. + type: string + propagatingVGWs: + description: Any virtual private gateway (VGW) propagating routes. + items: + description: Describes a virtual private gateway propagating route. + properties: + gatewayID: + type: string + type: object + type: array + routeStatuses: + description: The routes in the route table. + items: + description: Describes a route in a route table. + properties: + carrierGatewayID: + type: string + coreNetworkARN: + type: string + destinationCIDRBlock: + type: string + destinationIPv6CIDRBlock: + type: string + destinationPrefixListID: + type: string + egressOnlyInternetGatewayID: + type: string + gatewayID: + type: string + instanceID: + type: string + instanceOwnerID: + type: string + localGatewayID: + type: string + natGatewayID: + type: string + networkInterfaceID: + type: string + origin: + type: string + state: + type: string + transitGatewayID: + type: string + vpcPeeringConnectionID: + type: string + type: object + type: array + routeTableID: + description: The ID of the route table. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_securitygroups.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_securitygroups.yaml new file mode 100644 index 00000000000..0828cacecfc --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_securitygroups.yaml @@ -0,0 +1,433 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: securitygroups.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: SecurityGroup + listKind: SecurityGroupList + plural: securitygroups + singular: securitygroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecurityGroup is the Schema for the SecurityGroups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + SecurityGroupSpec defines the desired state of SecurityGroup. + + + Describes a security group. + properties: + description: + description: |- + A description for the security group. This is informational only. + + + Constraints: Up to 255 characters in length + + + Constraints for EC2-Classic: ASCII characters + + + Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + type: string + egressRules: + items: + description: Describes a set of permissions for a security group + rule. + properties: + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + ipRanges: + items: + description: Describes an IPv4 range. + properties: + cidrIP: + type: string + description: + type: string + type: object + type: array + ipv6Ranges: + items: + description: '[EC2-VPC only] Describes an IPv6 range.' + properties: + cidrIPv6: + type: string + description: + type: string + type: object + type: array + prefixListIDs: + items: + description: Describes a prefix list ID. + properties: + description: + type: string + prefixListID: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + userIDGroupPairs: + items: + description: |- + Describes a security group and Amazon Web Services account ID pair. + + + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + properties: + description: + type: string + groupID: + type: string + groupName: + type: string + groupRef: + description: Reference field for GroupID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + peeringStatus: + type: string + userID: + type: string + vpcID: + type: string + vpcPeeringConnectionID: + type: string + vpcRef: + description: Reference field for VPCID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + type: object + type: array + ingressRules: + items: + description: Describes a set of permissions for a security group + rule. + properties: + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + ipRanges: + items: + description: Describes an IPv4 range. + properties: + cidrIP: + type: string + description: + type: string + type: object + type: array + ipv6Ranges: + items: + description: '[EC2-VPC only] Describes an IPv6 range.' + properties: + cidrIPv6: + type: string + description: + type: string + type: object + type: array + prefixListIDs: + items: + description: Describes a prefix list ID. + properties: + description: + type: string + prefixListID: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + userIDGroupPairs: + items: + description: |- + Describes a security group and Amazon Web Services account ID pair. + + + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + properties: + description: + type: string + groupID: + type: string + groupName: + type: string + groupRef: + description: Reference field for GroupID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + peeringStatus: + type: string + userID: + type: string + vpcID: + type: string + vpcPeeringConnectionID: + type: string + vpcRef: + description: Reference field for VPCID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + type: object + type: array + name: + description: |- + The name of the security group. + + + Constraints: Up to 255 characters in length. Cannot start with sg-. + + + Constraints for EC2-Classic: ASCII characters + + + Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: '[EC2-VPC] The ID of the VPC. Required for EC2-VPC.' + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + required: + - description + - name + type: object + status: + description: SecurityGroupStatus defines the observed state of SecurityGroup + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + id: + description: The ID of the security group. + type: string + rules: + description: Information about security group rules. + items: + description: Describes a security group rule. + properties: + cidrIPv4: + type: string + cidrIPv6: + type: string + description: + type: string + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + isEgress: + type: boolean + prefixListID: + type: string + securityGroupRuleID: + type: string + tags: + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_subnets.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_subnets.yaml new file mode 100644 index 00000000000..955ab852974 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_subnets.yaml @@ -0,0 +1,317 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: subnets.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: Subnet + listKind: SubnetList + plural: subnets + singular: subnet + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.subnetID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Subnet is the Schema for the Subnets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + SubnetSpec defines the desired state of Subnet. + + + Describes a subnet. + properties: + assignIPv6AddressOnCreation: + type: boolean + availabilityZone: + description: |- + The Availability Zone or Local Zone for the subnet. + + + Default: Amazon Web Services selects one for you. If you create more than + one subnet in your VPC, we do not necessarily select a different zone for + each subnet. + + + To create a subnet in a Local Zone, set this value to the Local Zone ID, + for example us-west-2-lax-1a. For information about the Regions that support + Local Zones, see Available Regions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) + in the Amazon Elastic Compute Cloud User Guide. + + + To create a subnet in an Outpost, set this value to the Availability Zone + for the Outpost and specify the Outpost ARN. + type: string + availabilityZoneID: + description: The AZ ID or the Local Zone ID of the subnet. + type: string + cidrBlock: + description: |- + The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. + We modify the specified CIDR block to its canonical form; for example, if + you specify 100.68.0.18/18, we modify it to 100.68.0.0/18. + + + This parameter is not supported for an IPv6 only subnet. + type: string + customerOwnedIPv4Pool: + type: string + enableDNS64: + type: boolean + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + ipv6CIDRBlock: + description: |- + The IPv6 network range for the subnet, in CIDR notation. The subnet size + must use a /64 prefix length. + + + This parameter is required for an IPv6 only subnet. + type: string + ipv6Native: + description: Indicates whether to create an IPv6 only subnet. + type: boolean + mapPublicIPOnLaunch: + type: boolean + outpostARN: + description: |- + The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost + ARN, you must also specify the Availability Zone of the Outpost subnet. + type: string + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + routeTables: + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: SubnetStatus defines the observed state of Subnet + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + availableIPAddressCount: + description: |- + The number of unused private IPv4 addresses in the subnet. The IPv4 addresses + for any stopped instances are considered unavailable. + format: int64 + type: integer + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + defaultForAZ: + description: Indicates whether this is the default subnet for the + Availability Zone. + type: boolean + enableLniAtDeviceIndex: + description: |- + Indicates the device position for local network interfaces in this subnet. + For example, 1 indicates local network interfaces in this subnet are the + secondary network interface (eth1). + format: int64 + type: integer + ipv6CIDRBlockAssociationSet: + description: Information about the IPv6 CIDR blocks associated with + the subnet. + items: + description: Describes an association between a subnet and an IPv6 + CIDR block. + properties: + associationID: + type: string + ipv6CIDRBlock: + type: string + ipv6CIDRBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + type: object + type: array + mapCustomerOwnedIPOnLaunch: + description: |- + Indicates whether a network interface created in this subnet (including a + network interface created by RunInstances) receives a customer-owned IPv4 + address. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + subnet. + type: string + privateDNSNameOptionsOnLaunch: + description: |- + The type of hostnames to assign to instances in the subnet at launch. An + instance hostname is based on the IPv4 address or ID of the instance. + properties: + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + type: object + state: + description: The current state of the subnet. + type: string + subnetID: + description: The ID of the subnet. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_transitgateways.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_transitgateways.yaml new file mode 100644 index 00000000000..1fa67895985 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_transitgateways.yaml @@ -0,0 +1,187 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: transitgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: TransitGateway + listKind: TransitGatewayList + plural: transitgateways + singular: transitgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.transitGatewayID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TransitGateway is the Schema for the TransitGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + TransitGatewaySpec defines the desired state of TransitGateway. + + + Describes a transit gateway. + properties: + description: + description: A description of the transit gateway. + type: string + options: + description: The transit gateway options. + properties: + amazonSideASN: + format: int64 + type: integer + autoAcceptSharedAttachments: + type: string + defaultRouteTableAssociation: + type: string + defaultRouteTablePropagation: + type: string + dnsSupport: + type: string + multicastSupport: + type: string + transitGatewayCIDRBlocks: + items: + type: string + type: array + vpnECMPSupport: + type: string + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: TransitGatewayStatus defines the observed state of TransitGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTime: + description: The creation time. + format: date-time + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + transit gateway. + type: string + state: + description: The state of the transit gateway. + type: string + transitGatewayID: + description: The ID of the transit gateway. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcendpoints.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcendpoints.yaml new file mode 100644 index 00000000000..9b21629b51c --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcendpoints.yaml @@ -0,0 +1,348 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcendpoints.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCEndpoint + listKind: VPCEndpointList + plural: vpcendpoints + singular: vpcendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.vpcEndpointID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCEndpoint is the Schema for the VPCEndpoints API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcEndpointSpec defines the desired state of VpcEndpoint. + + + Describes a VPC endpoint. + properties: + dnsOptions: + description: The DNS options for the endpoint. + properties: + dnsRecordIPType: + type: string + type: object + ipAddressType: + description: The IP address type for the endpoint. + type: string + policyDocument: + description: |- + (Interface and gateway endpoints) A policy to attach to the endpoint that + controls access to the service. The policy must be in valid JSON format. + If this parameter is not specified, we attach a default policy that allows + full access to the service. + type: string + privateDNSEnabled: + description: |- + (Interface endpoint) Indicates whether to associate a private hosted zone + with the specified VPC. The private hosted zone contains a record set for + the default public DNS name for the service for the Region (for example, + kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses + of the endpoint network interfaces in the VPC. This enables you to make requests + to the default public DNS name for the service instead of the public DNS + names that are automatically generated by the VPC endpoint service. + + + To use a private hosted zone, you must set the following VPC attributes to + true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to + set the VPC attributes. + + + Default: true + type: boolean + routeTableIDs: + description: (Gateway endpoint) One or more route table IDs. + items: + type: string + type: array + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + securityGroupIDs: + description: |- + (Interface endpoint) The ID of one or more security groups to associate with + the endpoint network interface. + items: + type: string + type: array + securityGroupRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + serviceName: + description: |- + The service name. To get a list of available services, use the DescribeVpcEndpointServices + request, or get the name from the service provider. + type: string + subnetIDs: + description: |- + (Interface and Gateway Load Balancer endpoints) The ID of one or more subnets + in which to create an endpoint network interface. For a Gateway Load Balancer + endpoint, you can specify one subnet only. + items: + type: string + type: array + subnetRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcEndpointType: + description: |- + The type of endpoint. + + + Default: Gateway + type: string + vpcID: + description: The ID of the VPC in which the endpoint will be used. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + required: + - serviceName + type: object + status: + description: VPCEndpointStatus defines the observed state of VPCEndpoint + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTimestamp: + description: The date and time that the endpoint was created. + format: date-time + type: string + dnsEntries: + description: (Interface endpoint) The DNS entries for the endpoint. + items: + description: Describes a DNS entry. + properties: + dnsName: + type: string + hostedZoneID: + type: string + type: object + type: array + groups: + description: |- + (Interface endpoint) Information about the security groups that are associated + with the network interface. + items: + description: Describes a security group. + properties: + groupID: + type: string + groupName: + type: string + type: object + type: array + lastError: + description: The last error that occurred for endpoint. + properties: + code: + type: string + message: + type: string + type: object + networkInterfaceIDs: + description: (Interface endpoint) One or more network interfaces for + the endpoint. + items: + type: string + type: array + ownerID: + description: The ID of the Amazon Web Services account that owns the + endpoint. + type: string + requesterManaged: + description: Indicates whether the endpoint is being managed by its + service. + type: boolean + state: + description: The state of the endpoint. + type: string + vpcEndpointID: + description: The ID of the endpoint. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml new file mode 100644 index 00000000000..ab828ec115a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml @@ -0,0 +1,232 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcendpointserviceconfigurations.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCEndpointServiceConfiguration + listKind: VPCEndpointServiceConfigurationList + plural: vpcendpointserviceconfigurations + singular: vpcendpointserviceconfiguration + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.serviceID + name: ServiceID + type: string + - jsonPath: .status.serviceState + name: ServiceState + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCEndpointServiceConfiguration is the Schema for the VPCEndpointServiceConfigurations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VpcEndpointServiceConfigurationSpec defines the desired state + of VpcEndpointServiceConfiguration. + properties: + acceptanceRequired: + description: |- + Indicates whether requests from service consumers to create an endpoint to + your service must be accepted manually. + type: boolean + allowedPrincipals: + description: |- + The Amazon Resource Names (ARN) of one or more principals. Permissions are + granted to the principals in this list. To grant permissions to all principals, + specify an asterisk (*). + items: + type: string + type: array + gatewayLoadBalancerARNs: + description: The Amazon Resource Names (ARNs) of one or more Gateway + Load Balancers. + items: + type: string + type: array + networkLoadBalancerARNs: + description: |- + The Amazon Resource Names (ARNs) of one or more Network Load Balancers for + your service. + items: + type: string + type: array + privateDNSName: + description: |- + (Interface endpoint configuration) The private DNS name to assign to the + VPC endpoint service. + type: string + supportedIPAddressTypes: + description: The supported IP address types. The possible values are + ipv4 and ipv6. + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: VPCEndpointServiceConfigurationStatus defines the observed + state of VPCEndpointServiceConfiguration + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + availabilityZones: + description: The Availability Zones in which the service is available. + items: + type: string + type: array + baseEndpointDNSNames: + description: The DNS names for the service. + items: + type: string + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + managesVPCEndpoints: + description: |- + Indicates whether the service manages its VPC endpoints. Management of the + service VPC endpoints using the VPC endpoint API is restricted. + type: boolean + payerResponsibility: + description: The payer responsibility. + type: string + privateDNSNameConfiguration: + description: Information about the endpoint service private DNS name + configuration. + properties: + name: + type: string + state: + type: string + type_: + type: string + value: + type: string + type: object + serviceID: + description: The ID of the service. + type: string + serviceName: + description: The name of the service. + type: string + serviceState: + description: The service state. + type: string + serviceType: + description: The type of service. + items: + description: Describes the type of service for a VPC endpoint. + properties: + serviceType: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml new file mode 100644 index 00000000000..38a2f7517a4 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml @@ -0,0 +1,333 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcpeeringconnections.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCPeeringConnection + listKind: VPCPeeringConnectionList + plural: vpcpeeringconnections + singular: vpcpeeringconnection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCPeeringConnection is the Schema for the VPCPeeringConnections + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcPeeringConnectionSpec defines the desired state of VpcPeeringConnection. + + + Describes a VPC peering connection. + properties: + acceptRequest: + type: boolean + accepterPeeringConnectionOptions: + description: The VPC peering connection options for the accepter VPC. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + peerOwnerID: + description: |- + The Amazon Web Services account ID of the owner of the accepter VPC. + + + Default: Your Amazon Web Services account ID + type: string + peerRegion: + description: |- + The Region code for the accepter VPC, if the accepter VPC is located in a + Region other than the Region in which you make the request. + + + Default: The Region in which you make the request. + type: string + peerVPCID: + description: |- + The ID of the VPC with which you are creating the VPC peering connection. + You must specify this parameter in the request. + type: string + peerVPCRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + requesterPeeringConnectionOptions: + description: The VPC peering connection options for the requester + VPC. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the requester VPC. You must specify this parameter + in the request. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: VPCPeeringConnectionStatus defines the observed state of + VPCPeeringConnection + properties: + accepterVPCInfo: + description: |- + Information about the accepter VPC. CIDR block information is only returned + when describing an active VPC peering connection. + properties: + cidrBlock: + type: string + cidrBlockSet: + items: + description: Describes an IPv4 CIDR block. + properties: + cidrBlock: + type: string + type: object + type: array + ipv6CIDRBlockSet: + items: + description: Describes an IPv6 CIDR block. + properties: + ipv6CIDRBlock: + type: string + type: object + type: array + ownerID: + type: string + peeringOptions: + description: |- + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + + + Describes the VPC peering connection options. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + region: + type: string + vpcID: + type: string + type: object + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + expirationTime: + description: The time that an unaccepted VPC peering connection will + expire. + format: date-time + type: string + requesterVPCInfo: + description: |- + Information about the requester VPC. CIDR block information is only returned + when describing an active VPC peering connection. + properties: + cidrBlock: + type: string + cidrBlockSet: + items: + description: Describes an IPv4 CIDR block. + properties: + cidrBlock: + type: string + type: object + type: array + ipv6CIDRBlockSet: + items: + description: Describes an IPv6 CIDR block. + properties: + ipv6CIDRBlock: + type: string + type: object + type: array + ownerID: + type: string + peeringOptions: + description: |- + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + + + Describes the VPC peering connection options. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + region: + type: string + vpcID: + type: string + type: object + status: + description: The status of the VPC peering connection. + properties: + code: + type: string + message: + type: string + type: object + vpcPeeringConnectionID: + description: The ID of the VPC peering connection. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcs.yaml b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcs.yaml new file mode 100644 index 00000000000..70c81398a50 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/manifests/ec2.services.k8s.aws_vpcs.yaml @@ -0,0 +1,297 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcs.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPC + listKind: VPCList + plural: vpcs + singular: vpc + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.vpcID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPC is the Schema for the VPCS API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcSpec defines the desired state of Vpc. + + + Describes a VPC. + properties: + amazonProvidedIPv6CIDRBlock: + description: |- + Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for + the VPC. You cannot specify the range of IP addresses, or the size of the + CIDR block. + type: boolean + cidrBlocks: + items: + type: string + type: array + disallowSecurityGroupDefaultRules: + type: boolean + enableDNSHostnames: + description: The attribute value. The valid values are true or false. + type: boolean + enableDNSSupport: + description: The attribute value. The valid values are true or false. + type: boolean + instanceTenancy: + description: |- + The tenancy options for instances launched into the VPC. For default, instances + are launched with shared tenancy by default. You can launch instances with + any tenancy into a shared tenancy VPC. For dedicated, instances are launched + as dedicated tenancy instances by default. You can only launch instances + with a tenancy of dedicated or host into a dedicated tenancy VPC. + + + Important: The host value cannot be used with this parameter. Use the default + or dedicated values only. + + + Default: default + type: string + ipv4IPAMPoolID: + description: |- + The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. + For more information, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + type: string + ipv4NetmaskLength: + description: |- + The netmask length of the IPv4 CIDR you want to allocate to this VPC from + an Amazon VPC IP Address Manager (IPAM) pool. For more information about + IPAM, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + format: int64 + type: integer + ipv6CIDRBlock: + description: |- + The IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool + in the request. + + + To let Amazon choose the IPv6 CIDR block for you, omit this parameter. + type: string + ipv6CIDRBlockNetworkBorderGroup: + description: |- + The name of the location from which we advertise the IPV6 CIDR block. Use + this parameter to limit the address to this location. + + + You must set AmazonProvidedIpv6CidrBlock to true to use this parameter. + type: string + ipv6IPAMPoolID: + description: |- + The ID of an IPv6 IPAM pool which will be used to allocate this VPC an IPv6 + CIDR. IPAM is a VPC feature that you can use to automate your IP address + management workflows including assigning, tracking, troubleshooting, and + auditing IP addresses across Amazon Web Services Regions and accounts throughout + your Amazon Web Services Organization. For more information, see What is + IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + type: string + ipv6NetmaskLength: + description: |- + The netmask length of the IPv6 CIDR you want to allocate to this VPC from + an Amazon VPC IP Address Manager (IPAM) pool. For more information about + IPAM, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + format: int64 + type: integer + ipv6Pool: + description: The ID of an IPv6 address pool from which to allocate + the IPv6 CIDR block. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - cidrBlocks + type: object + status: + description: VPCStatus defines the observed state of VPC + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + cidrBlockAssociationSet: + description: Information about the IPv4 CIDR blocks associated with + the VPC. + items: + description: Describes an IPv4 CIDR block associated with a VPC. + properties: + associationID: + type: string + cidrBlock: + type: string + cidrBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + dhcpOptionsID: + description: The ID of the set of DHCP options you've associated with + the VPC. + type: string + ipv6CIDRBlockAssociationSet: + description: Information about the IPv6 CIDR blocks associated with + the VPC. + items: + description: Describes an IPv6 CIDR block associated with a VPC. + properties: + associationID: + type: string + ipv6CIDRBlock: + type: string + ipv6CIDRBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + ipv6Pool: + type: string + networkBorderGroup: + type: string + type: object + type: array + isDefault: + description: Indicates whether the VPC is the default VPC. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + VPC. + type: string + securityGroupDefaultRulesExist: + type: boolean + state: + description: The current state of the VPC. + type: string + vpcID: + description: The ID of the VPC. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.23/metadata/annotations.yaml b/operators/ack-ec2-controller/1.2.23/metadata/annotations.yaml new file mode 100644 index 00000000000..09db878affb --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-ec2-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-ec2-controller/1.2.23/tests/scorecard/config.yaml b/operators/ack-ec2-controller/1.2.23/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.23/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/ack-ec2-controller/1.2.24/bundle.Dockerfile b/operators/ack-ec2-controller/1.2.24/bundle.Dockerfile new file mode 100644 index 00000000000..50ccfac3d94 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ack-ec2-controller +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.28.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=unknown + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-controller.clusterserviceversion.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-controller.clusterserviceversion.yaml new file mode 100644 index 00000000000..72f038da84a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-controller.clusterserviceversion.yaml @@ -0,0 +1,724 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "DHCPOptions", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "ElasticIPAddress", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "Instance", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "InternetGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "NATGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "RouteTable", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "SecurityGroup", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "Subnet", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "TransitGateway", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "VPC", + "metadata": { + "name": "example" + }, + "spec": {} + }, + { + "apiVersion": "ec2.services.k8s.aws/v1alpha1", + "kind": "VPCEndpoint", + "metadata": { + "name": "example" + }, + "spec": {} + } + ] + capabilities: Basic Install + categories: Cloud Provider + certified: "false" + containerImage: public.ecr.aws/aws-controllers-k8s/ec2-controller:1.2.24 + createdAt: "2024-09-18T19:05:01Z" + description: AWS EC2 controller is a service controller for managing EC2 resources + in Kubernetes + operatorframework.io/suggested-namespace: ack-system + operators.operatorframework.io/builder: operator-sdk-v1.28.0 + operators.operatorframework.io/project_layout: unknown + repository: https://github.com/aws-controllers-k8s + support: Community + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + name: ack-ec2-controller.v1.2.24 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: DHCPOptions represents the state of an AWS ec2 DHCPOptions resource. + displayName: DHCPOptions + kind: DHCPOptions + name: dhcpoptions.ec2.services.k8s.aws + version: v1alpha1 + - description: ElasticIPAddress represents the state of an AWS ec2 ElasticIPAddress + resource. + displayName: ElasticIPAddress + kind: ElasticIPAddress + name: elasticipaddresses.ec2.services.k8s.aws + version: v1alpha1 + - description: FlowLog represents the state of an AWS ec2 FlowLog resource. + displayName: FlowLog + kind: FlowLog + name: flowlogs.ec2.services.k8s.aws + version: v1alpha1 + - description: Instance represents the state of an AWS ec2 Instance resource. + displayName: Instance + kind: Instance + name: instances.ec2.services.k8s.aws + version: v1alpha1 + - description: InternetGateway represents the state of an AWS ec2 InternetGateway + resource. + displayName: InternetGateway + kind: InternetGateway + name: internetgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: NATGateway represents the state of an AWS ec2 NATGateway resource. + displayName: NATGateway + kind: NATGateway + name: natgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: NetworkACL represents the state of an AWS ec2 NetworkACL resource. + displayName: NetworkACL + kind: NetworkACL + name: networkacls.ec2.services.k8s.aws + version: v1alpha1 + - description: RouteTable represents the state of an AWS ec2 RouteTable resource. + displayName: RouteTable + kind: RouteTable + name: routetables.ec2.services.k8s.aws + version: v1alpha1 + - description: SecurityGroup represents the state of an AWS ec2 SecurityGroup + resource. + displayName: SecurityGroup + kind: SecurityGroup + name: securitygroups.ec2.services.k8s.aws + version: v1alpha1 + - description: Subnet represents the state of an AWS ec2 Subnet resource. + displayName: Subnet + kind: Subnet + name: subnets.ec2.services.k8s.aws + version: v1alpha1 + - description: TransitGateway represents the state of an AWS ec2 TransitGateway + resource. + displayName: TransitGateway + kind: TransitGateway + name: transitgateways.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCEndpoint represents the state of an AWS ec2 VPCEndpoint resource. + displayName: VPCEndpoint + kind: VPCEndpoint + name: vpcendpoints.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCEndpointServiceConfiguration represents the state of an AWS + ec2 VPCEndpointServiceConfiguration resource. + displayName: VPCEndpointServiceConfiguration + kind: VPCEndpointServiceConfiguration + name: vpcendpointserviceconfigurations.ec2.services.k8s.aws + version: v1alpha1 + - description: VPCPeeringConnection represents the state of an AWS ec2 VPCPeeringConnection + resource. + displayName: VPCPeeringConnection + kind: VPCPeeringConnection + name: vpcpeeringconnections.ec2.services.k8s.aws + version: v1alpha1 + - description: VPC represents the state of an AWS ec2 VPC resource. + displayName: VPC + kind: VPC + name: vpcs.ec2.services.k8s.aws + version: v1alpha1 + description: |- + Manage Elastic Compute Cloud (EC2) resources in AWS from within your Kubernetes cluster. + + **About Amazon EC2** + + Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic. + + **About the AWS Controllers for Kubernetes** + + This controller is a component of the [AWS Controller for Kubernetes](https://github.com/aws/aws-controllers-k8s) project. + + **Pre-Installation Steps** + + Please follow the following link: [Red Hat OpenShift](https://aws-controllers-k8s.github.io/community/docs/user-docs/openshift/) + displayName: AWS Controllers for Kubernetes - Amazon EC2 + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjAuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMzA0IDE4MiIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMzA0IDE4MjsiIHhtbDpzcGFjZT0icHJlc2VydmUiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgoJLnN0MHtmaWxsOiMyNTJGM0U7fQoJLnN0MXtmaWxsLXJ1bGU6ZXZlbm9kZDtjbGlwLXJ1bGU6ZXZlbm9kZDtmaWxsOiNGRjk5MDA7fQo8L3N0eWxlPgo8Zz4KCTxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni40LDY2LjRjMCwzLjcsMC40LDYuNywxLjEsOC45YzAuOCwyLjIsMS44LDQuNiwzLjIsNy4yYzAuNSwwLjgsMC43LDEuNiwwLjcsMi4zYzAsMS0wLjYsMi0xLjksM2wtNi4zLDQuMiAgIGMtMC45LDAuNi0xLjgsMC45LTIuNiwwLjljLTEsMC0yLTAuNS0zLTEuNEM3Ni4yLDkwLDc1LDg4LjQsNzQsODYuOGMtMS0xLjctMi0zLjYtMy4xLTUuOWMtNy44LDkuMi0xNy42LDEzLjgtMjkuNCwxMy44ICAgYy04LjQsMC0xNS4xLTIuNC0yMC03LjJjLTQuOS00LjgtNy40LTExLjItNy40LTE5LjJjMC04LjUsMy0xNS40LDkuMS0yMC42YzYuMS01LjIsMTQuMi03LjgsMjQuNS03LjhjMy40LDAsNi45LDAuMywxMC42LDAuOCAgIGMzLjcsMC41LDcuNSwxLjMsMTEuNSwyLjJ2LTcuM2MwLTcuNi0xLjYtMTIuOS00LjctMTZjLTMuMi0zLjEtOC42LTQuNi0xNi4zLTQuNmMtMy41LDAtNy4xLDAuNC0xMC44LDEuM2MtMy43LDAuOS03LjMsMi0xMC44LDMuNCAgIGMtMS42LDAuNy0yLjgsMS4xLTMuNSwxLjNjLTAuNywwLjItMS4yLDAuMy0xLjYsMC4zYy0xLjQsMC0yLjEtMS0yLjEtMy4xdi00LjljMC0xLjYsMC4yLTIuOCwwLjctMy41YzAuNS0wLjcsMS40LTEuNCwyLjgtMi4xICAgYzMuNS0xLjgsNy43LTMuMywxMi42LTQuNWM0LjktMS4zLDEwLjEtMS45LDE1LjYtMS45YzExLjksMCwyMC42LDIuNywyNi4yLDguMWM1LjUsNS40LDguMywxMy42LDguMywyNC42VjY2LjR6IE00NS44LDgxLjYgICBjMy4zLDAsNi43LTAuNiwxMC4zLTEuOGMzLjYtMS4yLDYuOC0zLjQsOS41LTYuNGMxLjYtMS45LDIuOC00LDMuNC02LjRjMC42LTIuNCwxLTUuMywxLTguN3YtNC4yYy0yLjktMC43LTYtMS4zLTkuMi0xLjcgICBjLTMuMi0wLjQtNi4zLTAuNi05LjQtMC42Yy02LjcsMC0xMS42LDEuMy0xNC45LDRjLTMuMywyLjctNC45LDYuNS00LjksMTEuNWMwLDQuNywxLjIsOC4yLDMuNywxMC42ICAgQzM3LjcsODAuNCw0MS4yLDgxLjYsNDUuOCw4MS42eiBNMTI2LjEsOTIuNGMtMS44LDAtMy0wLjMtMy44LTFjLTAuOC0wLjYtMS41LTItMi4xLTMuOUw5Ni43LDEwLjJjLTAuNi0yLTAuOS0zLjMtMC45LTQgICBjMC0xLjYsMC44LTIuNSwyLjQtMi41aDkuOGMxLjksMCwzLjIsMC4zLDMuOSwxYzAuOCwwLjYsMS40LDIsMiwzLjlsMTYuOCw2Ni4ybDE1LjYtNjYuMmMwLjUtMiwxLjEtMy4zLDEuOS0zLjljMC44LTAuNiwyLjItMSw0LTEgICBoOGMxLjksMCwzLjIsMC4zLDQsMWMwLjgsMC42LDEuNSwyLDEuOSwzLjlsMTUuOCw2N2wxNy4zLTY3YzAuNi0yLDEuMy0zLjMsMi0zLjljMC44LTAuNiwyLjEtMSwzLjktMWg5LjNjMS42LDAsMi41LDAuOCwyLjUsMi41ICAgYzAsMC41LTAuMSwxLTAuMiwxLjZjLTAuMSwwLjYtMC4zLDEuNC0wLjcsMi41bC0yNC4xLDc3LjNjLTAuNiwyLTEuMywzLjMtMi4xLDMuOWMtMC44LDAuNi0yLjEsMS0zLjgsMWgtOC42Yy0xLjksMC0zLjItMC4zLTQtMSAgIGMtMC44LTAuNy0xLjUtMi0xLjktNEwxNTYsMjNsLTE1LjQsNjQuNGMtMC41LDItMS4xLDMuMy0xLjksNGMtMC44LDAuNy0yLjIsMS00LDFIMTI2LjF6IE0yNTQuNiw5NS4xYy01LjIsMC0xMC40LTAuNi0xNS40LTEuOCAgIGMtNS0xLjItOC45LTIuNS0xMS41LTRjLTEuNi0wLjktMi43LTEuOS0zLjEtMi44Yy0wLjQtMC45LTAuNi0xLjktMC42LTIuOHYtNS4xYzAtMi4xLDAuOC0zLjEsMi4zLTMuMWMwLjYsMCwxLjIsMC4xLDEuOCwwLjMgICBjMC42LDAuMiwxLjUsMC42LDIuNSwxYzMuNCwxLjUsNy4xLDIuNywxMSwzLjVjNCwwLjgsNy45LDEuMiwxMS45LDEuMmM2LjMsMCwxMS4yLTEuMSwxNC42LTMuM2MzLjQtMi4yLDUuMi01LjQsNS4yLTkuNSAgIGMwLTIuOC0wLjktNS4xLTIuNy03Yy0xLjgtMS45LTUuMi0zLjYtMTAuMS01LjJMMjQ2LDUyYy03LjMtMi4zLTEyLjctNS43LTE2LTEwLjJjLTMuMy00LjQtNS05LjMtNS0xNC41YzAtNC4yLDAuOS03LjksMi43LTExLjEgICBjMS44LTMuMiw0LjItNiw3LjItOC4yYzMtMi4zLDYuNC00LDEwLjQtNS4yYzQtMS4yLDguMi0xLjcsMTIuNi0xLjdjMi4yLDAsNC41LDAuMSw2LjcsMC40YzIuMywwLjMsNC40LDAuNyw2LjUsMS4xICAgYzIsMC41LDMuOSwxLDUuNywxLjZjMS44LDAuNiwzLjIsMS4yLDQuMiwxLjhjMS40LDAuOCwyLjQsMS42LDMsMi41YzAuNiwwLjgsMC45LDEuOSwwLjksMy4zdjQuN2MwLDIuMS0wLjgsMy4yLTIuMywzLjIgICBjLTAuOCwwLTIuMS0wLjQtMy44LTEuMmMtNS43LTIuNi0xMi4xLTMuOS0xOS4yLTMuOWMtNS43LDAtMTAuMiwwLjktMTMuMywyLjhjLTMuMSwxLjktNC43LDQuOC00LjcsOC45YzAsMi44LDEsNS4yLDMsNy4xICAgYzIsMS45LDUuNywzLjgsMTEsNS41bDE0LjIsNC41YzcuMiwyLjMsMTIuNCw1LjUsMTUuNSw5LjZjMy4xLDQuMSw0LjYsOC44LDQuNiwxNGMwLDQuMy0wLjksOC4yLTIuNiwxMS42ICAgYy0xLjgsMy40LTQuMiw2LjQtNy4zLDguOGMtMy4xLDIuNS02LjgsNC4zLTExLjEsNS42QzI2NC40LDk0LjQsMjU5LjcsOTUuMSwyNTQuNiw5NS4xeiIvPgoJPGc+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI3My41LDE0My43Yy0zMi45LDI0LjMtODAuNywzNy4yLTEyMS44LDM3LjJjLTU3LjYsMC0xMDkuNS0yMS4zLTE0OC43LTU2LjdjLTMuMS0yLjgtMC4zLTYuNiwzLjQtNC40ICAgIGM0Mi40LDI0LjYsOTQuNywzOS41LDE0OC44LDM5LjVjMzYuNSwwLDc2LjYtNy42LDExMy41LTIzLjJDMjc0LjIsMTMzLjYsMjc4LjksMTM5LjcsMjczLjUsMTQzLjd6Ii8+CgkJPHBhdGggY2xhc3M9InN0MSIgZD0iTTI4Ny4yLDEyOC4xYy00LjItNS40LTI3LjgtMi42LTM4LjUtMS4zYy0zLjIsMC40LTMuNy0yLjQtMC44LTQuNWMxOC44LTEzLjIsNDkuNy05LjQsNTMuMy01ICAgIGMzLjYsNC41LTEsMzUuNC0xOC42LDUwLjJjLTIuNywyLjMtNS4zLDEuMS00LjEtMS45QzI4Mi41LDE1NS43LDI5MS40LDEzMy40LDI4Ny4yLDEyOC4xeiIvPgoJPC9nPgo8L2c+Cjwvc3ZnPg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - patch + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - elasticipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - elasticipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - flowlogs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - flowlogs/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - instances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - instances/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - internetgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - internetgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - natgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - natgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - networkacls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - networkacls/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - routetables + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - routetables/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - subnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - subnets/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - transitgateways + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - transitgateways/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpoints/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpointserviceconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcendpointserviceconfigurations/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcpeeringconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcpeeringconnections/status + verbs: + - get + - patch + - update + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ec2.services.k8s.aws + resources: + - vpcs/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update + - apiGroups: + - services.k8s.aws + resources: + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + verbs: + - get + - patch + - update + serviceAccountName: ack-ec2-controller + deployments: + - label: + app.kubernetes.io/name: ack-ec2-controller + app.kubernetes.io/part-of: ack-system + name: ack-ec2-controller + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ack-ec2-controller + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: ack-ec2-controller + spec: + containers: + - args: + - --aws-region + - $(AWS_REGION) + - --aws-endpoint-url + - $(AWS_ENDPOINT_URL) + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) + - --log-level + - $(ACK_LOG_LEVEL) + - --resource-tags + - $(ACK_RESOURCE_TAGS) + - --watch-namespace + - $(ACK_WATCH_NAMESPACE) + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - $(LEADER_ELECTION_NAMESPACE) + - --reconcile-default-max-concurrent-syncs + - $(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS) + command: + - ./bin/controller + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: ack-ec2-user-config + optional: false + - secretRef: + name: ack-ec2-user-secrets + optional: true + image: public.ecr.aws/aws-controllers-k8s/ec2-controller:1.2.24 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsNonRoot: true + dnsPolicy: ClusterFirst + securityContext: + seccompProfile: + type: RuntimeDefault + serviceAccountName: ack-ec2-controller + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: ack-ec2-controller + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - ec2 + - aws + - amazon + - ack + links: + - name: AWS Controllers for Kubernetes + url: https://github.com/aws-controllers-k8s/community + - name: Documentation + url: https://aws-controllers-k8s.github.io/community/ + - name: Amazon EC2 Developer Resources + url: https://aws.amazon.com/ec2/resources/ + maintainers: + - email: ack-maintainers@amazon.com + name: ec2 maintainer team + maturity: alpha + provider: + name: Amazon, Inc. + url: https://aws.amazon.com + version: 1.2.24 diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-metrics-service_v1_service.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..535fe868fdc --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: ack-ec2-metrics-service +spec: + ports: + - name: metricsport + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/name: ack-ec2-controller + type: NodePort +status: + loadBalancer: {} diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..3c9b1f90003 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-reader_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-ec2-reader +rules: +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - get + - list + - watch diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..d331061459e --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ack-ec2-writer_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-ec2-writer +rules: +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ec2.services.k8s.aws + resources: + - dhcpoptions + - elasticipaddresses + - flowlogs + - instances + - internetgateways + - natgateways + - networkacls + - routetables + - securitygroups + - subnets + - transitgateways + - vpcs + - vpcendpoints + - vpcendpointserviceconfigurations + - vpcpeeringconnections + verbs: + - get + - patch + - update diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_dhcpoptions.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_dhcpoptions.yaml new file mode 100644 index 00000000000..4c9ac493224 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_dhcpoptions.yaml @@ -0,0 +1,188 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: dhcpoptions.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: DHCPOptions + listKind: DHCPOptionsList + plural: dhcpoptions + singular: dhcpoptions + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.dhcpOptionsID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DHCPOptions is the Schema for the DHCPOptions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DhcpOptionsSpec defines the desired state of DhcpOptions. + + + Describes a set of DHCP options. + properties: + dhcpConfigurations: + description: A DHCP configuration option. + items: + properties: + key: + type: string + values: + items: + type: string + type: array + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpc: + items: + type: string + type: array + vpcRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + required: + - dhcpConfigurations + type: object + status: + description: DHCPOptionsStatus defines the observed state of DHCPOptions + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + dhcpOptionsID: + description: The ID of the set of DHCP options. + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + DHCP options set. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml new file mode 100644 index 00000000000..71bb94438eb --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_elasticipaddresses.yaml @@ -0,0 +1,191 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: elasticipaddresses.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: ElasticIPAddress + listKind: ElasticIPAddressList + plural: elasticipaddresses + singular: elasticipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.allocationID + name: ALLOCATION-ID + type: string + - jsonPath: .status.publicIP + name: PUBLIC-IP + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ElasticIPAddress is the Schema for the ElasticIPAddresses API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ElasticIPAddressSpec defines the desired state of ElasticIPAddress. + properties: + address: + description: |- + [EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address + pool. + type: string + customerOwnedIPv4Pool: + description: |- + The ID of a customer-owned address pool. Use this parameter to let Amazon + EC2 select an address from the address pool. Alternatively, specify a specific + address from the address pool. + type: string + networkBorderGroup: + description: |- + A unique set of Availability Zones, Local Zones, or Wavelength Zones from + which Amazon Web Services advertises IP addresses. Use this parameter to + limit the IP address to this location. IP addresses cannot move between network + border groups. + + + Use DescribeAvailabilityZones (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html) + to view the network border groups. + + + You cannot use a network border group with EC2 Classic. If you attempt this + operation on EC2 Classic, you receive an InvalidParameterCombination error. + type: string + publicIPv4Pool: + description: |- + The ID of an address pool that you own. Use this parameter to let Amazon + EC2 select an address from the address pool. To specify a specific address + from the address pool, use the Address parameter instead. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: ElasticIPAddressStatus defines the observed state of ElasticIPAddress + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + allocationID: + description: |- + [EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation + of the Elastic IP address for use with instances in a VPC. + type: string + carrierIP: + description: |- + The carrier IP address. This option is only available for network interfaces + which reside in a subnet in a Wavelength Zone (for example an EC2 instance). + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + customerOwnedIP: + description: The customer-owned IP address. + type: string + publicIP: + description: The Elastic IP address. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_flowlogs.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_flowlogs.yaml new file mode 100644 index 00000000000..2291baa4a02 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_flowlogs.yaml @@ -0,0 +1,272 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: flowlogs.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: FlowLog + listKind: FlowLogList + plural: flowlogs + singular: flowlog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FlowLog is the Schema for the FlowLogs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + FlowLogSpec defines the desired state of FlowLog. + + + Describes a flow log. + properties: + deliverLogsPermissionARN: + description: |- + The ARN for the IAM role that permits Amazon EC2 to publish flow logs to + a CloudWatch Logs log group in your account. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + type: string + destinationOptions: + description: The destination options. + properties: + fileFormat: + type: string + hiveCompatiblePartitions: + type: boolean + perHourPartition: + type: boolean + type: object + logDestination: + description: |- + The destination to which the flow log data is to be published. Flow log data + can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The + value specified for this parameter depends on the value specified for LogDestinationType. + + + If LogDestinationType is not specified or cloud-watch-logs, specify the Amazon + Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish + to a log group called my-logs, specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs. + Alternatively, use LogGroupName instead. + + + If LogDestinationType is s3, specify the ARN of the Amazon S3 bucket. You + can also specify a subfolder in the bucket. To specify a subfolder in the + bucket, use the following ARN format: bucket_ARN/subfolder_name/. For example, + to specify a subfolder named my-logs in a bucket named my-bucket, use the + following ARN: arn:aws:s3:::my-bucket/my-logs/. You cannot use AWSLogs as + a subfolder name. This is a reserved term. + type: string + logDestinationType: + description: |- + The type of destination to which the flow log data is to be published. Flow + log data can be published to CloudWatch Logs or Amazon S3. To publish flow + log data to CloudWatch Logs, specify cloud-watch-logs. To publish flow log + data to Amazon S3, specify s3. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + + + Default: cloud-watch-logs + type: string + logFormat: + description: |- + The fields to include in the flow log record, in the order in which they + should appear. For a list of available fields, see Flow log records (https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-log-records). + If you omit this parameter, the flow log is created using the default format. + If you specify this parameter, you must specify at least one field. + + + Specify the fields using the ${field-id} format, separated by spaces. For + the CLI, surround this parameter value with single quotes on Linux or double + quotes on Windows. + type: string + logGroupName: + description: |- + The name of a new or existing CloudWatch Logs log group where Amazon EC2 + publishes your flow logs. + + + If you specify LogDestinationType as s3, do not specify DeliverLogsPermissionArn + or LogGroupName. + type: string + maxAggregationInterval: + description: |- + The maximum interval of time during which a flow of packets is captured and + aggregated into a flow log record. You can specify 60 seconds (1 minute) + or 600 seconds (10 minutes). + + + When a network interface is attached to a Nitro-based instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances), + the aggregation interval is always 60 seconds or less, regardless of the + value that you specify. + + + Default: 600 + format: int64 + type: integer + resourceID: + type: string + resourceType: + description: |- + The type of resource for which to create the flow log. For example, if you + specified a VPC ID for the ResourceId property, specify VPC for this property. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + trafficType: + description: |- + The type of traffic to log. You can log traffic that the resource accepts + or rejects, or all traffic. + type: string + required: + - resourceID + - resourceType + type: object + status: + description: FlowLogStatus defines the observed state of FlowLog + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + clientToken: + description: |- + Unique, case-sensitive identifier that you provide to ensure the idempotency + of the request. + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + flowLogID: + type: string + unsuccessful: + description: Information about the flow logs that could not be created + successfully. + items: + description: Information about items that were not successfully + processed in a batch call. + properties: + error: + description: |- + Information about the error that occurred. For more information about errors, + see Error codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). + properties: + code: + type: string + message: + type: string + type: object + resourceID: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_instances.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_instances.yaml new file mode 100644 index 00000000000..e5893051e9a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_instances.yaml @@ -0,0 +1,885 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: instances.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: Instance + listKind: InstanceList + plural: instances + singular: instance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.instanceID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Instance is the Schema for the Instances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + InstanceSpec defines the desired state of Instance. + + + Describes an instance. + properties: + blockDeviceMappings: + description: |- + The block device mapping, which defines the EBS volumes and instance store + volumes to attach to the instance at launch. For more information, see Block + device mappings (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) + in the Amazon EC2 User Guide. + items: + description: |- + Describes a block device mapping, which defines the EBS volumes and instance + store volumes to attach to an instance at launch. + properties: + deviceName: + type: string + ebs: + description: Describes a block device for an EBS volume. + properties: + deleteOnTermination: + type: boolean + encrypted: + type: boolean + iops: + format: int64 + type: integer + kmsKeyID: + type: string + outpostARN: + type: string + snapshotID: + type: string + throughput: + format: int64 + type: integer + volumeSize: + format: int64 + type: integer + volumeType: + type: string + type: object + noDevice: + type: string + virtualName: + type: string + type: object + type: array + capacityReservationSpecification: + description: |- + Information about the Capacity Reservation targeting option. If you do not + specify this parameter, the instance's Capacity Reservation preference defaults + to open, which enables it to run in any open Capacity Reservation that has + matching attributes (instance type, platform, Availability Zone). + properties: + capacityReservationPreference: + type: string + capacityReservationTarget: + description: Describes a target Capacity Reservation or Capacity + Reservation group. + properties: + capacityReservationID: + type: string + capacityReservationResourceGroupARN: + type: string + type: object + type: object + cpuOptions: + description: |- + The CPU options for the instance. For more information, see Optimize CPU + options (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) + in the Amazon EC2 User Guide. + properties: + coreCount: + format: int64 + type: integer + threadsPerCore: + format: int64 + type: integer + type: object + creditSpecification: + description: |- + The credit option for CPU usage of the burstable performance instance. Valid + values are standard and unlimited. To change this attribute after launch, + use ModifyInstanceCreditSpecification (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceCreditSpecification.html). + For more information, see Burstable performance instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html) + in the Amazon EC2 User Guide. + + + Default: standard (T2 instances) or unlimited (T3/T3a/T4g instances) + + + For T3 instances with host tenancy, only standard is supported. + properties: + cpuCredits: + type: string + type: object + disableAPIStop: + description: |- + Indicates whether an instance is enabled for stop protection. For more information, + see Stop protection (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection). + type: boolean + disableAPITermination: + description: |- + If you set this parameter to true, you can't terminate the instance using + the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute + after launch, use ModifyInstanceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). + Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, + you can terminate the instance by running the shutdown command from the instance. + + + Default: false + type: boolean + ebsOptimized: + description: |- + Indicates whether the instance is optimized for Amazon EBS I/O. This optimization + provides dedicated throughput to Amazon EBS and an optimized configuration + stack to provide optimal Amazon EBS I/O performance. This optimization isn't + available with all instance types. Additional usage charges apply when using + an EBS-optimized instance. + + + Default: false + type: boolean + elasticGPUSpecification: + description: |- + An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource + that you can attach to your Windows instance to accelerate the graphics performance + of your applications. For more information, see Amazon EC2 Elastic GPUs (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-graphics.html) + in the Amazon EC2 User Guide. + items: + description: A specification for an Elastic Graphics accelerator. + properties: + type_: + type: string + type: object + type: array + elasticInferenceAccelerators: + description: |- + An elastic inference accelerator to associate with the instance. Elastic + inference accelerators are a resource you can attach to your Amazon EC2 instances + to accelerate your Deep Learning (DL) inference workloads. + + + You cannot specify accelerators from different generations in the same request. + items: + description: Describes an elastic inference accelerator. + properties: + count: + format: int64 + type: integer + type_: + type: string + type: object + type: array + enclaveOptions: + description: |- + Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. + For more information, see What is Amazon Web Services Nitro Enclaves? (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html) + in the Amazon Web Services Nitro Enclaves User Guide. + + + You can't enable Amazon Web Services Nitro Enclaves and hibernation on the + same instance. + properties: + enabled: + type: boolean + type: object + hibernationOptions: + description: |- + Indicates whether an instance is enabled for hibernation. For more information, + see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) + in the Amazon EC2 User Guide. + + + You can't enable hibernation and Amazon Web Services Nitro Enclaves on the + same instance. + properties: + configured: + type: boolean + type: object + iamInstanceProfile: + description: The name or Amazon Resource Name (ARN) of an IAM instance + profile. + properties: + arn: + type: string + name: + type: string + type: object + imageID: + description: |- + The ID of the AMI. An AMI ID is required to launch an instance and must be + specified here or in a launch template. + type: string + instanceInitiatedShutdownBehavior: + description: |- + Indicates whether an instance stops or terminates when you initiate shutdown + from the instance (using the operating system command for system shutdown). + + + Default: stop + type: string + instanceMarketOptions: + description: |- + The market (purchasing) option for the instances. + + + For RunInstances, persistent Spot Instance requests are only supported when + InstanceInterruptionBehavior is set to either hibernate or stop. + properties: + marketType: + type: string + spotOptions: + description: The options for Spot Instances. + properties: + blockDurationMinutes: + format: int64 + type: integer + instanceInterruptionBehavior: + type: string + maxPrice: + type: string + spotInstanceType: + type: string + validUntil: + format: date-time + type: string + type: object + type: object + instanceType: + description: |- + The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + in the Amazon EC2 User Guide. + + + Default: m1.small + type: string + ipv6AddressCount: + description: |- + [EC2-VPC] The number of IPv6 addresses to associate with the primary network + interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. + You cannot specify this option and the option to assign specific IPv6 addresses + in the same request. You can specify this option if you've specified a minimum + number of instances to launch. + + + You cannot specify this option and the network interfaces option in the same + request. + format: int64 + type: integer + ipv6Addresses: + description: |- + [EC2-VPC] The IPv6 addresses from the range of the subnet to associate with + the primary network interface. You cannot specify this option and the option + to assign a number of IPv6 addresses in the same request. You cannot specify + this option if you've specified a minimum number of instances to launch. + + + You cannot specify this option and the network interfaces option in the same + request. + items: + description: Describes an IPv6 address. + properties: + ipv6Address: + type: string + type: object + type: array + kernelID: + description: |- + The ID of the kernel. + + + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more + information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + in the Amazon EC2 User Guide. + type: string + keyName: + description: |- + The name of the key pair. You can create a key pair using CreateKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html) + or ImportKeyPair (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportKeyPair.html). + + + If you do not specify a key pair, you can't connect to the instance unless + you choose an AMI that is configured to allow users another way to log in. + type: string + launchTemplate: + description: |- + The launch template to use to launch the instances. Any parameters that you + specify in RunInstances override the same parameters in the launch template. + You can specify either the name or ID of a launch template, but not both. + properties: + launchTemplateID: + type: string + launchTemplateName: + type: string + version: + type: string + type: object + licenseSpecifications: + description: The license configurations. + items: + description: Describes a license configuration. + properties: + licenseConfigurationARN: + type: string + type: object + type: array + maintenanceOptions: + description: The maintenance and recovery options for the instance. + properties: + autoRecovery: + type: string + type: object + maxCount: + description: |- + The maximum number of instances to launch. If you specify more instances + than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches + the largest possible number of instances above MinCount. + + + Constraints: Between 1 and the maximum number you're allowed for the specified + instance type. For more information about the default limits, and how to + request an increase, see How many instances can I run in Amazon EC2 (http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2) + in the Amazon EC2 FAQ. + format: int64 + type: integer + metadataOptions: + description: |- + The metadata options for the instance. For more information, see Instance + metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html). + properties: + httpEndpoint: + type: string + httpProtocolIPv6: + type: string + httpPutResponseHopLimit: + format: int64 + type: integer + httpTokens: + type: string + instanceMetadataTags: + type: string + type: object + minCount: + description: |- + The minimum number of instances to launch. If you specify a minimum that + is more instances than Amazon EC2 can launch in the target Availability Zone, + Amazon EC2 launches no instances. + + + Constraints: Between 1 and the maximum number you're allowed for the specified + instance type. For more information about the default limits, and how to + request an increase, see How many instances can I run in Amazon EC2 (http://aws.amazon.com/ec2/faqs/#How_many_instances_can_I_run_in_Amazon_EC2) + in the Amazon EC2 General FAQ. + format: int64 + type: integer + monitoring: + description: Specifies whether detailed monitoring is enabled for + the instance. + properties: + enabled: + type: boolean + type: object + networkInterfaces: + description: |- + The network interfaces to associate with the instance. If you specify a network + interface, you must specify any security groups and subnets as part of the + network interface. + items: + description: Describes a network interface. + properties: + associateCarrierIPAddress: + type: boolean + associatePublicIPAddress: + type: boolean + deleteOnTermination: + type: boolean + description: + type: string + deviceIndex: + format: int64 + type: integer + interfaceType: + type: string + ipv4PrefixCount: + format: int64 + type: integer + ipv4Prefixes: + items: + description: Describes the IPv4 prefix option for a network + interface. + properties: + ipv4Prefix: + type: string + type: object + type: array + ipv6AddressCount: + format: int64 + type: integer + ipv6Addresses: + items: + description: Describes an IPv6 address. + properties: + ipv6Address: + type: string + type: object + type: array + ipv6PrefixCount: + format: int64 + type: integer + ipv6Prefixes: + items: + description: Describes the IPv4 prefix option for a network + interface. + properties: + ipv6Prefix: + type: string + type: object + type: array + networkCardIndex: + format: int64 + type: integer + networkInterfaceID: + type: string + privateIPAddress: + type: string + privateIPAddresses: + items: + description: Describes a secondary private IPv4 address for + a network interface. + properties: + primary: + type: boolean + privateIPAddress: + type: string + type: object + type: array + secondaryPrivateIPAddressCount: + format: int64 + type: integer + subnetID: + type: string + type: object + type: array + placement: + description: The placement for the instance. + properties: + affinity: + type: string + availabilityZone: + type: string + groupName: + type: string + hostID: + type: string + hostResourceGroupARN: + type: string + partitionNumber: + format: int64 + type: integer + spreadDomain: + type: string + tenancy: + type: string + type: object + privateDNSNameOptions: + description: |- + The options for the instance hostname. The default values are inherited from + the subnet. + properties: + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + type: object + privateIPAddress: + description: |- + [EC2-VPC] The primary IPv4 address. You must specify a value from the IPv4 + address range of the subnet. + + + Only one private IP address can be designated as primary. You can't specify + this option if you've specified the option to designate a private IP address + as the primary IP address in a network interface specification. You cannot + specify this option if you're launching more than one instance in the request. + + + You cannot specify this option and the network interfaces option in the same + request. + type: string + ramDiskID: + description: |- + The ID of the RAM disk to select. Some kernels require additional drivers + at launch. Check the kernel requirements for information about whether you + need to specify a RAM disk. To find kernel requirements, go to the Amazon + Web Services Resource Center and search for the kernel ID. + + + We recommend that you use PV-GRUB instead of kernels and RAM disks. For more + information, see PV-GRUB (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + in the Amazon EC2 User Guide. + type: string + securityGroupIDs: + description: |- + The IDs of the security groups. You can create a security group using CreateSecurityGroup + (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html). + + + If you specify a network interface, you must specify any security groups + as part of the network interface. + items: + type: string + type: array + securityGroups: + description: |- + [EC2-Classic, default VPC] The names of the security groups. For a nondefault + VPC, you must use security group IDs instead. + + + If you specify a network interface, you must specify any security groups + as part of the network interface. + + + Default: Amazon EC2 uses the default security group. + items: + type: string + type: array + subnetID: + description: |- + [EC2-VPC] The ID of the subnet to launch the instance into. + + + If you specify a network interface, you must specify any subnets as part + of the network interface. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + userData: + description: |- + The user data script to make available to the instance. For more information, + see Run commands on your Linux instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) + and Run commands on your Windows instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html). + If you are using a command line tool, base64-encoding is performed for you, + and you can load the text from a file. Otherwise, you must provide base64-encoded + text. User data is limited to 16 KB. + type: string + type: object + status: + description: InstanceStatus defines the observed state of Instance + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + amiLaunchIndex: + description: |- + The AMI launch index, which can be used to find this instance in the launch + group. + format: int64 + type: integer + architecture: + description: The architecture of the image. + type: string + bootMode: + description: |- + The boot mode of the instance. For more information, see Boot modes (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html) + in the Amazon EC2 User Guide. + type: string + capacityReservationID: + description: The ID of the Capacity Reservation. + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + elasticGPUAssociations: + description: The Elastic GPU associated with the instance. + items: + description: Describes the association between an instance and an + Elastic Graphics accelerator. + properties: + elasticGPUAssociationID: + type: string + elasticGPUAssociationState: + type: string + elasticGPUAssociationTime: + type: string + elasticGPUID: + type: string + type: object + type: array + elasticInferenceAcceleratorAssociations: + description: The elastic inference accelerator associated with the + instance. + items: + description: Describes the association between an instance and an + elastic inference accelerator. + properties: + elasticInferenceAcceleratorARN: + type: string + elasticInferenceAcceleratorAssociationID: + type: string + elasticInferenceAcceleratorAssociationState: + type: string + elasticInferenceAcceleratorAssociationTime: + format: date-time + type: string + type: object + type: array + enaSupport: + description: Specifies whether enhanced networking with ENA is enabled. + type: boolean + hypervisor: + description: |- + The hypervisor type of the instance. The value xen is used for both Xen and + Nitro hypervisors. + type: string + instanceID: + description: The ID of the instance. + type: string + instanceLifecycle: + description: Indicates whether this is a Spot Instance or a Scheduled + Instance. + type: string + ipv6Address: + description: The IPv6 address assigned to the instance. + type: string + launchTime: + description: The time the instance was launched. + format: date-time + type: string + licenses: + description: The license configurations for the instance. + items: + description: Describes a license configuration. + properties: + licenseConfigurationARN: + type: string + type: object + type: array + outpostARN: + description: The Amazon Resource Name (ARN) of the Outpost. + type: string + platform: + description: The value is Windows for Windows instances; otherwise + blank. + type: string + platformDetails: + description: |- + The platform details value for the instance. For more information, see AMI + billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + in the Amazon EC2 User Guide. + type: string + privateDNSName: + description: |- + (IPv4 only) The private DNS hostname name assigned to the instance. This + DNS hostname can only be used inside the Amazon EC2 network. This name is + not available until the instance enters the running state. + + + [EC2-VPC] The Amazon-provided DNS server resolves Amazon-provided private + DNS hostnames if you've enabled DNS resolution and DNS hostnames in your + VPC. If you are not using the Amazon-provided DNS server in your VPC, your + custom domain name servers must resolve the hostname as appropriate. + type: string + productCodes: + description: The product codes attached to this instance, if applicable. + items: + description: Describes a product code. + properties: + productCodeID: + type: string + productCodeType: + type: string + type: object + type: array + publicDNSName: + description: |- + (IPv4 only) The public DNS name assigned to the instance. This name is not + available until the instance enters the running state. For EC2-VPC, this + name is only available if you've enabled DNS hostnames for your VPC. + type: string + publicIPAddress: + description: |- + The public IPv4 address, or the Carrier IP address assigned to the instance, + if applicable. + + + A Carrier IP address only applies to an instance launched in a subnet associated + with a Wavelength Zone. + type: string + rootDeviceName: + description: The device name of the root device volume (for example, + /dev/sda1). + type: string + rootDeviceType: + description: |- + The root device type used by the AMI. The AMI can use an EBS volume or an + instance store volume. + type: string + sourceDestCheck: + description: Indicates whether source/destination checking is enabled. + type: boolean + spotInstanceRequestID: + description: If the request is a Spot Instance request, the ID of + the request. + type: string + sriovNetSupport: + description: |- + Specifies whether enhanced networking with the Intel 82599 Virtual Function + interface is enabled. + type: string + state: + description: The current state of the instance. + properties: + code: + format: int64 + type: integer + name: + type: string + type: object + stateReason: + description: The reason for the most recent state transition. + properties: + code: + type: string + message: + type: string + type: object + stateTransitionReason: + description: The reason for the most recent state transition. This + might be an empty string. + type: string + tpmSupport: + description: |- + If the instance is configured for NitroTPM support, the value is v2.0. For + more information, see NitroTPM (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) + in the Amazon EC2 User Guide. + type: string + usageOperation: + description: |- + The usage operation value for the instance. For more information, see AMI + billing information fields (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html) + in the Amazon EC2 User Guide. + type: string + usageOperationUpdateTime: + description: The time that the usage operation was last updated. + format: date-time + type: string + virtualizationType: + description: The virtualization type of the instance. + type: string + vpcID: + description: '[EC2-VPC] The ID of the VPC in which the instance is + running.' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_internetgateways.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_internetgateways.yaml new file mode 100644 index 00000000000..60ef4b70e54 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_internetgateways.yaml @@ -0,0 +1,207 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: internetgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: InternetGateway + listKind: InternetGatewayList + plural: internetgateways + singular: internetgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.internetGatewayID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: InternetGateway is the Schema for the InternetGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + InternetGatewaySpec defines the desired state of InternetGateway. + + + Describes an internet gateway. + properties: + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + routeTables: + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpc: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: InternetGatewayStatus defines the observed state of InternetGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + attachments: + description: Any VPCs attached to the internet gateway. + items: + description: |- + Describes the attachment of a VPC to an internet gateway or an egress-only + internet gateway. + properties: + state: + type: string + vpcID: + type: string + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + internetGatewayID: + description: The ID of the internet gateway. + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + internet gateway. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_natgateways.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_natgateways.yaml new file mode 100644 index 00000000000..30519b24f70 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_natgateways.yaml @@ -0,0 +1,307 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: natgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: NATGateway + listKind: NATGatewayList + plural: natgateways + singular: natgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.natGatewayID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NATGateway is the Schema for the NATGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NatGatewaySpec defines the desired state of NatGateway. + + + Describes a NAT gateway. + properties: + allocationID: + description: |- + [Public NAT gateways only] The allocation ID of an Elastic IP address to + associate with the NAT gateway. You cannot specify an Elastic IP address + with a private NAT gateway. If the Elastic IP address is associated with + another resource, you must first disassociate it. + type: string + allocationRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + connectivityType: + description: |- + Indicates whether the NAT gateway supports public or private connectivity. + The default is public connectivity. + type: string + subnetID: + description: The subnet in which to create the NAT gateway. + type: string + subnetRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: NATGatewayStatus defines the observed state of NATGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + createTime: + description: The date and time the NAT gateway was created. + format: date-time + type: string + deleteTime: + description: The date and time the NAT gateway was deleted, if applicable. + format: date-time + type: string + failureCode: + description: |- + If the NAT gateway could not be created, specifies the error code for the + failure. (InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound + | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound) + type: string + failureMessage: + description: |- + If the NAT gateway could not be created, specifies the error message for + the failure, that corresponds to the error code. + + + * For InsufficientFreeAddressesInSubnet: "Subnet has insufficient free + addresses to create this NAT gateway" + + + * For Gateway.NotAttached: "Network vpc-xxxxxxxx has no Internet gateway + attached" + + + * For InvalidAllocationID.NotFound: "Elastic IP address eipalloc-xxxxxxxx + could not be associated with this NAT gateway" + + + * For Resource.AlreadyAssociated: "Elastic IP address eipalloc-xxxxxxxx + is already associated" + + + * For InternalError: "Network interface eni-xxxxxxxx, created and used + internally by this NAT gateway is in an invalid state. Please try again." + + + * For InvalidSubnetID.NotFound: "The specified subnet subnet-xxxxxxxx + does not exist or could not be found." + type: string + natGatewayAddresses: + description: |- + Information about the IP addresses and network interface associated with + the NAT gateway. + items: + description: Describes the IP addresses and network interface associated + with a NAT gateway. + properties: + allocationID: + type: string + networkInterfaceID: + type: string + privateIP: + type: string + publicIP: + type: string + type: object + type: array + natGatewayID: + description: The ID of the NAT gateway. + type: string + provisionedBandwidth: + description: |- + Reserved. If you need to sustain traffic greater than the documented limits + (https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html), + contact us through the Support Center (https://console.aws.amazon.com/support/home?). + properties: + provisionTime: + format: date-time + type: string + provisioned: + type: string + requestTime: + format: date-time + type: string + requested: + type: string + status: + type: string + type: object + state: + description: |- + The state of the NAT gateway. + + + * pending: The NAT gateway is being created and is not ready to process + traffic. + + + * failed: The NAT gateway could not be created. Check the failureCode + and failureMessage fields for the reason. + + + * available: The NAT gateway is able to process traffic. This status remains + until you delete the NAT gateway, and does not indicate the health of + the NAT gateway. + + + * deleting: The NAT gateway is in the process of being terminated and + may still be processing traffic. + + + * deleted: The NAT gateway has been terminated and is no longer processing + traffic. + type: string + vpcID: + description: The ID of the VPC in which the NAT gateway is located. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_networkacls.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_networkacls.yaml new file mode 100644 index 00000000000..313890903a0 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_networkacls.yaml @@ -0,0 +1,241 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: networkacls.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: NetworkACL + listKind: NetworkACLList + plural: networkacls + singular: networkacl + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkACL is the Schema for the NetworkACLS API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + NetworkAclSpec defines the desired state of NetworkAcl. + + + Describes a network ACL. + properties: + associations: + items: + description: Describes an association between a network ACL and + a subnet. + properties: + networkACLAssociationID: + type: string + networkACLID: + type: string + subnetID: + type: string + subnetRef: + description: Reference field for SubnetID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + entries: + items: + description: Describes an entry in a network ACL. + properties: + cidrBlock: + type: string + egress: + type: boolean + icmpTypeCode: + description: Describes the ICMP type and code. + properties: + code: + format: int64 + type: integer + type_: + format: int64 + type: integer + type: object + ipv6CIDRBlock: + type: string + portRange: + description: Describes a range of ports. + properties: + from: + format: int64 + type: integer + to: + format: int64 + type: integer + type: object + protocol: + type: string + ruleAction: + type: string + ruleNumber: + format: int64 + type: integer + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: NetworkACLStatus defines the observed state of NetworkACL + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + id: + description: The ID of the network ACL. + type: string + isDefault: + description: Indicates whether this is the default network ACL for + the VPC. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + network ACL. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_routetables.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_routetables.yaml new file mode 100644 index 00000000000..a05a44bdd8e --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_routetables.yaml @@ -0,0 +1,351 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: routetables.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: RouteTable + listKind: RouteTableList + plural: routetables + singular: routetable + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.routeTableID + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: RouteTable is the Schema for the RouteTables API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + RouteTableSpec defines the desired state of RouteTable. + + + Describes a route table. + properties: + routes: + items: + properties: + carrierGatewayID: + type: string + coreNetworkARN: + type: string + destinationCIDRBlock: + type: string + destinationIPv6CIDRBlock: + type: string + destinationPrefixListID: + type: string + egressOnlyInternetGatewayID: + type: string + gatewayID: + type: string + gatewayRef: + description: Reference field for GatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + instanceID: + type: string + localGatewayID: + type: string + natGatewayID: + type: string + natGatewayRef: + description: Reference field for NATGatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + networkInterfaceID: + type: string + transitGatewayID: + type: string + transitGatewayRef: + description: Reference field for TransitGatewayID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + vpcEndpointID: + type: string + vpcEndpointRef: + description: Reference field for VPCEndpointID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + vpcPeeringConnectionID: + type: string + vpcPeeringConnectionRef: + description: Reference field for VPCPeeringConnectionID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: RouteTableStatus defines the observed state of RouteTable + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + associations: + description: The associations between the route table and one or more + subnets or a gateway. + items: + description: Describes an association between a route table and + a subnet or gateway. + properties: + associationState: + description: |- + Describes the state of an association between a route table and a subnet + or gateway. + properties: + state: + type: string + statusMessage: + type: string + type: object + gatewayID: + type: string + main: + type: boolean + routeTableAssociationID: + type: string + routeTableID: + type: string + subnetID: + type: string + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + ownerID: + description: The ID of the Amazon Web Services account that owns the + route table. + type: string + propagatingVGWs: + description: Any virtual private gateway (VGW) propagating routes. + items: + description: Describes a virtual private gateway propagating route. + properties: + gatewayID: + type: string + type: object + type: array + routeStatuses: + description: The routes in the route table. + items: + description: Describes a route in a route table. + properties: + carrierGatewayID: + type: string + coreNetworkARN: + type: string + destinationCIDRBlock: + type: string + destinationIPv6CIDRBlock: + type: string + destinationPrefixListID: + type: string + egressOnlyInternetGatewayID: + type: string + gatewayID: + type: string + instanceID: + type: string + instanceOwnerID: + type: string + localGatewayID: + type: string + natGatewayID: + type: string + networkInterfaceID: + type: string + origin: + type: string + state: + type: string + transitGatewayID: + type: string + vpcPeeringConnectionID: + type: string + type: object + type: array + routeTableID: + description: The ID of the route table. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_securitygroups.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_securitygroups.yaml new file mode 100644 index 00000000000..0828cacecfc --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_securitygroups.yaml @@ -0,0 +1,433 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: securitygroups.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: SecurityGroup + listKind: SecurityGroupList + plural: securitygroups + singular: securitygroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: ID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecurityGroup is the Schema for the SecurityGroups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + SecurityGroupSpec defines the desired state of SecurityGroup. + + + Describes a security group. + properties: + description: + description: |- + A description for the security group. This is informational only. + + + Constraints: Up to 255 characters in length + + + Constraints for EC2-Classic: ASCII characters + + + Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + type: string + egressRules: + items: + description: Describes a set of permissions for a security group + rule. + properties: + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + ipRanges: + items: + description: Describes an IPv4 range. + properties: + cidrIP: + type: string + description: + type: string + type: object + type: array + ipv6Ranges: + items: + description: '[EC2-VPC only] Describes an IPv6 range.' + properties: + cidrIPv6: + type: string + description: + type: string + type: object + type: array + prefixListIDs: + items: + description: Describes a prefix list ID. + properties: + description: + type: string + prefixListID: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + userIDGroupPairs: + items: + description: |- + Describes a security group and Amazon Web Services account ID pair. + + + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + properties: + description: + type: string + groupID: + type: string + groupName: + type: string + groupRef: + description: Reference field for GroupID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + peeringStatus: + type: string + userID: + type: string + vpcID: + type: string + vpcPeeringConnectionID: + type: string + vpcRef: + description: Reference field for VPCID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + type: object + type: array + ingressRules: + items: + description: Describes a set of permissions for a security group + rule. + properties: + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + ipRanges: + items: + description: Describes an IPv4 range. + properties: + cidrIP: + type: string + description: + type: string + type: object + type: array + ipv6Ranges: + items: + description: '[EC2-VPC only] Describes an IPv6 range.' + properties: + cidrIPv6: + type: string + description: + type: string + type: object + type: array + prefixListIDs: + items: + description: Describes a prefix list ID. + properties: + description: + type: string + prefixListID: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + userIDGroupPairs: + items: + description: |- + Describes a security group and Amazon Web Services account ID pair. + + + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + properties: + description: + type: string + groupID: + type: string + groupName: + type: string + groupRef: + description: Reference field for GroupID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + peeringStatus: + type: string + userID: + type: string + vpcID: + type: string + vpcPeeringConnectionID: + type: string + vpcRef: + description: Reference field for VPCID + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + type: array + type: object + type: array + name: + description: |- + The name of the security group. + + + Constraints: Up to 255 characters in length. Cannot start with sg-. + + + Constraints for EC2-Classic: ASCII characters + + + Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$* + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: '[EC2-VPC] The ID of the VPC. Required for EC2-VPC.' + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + required: + - description + - name + type: object + status: + description: SecurityGroupStatus defines the observed state of SecurityGroup + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + id: + description: The ID of the security group. + type: string + rules: + description: Information about security group rules. + items: + description: Describes a security group rule. + properties: + cidrIPv4: + type: string + cidrIPv6: + type: string + description: + type: string + fromPort: + format: int64 + type: integer + ipProtocol: + type: string + isEgress: + type: boolean + prefixListID: + type: string + securityGroupRuleID: + type: string + tags: + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + toPort: + format: int64 + type: integer + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_subnets.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_subnets.yaml new file mode 100644 index 00000000000..955ab852974 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_subnets.yaml @@ -0,0 +1,317 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: subnets.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: Subnet + listKind: SubnetList + plural: subnets + singular: subnet + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.subnetID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Subnet is the Schema for the Subnets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + SubnetSpec defines the desired state of Subnet. + + + Describes a subnet. + properties: + assignIPv6AddressOnCreation: + type: boolean + availabilityZone: + description: |- + The Availability Zone or Local Zone for the subnet. + + + Default: Amazon Web Services selects one for you. If you create more than + one subnet in your VPC, we do not necessarily select a different zone for + each subnet. + + + To create a subnet in a Local Zone, set this value to the Local Zone ID, + for example us-west-2-lax-1a. For information about the Regions that support + Local Zones, see Available Regions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions) + in the Amazon Elastic Compute Cloud User Guide. + + + To create a subnet in an Outpost, set this value to the Availability Zone + for the Outpost and specify the Outpost ARN. + type: string + availabilityZoneID: + description: The AZ ID or the Local Zone ID of the subnet. + type: string + cidrBlock: + description: |- + The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. + We modify the specified CIDR block to its canonical form; for example, if + you specify 100.68.0.18/18, we modify it to 100.68.0.0/18. + + + This parameter is not supported for an IPv6 only subnet. + type: string + customerOwnedIPv4Pool: + type: string + enableDNS64: + type: boolean + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + ipv6CIDRBlock: + description: |- + The IPv6 network range for the subnet, in CIDR notation. The subnet size + must use a /64 prefix length. + + + This parameter is required for an IPv6 only subnet. + type: string + ipv6Native: + description: Indicates whether to create an IPv6 only subnet. + type: boolean + mapPublicIPOnLaunch: + type: boolean + outpostARN: + description: |- + The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost + ARN, you must also specify the Availability Zone of the Outpost subnet. + type: string + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + routeTables: + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the VPC. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: SubnetStatus defines the observed state of Subnet + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + availableIPAddressCount: + description: |- + The number of unused private IPv4 addresses in the subnet. The IPv4 addresses + for any stopped instances are considered unavailable. + format: int64 + type: integer + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + defaultForAZ: + description: Indicates whether this is the default subnet for the + Availability Zone. + type: boolean + enableLniAtDeviceIndex: + description: |- + Indicates the device position for local network interfaces in this subnet. + For example, 1 indicates local network interfaces in this subnet are the + secondary network interface (eth1). + format: int64 + type: integer + ipv6CIDRBlockAssociationSet: + description: Information about the IPv6 CIDR blocks associated with + the subnet. + items: + description: Describes an association between a subnet and an IPv6 + CIDR block. + properties: + associationID: + type: string + ipv6CIDRBlock: + type: string + ipv6CIDRBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + type: object + type: array + mapCustomerOwnedIPOnLaunch: + description: |- + Indicates whether a network interface created in this subnet (including a + network interface created by RunInstances) receives a customer-owned IPv4 + address. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + subnet. + type: string + privateDNSNameOptionsOnLaunch: + description: |- + The type of hostnames to assign to instances in the subnet at launch. An + instance hostname is based on the IPv4 address or ID of the instance. + properties: + enableResourceNameDNSAAAARecord: + type: boolean + enableResourceNameDNSARecord: + type: boolean + hostnameType: + type: string + type: object + state: + description: The current state of the subnet. + type: string + subnetID: + description: The ID of the subnet. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_transitgateways.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_transitgateways.yaml new file mode 100644 index 00000000000..1fa67895985 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_transitgateways.yaml @@ -0,0 +1,187 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: transitgateways.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: TransitGateway + listKind: TransitGatewayList + plural: transitgateways + singular: transitgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.transitGatewayID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: TransitGateway is the Schema for the TransitGateways API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + TransitGatewaySpec defines the desired state of TransitGateway. + + + Describes a transit gateway. + properties: + description: + description: A description of the transit gateway. + type: string + options: + description: The transit gateway options. + properties: + amazonSideASN: + format: int64 + type: integer + autoAcceptSharedAttachments: + type: string + defaultRouteTableAssociation: + type: string + defaultRouteTablePropagation: + type: string + dnsSupport: + type: string + multicastSupport: + type: string + transitGatewayCIDRBlocks: + items: + type: string + type: array + vpnECMPSupport: + type: string + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: TransitGatewayStatus defines the observed state of TransitGateway + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTime: + description: The creation time. + format: date-time + type: string + ownerID: + description: The ID of the Amazon Web Services account that owns the + transit gateway. + type: string + state: + description: The state of the transit gateway. + type: string + transitGatewayID: + description: The ID of the transit gateway. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcendpoints.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcendpoints.yaml new file mode 100644 index 00000000000..9b21629b51c --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcendpoints.yaml @@ -0,0 +1,348 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcendpoints.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCEndpoint + listKind: VPCEndpointList + plural: vpcendpoints + singular: vpcendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.vpcEndpointID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCEndpoint is the Schema for the VPCEndpoints API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcEndpointSpec defines the desired state of VpcEndpoint. + + + Describes a VPC endpoint. + properties: + dnsOptions: + description: The DNS options for the endpoint. + properties: + dnsRecordIPType: + type: string + type: object + ipAddressType: + description: The IP address type for the endpoint. + type: string + policyDocument: + description: |- + (Interface and gateway endpoints) A policy to attach to the endpoint that + controls access to the service. The policy must be in valid JSON format. + If this parameter is not specified, we attach a default policy that allows + full access to the service. + type: string + privateDNSEnabled: + description: |- + (Interface endpoint) Indicates whether to associate a private hosted zone + with the specified VPC. The private hosted zone contains a record set for + the default public DNS name for the service for the Region (for example, + kinesis.us-east-1.amazonaws.com), which resolves to the private IP addresses + of the endpoint network interfaces in the VPC. This enables you to make requests + to the default public DNS name for the service instead of the public DNS + names that are automatically generated by the VPC endpoint service. + + + To use a private hosted zone, you must set the following VPC attributes to + true: enableDnsHostnames and enableDnsSupport. Use ModifyVpcAttribute to + set the VPC attributes. + + + Default: true + type: boolean + routeTableIDs: + description: (Gateway endpoint) One or more route table IDs. + items: + type: string + type: array + routeTableRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + securityGroupIDs: + description: |- + (Interface endpoint) The ID of one or more security groups to associate with + the endpoint network interface. + items: + type: string + type: array + securityGroupRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + serviceName: + description: |- + The service name. To get a list of available services, use the DescribeVpcEndpointServices + request, or get the name from the service provider. + type: string + subnetIDs: + description: |- + (Interface and Gateway Load Balancer endpoints) The ID of one or more subnets + in which to create an endpoint network interface. For a Gateway Load Balancer + endpoint, you can specify one subnet only. + items: + type: string + type: array + subnetRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcEndpointType: + description: |- + The type of endpoint. + + + Default: Gateway + type: string + vpcID: + description: The ID of the VPC in which the endpoint will be used. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + required: + - serviceName + type: object + status: + description: VPCEndpointStatus defines the observed state of VPCEndpoint + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTimestamp: + description: The date and time that the endpoint was created. + format: date-time + type: string + dnsEntries: + description: (Interface endpoint) The DNS entries for the endpoint. + items: + description: Describes a DNS entry. + properties: + dnsName: + type: string + hostedZoneID: + type: string + type: object + type: array + groups: + description: |- + (Interface endpoint) Information about the security groups that are associated + with the network interface. + items: + description: Describes a security group. + properties: + groupID: + type: string + groupName: + type: string + type: object + type: array + lastError: + description: The last error that occurred for endpoint. + properties: + code: + type: string + message: + type: string + type: object + networkInterfaceIDs: + description: (Interface endpoint) One or more network interfaces for + the endpoint. + items: + type: string + type: array + ownerID: + description: The ID of the Amazon Web Services account that owns the + endpoint. + type: string + requesterManaged: + description: Indicates whether the endpoint is being managed by its + service. + type: boolean + state: + description: The state of the endpoint. + type: string + vpcEndpointID: + description: The ID of the endpoint. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml new file mode 100644 index 00000000000..ab828ec115a --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcendpointserviceconfigurations.yaml @@ -0,0 +1,232 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcendpointserviceconfigurations.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCEndpointServiceConfiguration + listKind: VPCEndpointServiceConfigurationList + plural: vpcendpointserviceconfigurations + singular: vpcendpointserviceconfiguration + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.serviceID + name: ServiceID + type: string + - jsonPath: .status.serviceState + name: ServiceState + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCEndpointServiceConfiguration is the Schema for the VPCEndpointServiceConfigurations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VpcEndpointServiceConfigurationSpec defines the desired state + of VpcEndpointServiceConfiguration. + properties: + acceptanceRequired: + description: |- + Indicates whether requests from service consumers to create an endpoint to + your service must be accepted manually. + type: boolean + allowedPrincipals: + description: |- + The Amazon Resource Names (ARN) of one or more principals. Permissions are + granted to the principals in this list. To grant permissions to all principals, + specify an asterisk (*). + items: + type: string + type: array + gatewayLoadBalancerARNs: + description: The Amazon Resource Names (ARNs) of one or more Gateway + Load Balancers. + items: + type: string + type: array + networkLoadBalancerARNs: + description: |- + The Amazon Resource Names (ARNs) of one or more Network Load Balancers for + your service. + items: + type: string + type: array + privateDNSName: + description: |- + (Interface endpoint configuration) The private DNS name to assign to the + VPC endpoint service. + type: string + supportedIPAddressTypes: + description: The supported IP address types. The possible values are + ipv4 and ipv6. + items: + type: string + type: array + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + type: object + status: + description: VPCEndpointServiceConfigurationStatus defines the observed + state of VPCEndpointServiceConfiguration + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + availabilityZones: + description: The Availability Zones in which the service is available. + items: + type: string + type: array + baseEndpointDNSNames: + description: The DNS names for the service. + items: + type: string + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + managesVPCEndpoints: + description: |- + Indicates whether the service manages its VPC endpoints. Management of the + service VPC endpoints using the VPC endpoint API is restricted. + type: boolean + payerResponsibility: + description: The payer responsibility. + type: string + privateDNSNameConfiguration: + description: Information about the endpoint service private DNS name + configuration. + properties: + name: + type: string + state: + type: string + type_: + type: string + value: + type: string + type: object + serviceID: + description: The ID of the service. + type: string + serviceName: + description: The name of the service. + type: string + serviceState: + description: The service state. + type: string + serviceType: + description: The type of service. + items: + description: Describes the type of service for a VPC endpoint. + properties: + serviceType: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml new file mode 100644 index 00000000000..38a2f7517a4 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcpeeringconnections.yaml @@ -0,0 +1,333 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcpeeringconnections.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPCPeeringConnection + listKind: VPCPeeringConnectionList + plural: vpcpeeringconnections + singular: vpcpeeringconnection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VPCPeeringConnection is the Schema for the VPCPeeringConnections + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcPeeringConnectionSpec defines the desired state of VpcPeeringConnection. + + + Describes a VPC peering connection. + properties: + acceptRequest: + type: boolean + accepterPeeringConnectionOptions: + description: The VPC peering connection options for the accepter VPC. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + peerOwnerID: + description: |- + The Amazon Web Services account ID of the owner of the accepter VPC. + + + Default: Your Amazon Web Services account ID + type: string + peerRegion: + description: |- + The Region code for the accepter VPC, if the accepter VPC is located in a + Region other than the Region in which you make the request. + + + Default: The Region in which you make the request. + type: string + peerVPCID: + description: |- + The ID of the VPC with which you are creating the VPC peering connection. + You must specify this parameter in the request. + type: string + peerVPCRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + requesterPeeringConnectionOptions: + description: The VPC peering connection options for the requester + VPC. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcID: + description: The ID of the requester VPC. You must specify this parameter + in the request. + type: string + vpcRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + type: object + status: + description: VPCPeeringConnectionStatus defines the observed state of + VPCPeeringConnection + properties: + accepterVPCInfo: + description: |- + Information about the accepter VPC. CIDR block information is only returned + when describing an active VPC peering connection. + properties: + cidrBlock: + type: string + cidrBlockSet: + items: + description: Describes an IPv4 CIDR block. + properties: + cidrBlock: + type: string + type: object + type: array + ipv6CIDRBlockSet: + items: + description: Describes an IPv6 CIDR block. + properties: + ipv6CIDRBlock: + type: string + type: object + type: array + ownerID: + type: string + peeringOptions: + description: |- + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + + + Describes the VPC peering connection options. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + region: + type: string + vpcID: + type: string + type: object + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + expirationTime: + description: The time that an unaccepted VPC peering connection will + expire. + format: date-time + type: string + requesterVPCInfo: + description: |- + Information about the requester VPC. CIDR block information is only returned + when describing an active VPC peering connection. + properties: + cidrBlock: + type: string + cidrBlockSet: + items: + description: Describes an IPv4 CIDR block. + properties: + cidrBlock: + type: string + type: object + type: array + ipv6CIDRBlockSet: + items: + description: Describes an IPv6 CIDR block. + properties: + ipv6CIDRBlock: + type: string + type: object + type: array + ownerID: + type: string + peeringOptions: + description: |- + We are retiring EC2-Classic on August 15, 2022. We recommend that you migrate + from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic + to a VPC (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html) + in the Amazon Elastic Compute Cloud User Guide. + + + Describes the VPC peering connection options. + properties: + allowDNSResolutionFromRemoteVPC: + type: boolean + allowEgressFromLocalClassicLinkToRemoteVPC: + type: boolean + allowEgressFromLocalVPCToRemoteClassicLink: + type: boolean + type: object + region: + type: string + vpcID: + type: string + type: object + status: + description: The status of the VPC peering connection. + properties: + code: + type: string + message: + type: string + type: object + vpcPeeringConnectionID: + description: The ID of the VPC peering connection. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcs.yaml b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcs.yaml new file mode 100644 index 00000000000..70c81398a50 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/manifests/ec2.services.k8s.aws_vpcs.yaml @@ -0,0 +1,297 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: vpcs.ec2.services.k8s.aws +spec: + group: ec2.services.k8s.aws + names: + kind: VPC + listKind: VPCList + plural: vpcs + singular: vpc + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.vpcID + name: ID + type: string + - jsonPath: .status.state + name: state + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: VPC is the Schema for the VPCS API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + VpcSpec defines the desired state of Vpc. + + + Describes a VPC. + properties: + amazonProvidedIPv6CIDRBlock: + description: |- + Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for + the VPC. You cannot specify the range of IP addresses, or the size of the + CIDR block. + type: boolean + cidrBlocks: + items: + type: string + type: array + disallowSecurityGroupDefaultRules: + type: boolean + enableDNSHostnames: + description: The attribute value. The valid values are true or false. + type: boolean + enableDNSSupport: + description: The attribute value. The valid values are true or false. + type: boolean + instanceTenancy: + description: |- + The tenancy options for instances launched into the VPC. For default, instances + are launched with shared tenancy by default. You can launch instances with + any tenancy into a shared tenancy VPC. For dedicated, instances are launched + as dedicated tenancy instances by default. You can only launch instances + with a tenancy of dedicated or host into a dedicated tenancy VPC. + + + Important: The host value cannot be used with this parameter. Use the default + or dedicated values only. + + + Default: default + type: string + ipv4IPAMPoolID: + description: |- + The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. + For more information, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + type: string + ipv4NetmaskLength: + description: |- + The netmask length of the IPv4 CIDR you want to allocate to this VPC from + an Amazon VPC IP Address Manager (IPAM) pool. For more information about + IPAM, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + format: int64 + type: integer + ipv6CIDRBlock: + description: |- + The IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool + in the request. + + + To let Amazon choose the IPv6 CIDR block for you, omit this parameter. + type: string + ipv6CIDRBlockNetworkBorderGroup: + description: |- + The name of the location from which we advertise the IPV6 CIDR block. Use + this parameter to limit the address to this location. + + + You must set AmazonProvidedIpv6CidrBlock to true to use this parameter. + type: string + ipv6IPAMPoolID: + description: |- + The ID of an IPv6 IPAM pool which will be used to allocate this VPC an IPv6 + CIDR. IPAM is a VPC feature that you can use to automate your IP address + management workflows including assigning, tracking, troubleshooting, and + auditing IP addresses across Amazon Web Services Regions and accounts throughout + your Amazon Web Services Organization. For more information, see What is + IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + type: string + ipv6NetmaskLength: + description: |- + The netmask length of the IPv6 CIDR you want to allocate to this VPC from + an Amazon VPC IP Address Manager (IPAM) pool. For more information about + IPAM, see What is IPAM? (https://docs.aws.amazon.com/vpc/latest/ipam/what-is-it-ipam.html) + in the Amazon VPC IPAM User Guide. + format: int64 + type: integer + ipv6Pool: + description: The ID of an IPv6 address pool from which to allocate + the IPv6 CIDR block. + type: string + tags: + description: |- + The tags. The value parameter is required, but if you don't want the tag + to have a value, specify the parameter with no value, and we set the value + to an empty string. + items: + description: Describes a tag. + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - cidrBlocks + type: object + status: + description: VPCStatus defines the observed state of VPC + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + cidrBlockAssociationSet: + description: Information about the IPv4 CIDR blocks associated with + the VPC. + items: + description: Describes an IPv4 CIDR block associated with a VPC. + properties: + associationID: + type: string + cidrBlock: + type: string + cidrBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + type: object + type: array + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + dhcpOptionsID: + description: The ID of the set of DHCP options you've associated with + the VPC. + type: string + ipv6CIDRBlockAssociationSet: + description: Information about the IPv6 CIDR blocks associated with + the VPC. + items: + description: Describes an IPv6 CIDR block associated with a VPC. + properties: + associationID: + type: string + ipv6CIDRBlock: + type: string + ipv6CIDRBlockState: + description: Describes the state of a CIDR block. + properties: + state: + type: string + statusMessage: + type: string + type: object + ipv6Pool: + type: string + networkBorderGroup: + type: string + type: object + type: array + isDefault: + description: Indicates whether the VPC is the default VPC. + type: boolean + ownerID: + description: The ID of the Amazon Web Services account that owns the + VPC. + type: string + securityGroupDefaultRulesExist: + type: boolean + state: + description: The current state of the VPC. + type: string + vpcID: + description: The ID of the VPC. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/ack-ec2-controller/1.2.24/metadata/annotations.yaml b/operators/ack-ec2-controller/1.2.24/metadata/annotations.yaml new file mode 100644 index 00000000000..09db878affb --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ack-ec2-controller + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.28.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/ack-ec2-controller/1.2.24/tests/scorecard/config.yaml b/operators/ack-ec2-controller/1.2.24/tests/scorecard/config.yaml new file mode 100644 index 00000000000..382ddefd156 --- /dev/null +++ b/operators/ack-ec2-controller/1.2.24/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/apicurio-registry/1.1.3-v2.6.4.final/bundle.Dockerfile b/operators/apicurio-registry/1.1.3-v2.6.4.final/bundle.Dockerfile new file mode 100644 index 00000000000..3cee960d579 --- /dev/null +++ b/operators/apicurio-registry/1.1.3-v2.6.4.final/bundle.Dockerfile @@ -0,0 +1,23 @@ +FROM scratch + +LABEL com.redhat.openshift.versions=v4.6 + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=apicurio-registry +LABEL operators.operatorframework.io.bundle.channels.v1=2.x +LABEL operators.operatorframework.io.bundle.channel.default.v1=2.x +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.13.0+git +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/1.1.3-v2.6.4.final/manifests /manifests/ +COPY bundle/1.1.3-v2.6.4.final/metadata /metadata/ +COPY bundle/1.1.3-v2.6.4.final/tests/scorecard /tests/scorecard/ diff --git a/operators/apicurio-registry/1.1.3-v2.6.4.final/manifests/apicurio-registry-operator.clusterserviceversion.yaml b/operators/apicurio-registry/1.1.3-v2.6.4.final/manifests/apicurio-registry-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..674544dc1a6 --- /dev/null +++ b/operators/apicurio-registry/1.1.3-v2.6.4.final/manifests/apicurio-registry-operator.clusterserviceversion.yaml @@ -0,0 +1,565 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "registry.apicur.io/v1", + "kind": "ApicurioRegistry", + "metadata": { + "name": "example-apicurioregistry-mem" + }, + "spec": { + "configuration": { + "persistence": "mem" + } + } + } + ] + capabilities: Basic Install + categories: Streaming & Messaging + certified: "false" + containerImage: quay.io/apicurio/apicurio-registry-operator:1.1.3 + createdAt: "2024-09-17" + description: Deploy and manage Apicurio Registry on Kubernetes. + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + features.operators.openshift.io/disconnected: "false" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operators.openshift.io/infrastructure-features: '[]' + operators.operatorframework.io/builder: operator-sdk-v1.13.0+git + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/Apicurio/apicurio-registry-operator + support: Apicurio + name: apicurio-registry-operator.v1.1.3-v2.6.4.final + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ApicurioRegistry represents an Apicurio Registry instance + displayName: Apicurio Registry + kind: ApicurioRegistry + name: apicurioregistries.registry.apicur.io + specDescriptors: + - description: ' ' + displayName: Apicurio Registry application configuration + path: configuration + - description: Type of storage used by Apicurio Registry. Default value is `mem`. + displayName: Storage + path: configuration.persistence + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:mem + - urn:alm:descriptor:com.tectonic.ui:select:sql + - urn:alm:descriptor:com.tectonic.ui:select:kafkasql + - description: ' ' + displayName: Configuration of Apicurio Registry SQL storage + path: configuration.sql + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:configuration.persistence:sql + - description: ' ' + displayName: SQL data source + path: configuration.sql.dataSource + - description: 'URL of the PostgreSQL database, for example: `jdbc:postgresql://..svc:5432/`.' + displayName: Data source URL + path: configuration.sql.dataSource.url + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: ' ' + displayName: Data source username + path: configuration.sql.dataSource.userName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: ' ' + displayName: Data source password + path: configuration.sql.dataSource.password + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:password + - description: ' ' + displayName: Configuration of Apicurio Registry KafkaSQL storage + path: configuration.kafkasql + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldDependency:configuration.persistence:kafkasql + - description: 'URL of one of the Kafka brokers, which provide initial metadata about the Kafka cluster, for example: `..svc:9092`.' + displayName: Kafka bootstrap servers URL + path: configuration.kafkasql.bootstrapServers + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Provide the following configuration options if your Kafka cluster is secured using TLS or SCRAM. + displayName: Kafka security configuration + path: configuration.kafkasql.security + - description: Kafka is secured using TLS. + displayName: TLS + path: configuration.kafkasql.security.tls + - description: Name of a Secret that contains TLS truststore (in PKCS12 format) under the `ca.p12` key, and truststore password under the `ca.password` key. + displayName: Truststore Secret name + path: configuration.kafkasql.security.tls.truststoreSecretName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of a Secret that contains TLS keystore (in PKCS12 format) under the `user.p12` key, and keystore password under the `user.password` key. + displayName: Keystore Secret name + path: configuration.kafkasql.security.tls.keystoreSecretName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Kafka is secured using SCRAM. + displayName: SCRAM + path: configuration.kafkasql.security.scram + - description: Name of a Secret that contains TLS truststore (in PKCS12 format) under the `ca.p12` key, and truststore password under the `ca.password` key. + displayName: Trust store Secret name + path: configuration.kafkasql.security.scram.truststoreSecretName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: ' ' + displayName: User name + path: configuration.kafkasql.security.scram.user + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Name of the SCRAM mechanism, default value is SCRAM-SHA-512. + displayName: Mechanism + path: configuration.kafkasql.security.scram.mechanism + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:SCRAM-SHA-512 + - urn:alm:descriptor:com.tectonic.ui:select:SCRAM-SHA-256 + - description: Name of a Secret that contains password of the SCRAM user under the `password` key. + displayName: User password Secret name + path: configuration.kafkasql.security.scram.passwordSecretName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: ' ' + displayName: Configuration of Apicurio Registry web console + path: configuration.ui + - description: 'Set the web console to read-only mode. WARNING: This does not affect access to the Apicurio REST API.' + displayName: Read-only + path: configuration.ui.readOnly + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:checkbox + - description: ' ' + displayName: Apicurio Registry application log level + path: configuration.registryLogLevel + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:INFO + - urn:alm:descriptor:com.tectonic.ui:select:DEBUG + - description: ' ' + displayName: Third-party (non-Apicurio) library log level + path: configuration.logLevel + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:INFO + - urn:alm:descriptor:com.tectonic.ui:select:DEBUG + - description: ' ' + displayName: Security configuration + path: configuration.security + - description: Configure Apicurio Registry to use Keycloak for Identity and Access Management (IAM). + displayName: Keycloak + path: configuration.security.keycloak + - description: URL of the Keycloak auth endpoint, must end with `/auth`. + displayName: Keycloak auth URL + path: configuration.security.keycloak.url + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: ' ' + displayName: Keycloak realm + path: configuration.security.keycloak.realm + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: ' ' + displayName: Client ID for the REST API + path: configuration.security.keycloak.apiClientId + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: ' ' + displayName: Client ID for the UI + path: configuration.security.keycloak.uiClientId + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Configure Apicurio Registry to be accessible using HTTPS. + displayName: HTTPS + path: configuration.security.https + - description: Name of a Secret that contains HTTPS certificate under the `tls.crt` key, and the private key under the `tls.key` key. + displayName: HTTPS certificate and private key Secret name + path: configuration.security.https.secretName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Disable HTTP if HTTPS is enabled. + displayName: Disable HTTP + path: configuration.security.https.disableHttp + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:checkbox + - description: List of additional environment variables that will be provided to the Apicurio Registry application. + displayName: Environment variables + path: configuration.env + - description: ' ' + displayName: Apicurio Registry deployment configuration + path: deployment + - description: The required number of Apicurio Registry pods. Default value is 1. + displayName: Replicas + path: deployment.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: Apicurio Registry application hostname (part of the URL without the protocol and path). + displayName: Hostname + path: deployment.host + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: ' ' + displayName: Affinity + path: deployment.affinity + - displayName: Pod affinity + path: deployment.affinity.podAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAffinity + - displayName: Pod anti-affinity + path: deployment.affinity.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - displayName: Node affinity + path: deployment.affinity.nodeAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:nodeAffinity + - description: ' ' + displayName: Tolerations + path: deployment.tolerations + - description: ' ' + displayName: Metadata of the Apicurio Registry pod + path: deployment.metadata + - description: Additional Apicurio Registry Pod annotations. + displayName: Annotations + path: deployment.metadata.annotations + - description: Additional Apicurio Registry Pod labels. + displayName: Labels + path: deployment.metadata.labels + - description: Replaces the default Apicurio Registry application image. Overrides the values in the REGISTRY_IMAGE_MEM, REGISTRY_IMAGE_KAFKASQL and REGISTRY_IMAGE_SQL Operator environment variables. + displayName: Apicurio Registry image + path: deployment.image + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: List of Secrets to use when pulling the Apicurio Registry image. + displayName: Apicurio Registry image pull secrets + path: deployment.imagePullSecrets + - description: Configure how the Operator manages Kubernetes resources. + displayName: Apicurio Registry managed resources + path: deployment.managedResources + - description: Operator will not create or manage an Ingress for Apicurio Registry, so it can be done manually. + displayName: Disable Ingress + path: deployment.managedResources.disableIngress + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:checkbox + - description: Operator will not create or manage a NetworkPolicy for Apicurio Registry, so it can be done manually. + displayName: Disable NetworkPolicy + path: deployment.managedResources.disableNetworkPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:checkbox + - description: Operator will not create or manage a PodDisruptionBudget for Apicurio Registry, so it can be done manually. + displayName: Disable PodDisruptionBudget + path: deployment.managedResources.disablePodDisruptionBudget + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:checkbox + - description: 'With some restrictions, the Apicurio Registry Operator forwards the data from this field to the corresponding "spec.template" field in the Apicurio Registry Deployment. This feature provides greater configuration flexibility, without the need for the Operator to natively support each use case. WARNING: This feature is a Technology Preview feature only.' + displayName: Configure Apicurio Registry pod template + path: deployment.podTemplateSpecPreview + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + statusDescriptors: + - description: ' ' + displayName: Information about the Apicurio Registry application + path: info + - description: ' ' + displayName: Apicurio Registry URL + path: info.host + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:text + - description: Apicurio Registry application and Operator conditions. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1 + description: | + ## Apicurio Registry + + Apicurio Registry stores and retrieves API designs and event schemas, + and gives you control of their evolution. + + **Features** + - Supports: Apache Avro, AsyncAPI, GraphQL, JSON Schema, Kafka Connect Schema, OpenAPI, Protobuf + - Provides a REST API and web UI to manage the artifacts and artifact meta-data + - Includes Serializers and Deserializers for Kafka client integration + - Configurable rules to control schema validity and evolution (compatibility) + - Storage options: Kafka, PostgreSQL, in-memory + - Compatible with Confluent and IBM APIs + - Runs on a lightweight Quarkus platform + - Includes Maven plugin to integrate with Maven based builds + + ## Apicurio Registry Operator + + Provides a quick and easy way to deploy and manage Apicurio Registry on Kubernetes. + + **Features** + - Supports installation and configuration of the Registry for all storage options + - Easily perform a rolling upgrade of Apicurio Registry + + ## Prerequisites + + This operator does not deploy storage for Apicurio Registry. Therefore, some storage options require that the chosen persistence service is already set up. + + ## License + + Apicurio Registry Operator is licensed under the [Apache 2.0 license](https://github.com/Apicurio/apicurio-registry-operator/blob/main/LICENSE) + displayName: Apicurio Registry Operator + icon: + - base64data: /9j/4AAQSkZJRgABAQAAAQABAAD/4gKgSUNDX1BST0ZJTEUAAQEAAAKQbGNtcwQwAABtbnRyUkdCIFhZWiAH4gABABAADQAZAB9hY3NwQVBQTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9tYAAQAAAADTLWxjbXMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtkZXNjAAABCAAAADhjcHJ0AAABQAAAAE53dHB0AAABkAAAABRjaGFkAAABpAAAACxyWFlaAAAB0AAAABRiWFlaAAAB5AAAABRnWFlaAAAB+AAAABRyVFJDAAACDAAAACBnVFJDAAACLAAAACBiVFJDAAACTAAAACBjaHJtAAACbAAAACRtbHVjAAAAAAAAAAEAAAAMZW5VUwAAABwAAAAcAHMAUgBHAEIAIABiAHUAaQBsAHQALQBpAG4AAG1sdWMAAAAAAAAAAQAAAAxlblVTAAAAMgAAABwATgBvACAAYwBvAHAAeQByAGkAZwBoAHQALAAgAHUAcwBlACAAZgByAGUAZQBsAHkAAAAAWFlaIAAAAAAAAPbWAAEAAAAA0y1zZjMyAAAAAAABDEoAAAXj///zKgAAB5sAAP2H///7ov///aMAAAPYAADAlFhZWiAAAAAAAABvlAAAOO4AAAOQWFlaIAAAAAAAACSdAAAPgwAAtr5YWVogAAAAAAAAYqUAALeQAAAY3nBhcmEAAAAAAAMAAAACZmYAAPKnAAANWQAAE9AAAApbcGFyYQAAAAAAAwAAAAJmZgAA8qcAAA1ZAAAT0AAACltwYXJhAAAAAAADAAAAAmZmAADypwAADVkAABPQAAAKW2Nocm0AAAAAAAMAAAAAo9cAAFR7AABMzQAAmZoAACZmAAAPXP/bAEMABQMEBAQDBQQEBAUFBQYHDAgHBwcHDwsLCQwRDxISEQ8RERMWHBcTFBoVEREYIRgaHR0fHx8TFyIkIh4kHB4fHv/bAEMBBQUFBwYHDggIDh4UERQeHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHv/CABEIAMgAyAMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABwgBBQYEAwL/xAAbAQEAAgMBAQAAAAAAAAAAAAAABAUCAwYHAf/aAAwDAQACEAMQAAABmUAAA1hs8QjG5ZnS1rFkdnVsXG+1O5CLBPB7wAAAAAAQ6beCvJgAAezfWKI2lP0R/rlSNrIP08W+nnoqySdlqk0TOcAAAHjOHrxsNcAAOt0VqD1abywtFvvfq32r+w+LtOo218R5nL0bIeo7fn+gm8wGyIAAiKXauHLAAGxJo7rZ8frlRD8p19sPpY/kvEZb6qWdZA3h1T51/MGMJVg9rWfe5xJ+E7lwAPhT219TjAAEmxlOpK4APzBU78LHt4eFZ3QDOBZP0abc3PmQZawNBVK1tUgABYOvk1ExAAch18dap8Uip9CAZxkn/d6Td3HmoZ6ANBVK1tUgAB7PGLOdhTTpC07ywZpsZbhHy4r+vDVYgM4yT/u9Ju7jzUM9AGgqla2qQAAziTT2ST1QaHfMdkVR1ZqI4XT8AIfTAM4yT/u9Ju7jzUM9AGgqla2qQAAsJXuw5IoAHG9lyGqZCYqfRQGcZJ/3ek3dx5qGegDS1OuTUw1AAFi68WwNwAByXW+DCRXN9PnT+kgD3MZ03P4/d15mH3ABwndinXwthHJCuZk7s46XQAAAjyKLNc/E6GBEm/uLeRnM+528vnwlUQAAAAAAAAAAAAAAAAAAAAAAAAAAH//EACcQAAEEAgIABgMBAQAAAAAAAAQBAgMFBiAANQcRExQhMBASFUBg/9oACAEBAAEFAvpVURCbirHV+VUrVTLKVVgyCmlWKWKVv+GwPEr4rTNJXcNsTTF0gmmgfT5RbskBneSP92SZREEpZM5c2og05c1PhrUQQQYSPk9gFByG7rZZ/rzHI1Yu2P0hNtNVVolaPNLHDHY5NG3hlkcX+cau18/pzS6/ni7Y1TS2xYo8Io9zbQVzLA8k6XXFrT3cO5pEYglkXKcbrXCSnGVQMNcFkFu0COWR8snIo5JXiY4fNyDFxW8ZQVbefxavkNMBDPv4in/pBt4f1noh3B7K8OeWSeZqK51Vjb5OCijisVURJrEGLjr6qTiX9UvIrSvl41zXJtlZXu77WtGcYfDGyGEuqltDY6KrY0WtBFlNJiDHOyed/CSyiV0oinDWepD/AEh3uVz9fDwb1bbRzUc3Ia/2B2qfCjP9QbS9d+lNt4bM8gNc0iR1btSL51GmRdFt4dJ5UeuX9NtQ9PpkXRbeHBrfT1zUpEg2oen0yLotgyJRCaC/EtI/zb2w1fGWRKURtQ9PpkXRbp8KJe2wyxyOcITb2M7l+V3oen0yLot6LEHzxiY9TjO4TT107rXG3RsX43oen0yLotsBrWFHa5iC2Ejah6fTIui28PGolFrmCItPtQ9PpkXRbeHvQ65f021D0+l8xX0u3h+1Ux/XLU86XakaranR7Uey3DeBY6Rtc99KJ7Cr1sB/dBSNdG/QAd5ZbGoxmuW0aWsE8UkEv4T55hmPPgfvk9M6dV+F/EbHyPxyp9hHvaVINk0nCGecODr+1Tj9bXL9NjUBHLJivzDirfOvrRAU/wCP/8QAOREAAAQDBAUFEQAAAAAAAAAAAQIDBAAFERIhMHEGEyAzUUBBQpGhEBQVFiIjJDEyNENSU4Gx0fD/2gAIAQMBAT8B5I2ZrORomEI6OfVP1RMJHqSW0L6evClUo7486r7P5gpSJFoFwQtN2iXSrlA6RN/lH++8PToqK20bgHAaESFSqw+SEDpCgUKEKMenTUa9HshLRwPiH6o8XW3Eez9Q40eKUgmTNhSVyZFyBeY2wsWyoYuDKyCd2SnHYdb4+Y4DCXHe1sjSkS+WpswuvHjsOt8fMcBNU6Q1INIk82OqfUrX8B2HW+PmODLvek89h1vj5jgtFASXIceYYC/uGMBQEwwqe2cTccKWzvUF1a14R4aZ0rb7BiZTkXIatO4vLf/EACYRAAEDAwMEAgMAAAAAAAAAAAEAAgMEETASIDIUITFRQEEQIiP/2gAIAQIBAT8B+I+RrPKdWegoqnUbOxT1Gns3yiSSm08jvpdI9RhwbZ2CQut+q6R32V/OBGs9BdW9Mq7nuMVSzUy+xpuMMxsw7GcRglmEalmMmxnEYC0HyqiAAam7GcRhm4HYziMLxdpH5AugLC2Kam1G7V08npQ0+jufm//EAEEQAAECAwIJBgsHBQAAAAAAAAECAwAEERIgISIxQVFSYXOxBRMjMEJxEBQyMzRTYnKBkcEkQENjgqHRYIOS4fD/2gAIAQEABj8C6mpNIo7PMA6Aqp/aPSVK7mzHn1j+2YomfaHvYvGLTTiFjSk1+5c5NvpbGbSYKOTmA2PWOYT8orMzTrmwnB8rttl1batKTSEtKR48NWmN8xAdXLuy5PYcy9eqWkrLsxnV2UfyYL0y6pxZzqvBmXaU44cwgOcpuWj6pBwfExYlmENJ9keDpZppOy1AZRMYxyVBA6xfJ0gvGyOujNsF/E6NhPluH/ssc1Kt01lZ1d8Fx1aUJGcmCiSbtnXVkjpphZGqMA8KZOcXsbWeB6rxWXV9pdGXUTpv0wpl0ecX9O+EsMICG0igAihx3jkQPrFt9ddCcwveLPK6ZsYDrDqHJl00Q2mph2ae8pZr3bLzcqyKrWflCJVgYE5TrHTHNtUVMKyDV2wXHFFSlYST4LDSFLVoAirthge1ljpn3XO7BHo9rvUY9DR+8JfZaLa05CFnqGeT0Hy8dfdmvnlBxPSPYEbEwXjhXkQnSYU66q0tRqTASkEk5hAcniW0+rGWLEu0lsbIqY6SbZH6o9Jr3IMek0/QYxJxr4mkVSoEbL8yutUpVYT8MF5mVRlcWEwhpsUSgUEc9NOFthGBtsZe+KeLBW1RMc6xLpQvTCn3rVhOgVizKNhoaysJir77i+83WFWiEFVFdxvOOaiSYKjlJrecmCPMt4O83SlQqDlEWUeaXjI/i9WG3NZIN2cV+SrhfmndLoHyH+7yHc6HON+VP5Yuzu4VwvuHS+eAvK99N+V3Yuzu4VwvvyCjjV5xH1vNSgOMo21d1+V3Yuzu4VwvomGFWXEGoMBNoNTPabJ4XCCQt7M2PrCn3lVWq/K7sXZ3cK4dRUQmxOukJ7KzUQl4ooootWfhkhVqZcSD2UmgEVPUSu7F2d3CuHUJf5RWppJyNp8r46ISpuTSVJyFZKvAVOSybRykYILsiorA/DVl+EUN+V3Yuzu4VwvrnHU1RL+SPavJm2xQO4Fe9fld2Ls7uFcL6znL5r8heJ0OC/K7sXZ3cK4XzvlfS8r3035Xdi7OJGUsq4XwdZ1RvL2KTxvyoPqxdKVYQRQw9Kr7CsG0ZrqUIFVKNAIYlc6E43fnvOy+umkKQsUUk0Iuty6MqzAQnIBQXg6xQTTYxfaGiFNOoUhacBSfDghPKM8iyv8ACbObaeoM5Kpq520a22KHwhCElSjkAjnnqeMLH+I0dRSaYClZljAofGPs8+oDQtFY6XlDB7LcBbbXOOj8RzCeqtON2XNdGAx0c5g9pEdNNkjQlMdA1jaxwn+kP//EACoQAQABAgQFBQEBAAMAAAAAAAERACEgMUFRMGFxocGBkbHR8BDxQGDh/9oACAEBAAE/IeCgADVqPMZwb0lUePwulRjqmoUlef4K5KLI7f8AC27OWeiZtN7AT2ch6zSeU/iWwiADVrtTV1t4fkms82QAPbjxpu2cn4tWZZ9p/wAxZF7Tn/K19rZD5PT3o9ttDPV1/lrY5C+xRKlYSh2l4kIMX33W+7jg9wsrHI3oeLPNu26rOxlGKV0Gy/QZtKMh1Oyf1Ekm5fjk8JCg5Jn5DpSqysuKR5UfE5v5D9Nky0u77CpswZVumYku68P3JwJ5QfVStTbtmg6GKx7M2Gq8gqCwfM1FzamcHyBu8FIJaWlX+GkjKU0YTHdPsKvzG0T5rW/VvNWo7n2pvVz9k4DQGu3sye8vpjCLsxMnX1fgqI1PytKcZJClgtAErRyouZvq6V02au9XNpAgBq0nCO0V7UrHvHxWuOr66eBK6Su9c95KTHAfsO+6cWrojY1fQmowmnsBBTLfdM1W00SlNyfmnKYRmY6TlW+UL6m38eeh3roktn2ywwNhKbZHmcU4/Sk1nLpeuI5GPiPxOEupoQslSQMfRNfRiSAzL1/vWmFxsz52M4S8z6mJGu2J5Bnxjdhn6+JVzUeL/M3xGfFRVC+WZ1ID4GI+1ibDLv8AGIz4qKn/AP6ltTOGN2d953wQgVeX+hUgiyu3I5YjPjIqSCImSUht03NyZp3Ib1jdRjVeylqSiKua4zPioqBWC7RZnnNDm+FKFqVCd7sfyTaZWud7VfE4/Ia9KCkETMcRnxUVCyjSZLyfTP2xSKWiZc3qfGIz4qKiyXVYhyF2nc84jPioq/K2xPzN8RniRc3g8ZEZAdjxidJqnGJqHx4Qmlg3GjezJ+69sKsSBZq5FZJxxGrv3OInrSh2dO9KVYRomETbEXY1faj8g3QMQlXcbG98Utd4WEf6FAFXIqEEkkv52xwLDYtZ8jnQUBEsj/XffApVqdFQHX7m/Ai6BFAFN0l8sJ8VkFy3+7TtsskHTQ4SyZf+ho0+S5LnZo0uSH3WrEhEN99f+of/2gAMAwEAAgADAAAAEPPPOKPDPPPPPPPPPBPPKPpmvPPPPLPPKOONaFfPPPPPOD9bbXH/ADzxDzzjzwn331/zzzzyzzyn32lbzzzzyxza732lbzzzzyhy6/32lbzzzzzzzzv32lbzwDzyTzy7T3v3zzxTBzzzx3aTzzzzzzzzzzzzzzzzzzzzzzzzzzzz/8QAJxEBAAEBBQgDAQAAAAAAAAAAAREAITAxQVEgYXGBkaGx0RDB8ED/2gAIAQMBAT8Q/klzdXAOLh906DyB9vqrdkYDa8SA6XSgscpn6HnLWjJgcgpRGbm74d6C2LyKPBbQiBDnELZcEolo6ugcexNPbCLMA8sHKoSMDrB9vVqFNroPt9UQ/fQ6lQWEGYykjxdTjyk35PXs/LQkZKdG5GTgHkWux+Rq3D0YQmd+hypeuXFeDQ2PyNW4ljW5TxQRpPEsyeWDsfkatyoi0+dj8jVucEAF4TbSBJ8PzAEvAreeXqzdIJI4JiGjqdzfSPaWnimJqYri+jz2/t//xAAnEQABAgUCBQUAAAAAAAAAAAABABEgITBBoTFREECx0fBhcYGR4f/aAAgBAgEBPxDlAjmv0lbF9KXhjJxGZKmEnuhvDz4WsgigA0JlApcClNfKN3l6Qz3RAClAJcIGE0ROtoMQUGFw7olOQ2gxBQEsDr7UCDEFHDgxBROMuFpwITBNGylYIqe3UEEtc9Od/8QAKBABAAECBgICAwEBAQEAAAAAAREAISAxQVFhcYGRofAQMMGxQGDh/9oACAEBAAE/EP0niqVIDzSrL8nYkHqmEX1UfIoA52in+VkrrIx2gfNEHMkWvKT/AInrAN+Rodzo7qY4EBIXuLsZulb3YMPQgeDCoLBLVcop4GEjYzoJXpS2B58t7m3cPB++9ir3hmMjZY1dKWI2co2DIbBAYnJpnaN1yBqsBSQkhdYZvIj2o88IRPlmLlWlAnSnEHzXyI1sfRBBACXTf9jMplwrJNloDLIvKKrKy4o2IpP8ftaZGamsCXDB8sXqwaBQnHkovLrxUa6mC9o/JHTRk5Tb3qHzNSzP4Y9Yv6chn0nTp+oyz924s8LxshdCmSEZVZXFbRgTIbmm/AXdBPS4GAN3VXNW63aWoWtqbJ/9nTenD2mzG39GV3wkjJNNIRLbjYebA7kO/wCiVc/M0Cw5WA5SmAp3ZMviAB1iWsMybjZAV6q6dVQG++eiDIq7tFrr0d/Zm2zb9WRFqv4X58Lv4KzyUiz+ePKUWamh/nXyUISjeW/xSnsSakCHMpsiKESRNn9CTYTWvDcPqccb9udKuNop63KDW+xzS3hmuxyUyfCt1f8AAyDQo0AFCHIAutQf0QIvV1JeqKlBD71Lna0SFpUgPNLjnP4hJpmijYPZVkJDta5Gag+qNFkfIqeTGs9o2m24QvOJHk5wn1yPFExF8sMHopoXJhHbls3eIWIGIqIPF0r/AB8VDPjKp1uN3EUpAguJHIgyvqwbtZGsgim4UHDlyWnoWeCp/MtQKRdjuVMmPgxHFoTnn/ikYVBdVS/7imkJNMmi9x98LarzJRCJqUE+AizehHl8JicmFA7JembZVnpf7hZtFiOr+04s0TO4EHyxQcRjhA9nriLoVIoJL1D+YfrN2MYq/rh/n7JMjuvtucP1m7HBKpxdgzqWOVxJGHA3Che0uJkd19tzh+s3YxunJcnUTVEiai0d2MIOsjnbZNTVk/E0wt2Wy0UfNd0KQ5pOBoGgIA4xZHdfbc4frN36FgMKIR3KFqsMOaE5HLOtfJWCF2likDFZANhBgyzmlwtKJV3XHkd19tzh+s3YyQKMAF1oYWI8ZcUElwXeGge7IgZQaU3y/A/bkcWd0J8UKaFQY8EHYTy0tBkBCJo4sjuvtucP1m7G4ZGWZRQ1iPZWIrxhIAJ+QvKdcWR3X23OH6zdjMOaqGBPgxAiUfZX/BYsjuvtucP1m7/jbyZHdfbc4QTgQ3uf5TiFuOXw/qsReydSgf0xGY0hIWR0mX9wmFQDIEJ6afGRnIGuPaPMmmEenVytAG6oUa08iC4PZiaUTFlmvwCjoFZCqEfJhQixUtnvwBfFRCCWwAHoxLUwIMzl0ZunJUbNkFBVnaI/lagABKroU0XUDZkaRdwmW8RjhB9lsBYdSEJqBF81gsgQiZifkAY3a2gGdDDqAQZkHVWkbAZS4zkizx+BdOGTilyFsiDzlFhOG6JHcJ6ajVQhP3MHaE8/qcUe7Cu9j5BqfZxtYvNz0UBFG42+RHqs7vGh8rI4IP8AyH//2Q== + mediatype: image/jpeg + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - config.openshift.io + resources: + - clusterversions + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - pods + - secrets + - services + - services/finalizers + verbs: + - '*' + - apiGroups: + - events + resources: + - events + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - registry.apicur.io + resources: + - apicurioregistries + verbs: + - '*' + - apiGroups: + - registry.apicur.io + resources: + - apicurioregistries/finalizers + verbs: + - update + - apiGroups: + - registry.apicur.io + resources: + - apicurioregistries/status + verbs: + - get + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: apicurio-registry-operator + deployments: + - name: apicurio-registry-operator-v1.1.3 + spec: + replicas: 1 + selector: + matchLabels: + apicur.io/name: apicurio-registry-operator + apicur.io/type: operator + apicur.io/version: 1.1.3 + name: apicurio-registry-operator + strategy: {} + template: + metadata: + labels: + apicur.io/name: apicurio-registry-operator + apicur.io/type: operator + apicur.io/version: 1.1.3 + name: apicurio-registry-operator + spec: + containers: + - args: + - --leader-elect + command: + - /manager + env: + - name: REGISTRY_VERSION + value: 2.6.4.Final + - name: REGISTRY_IMAGE_MEM + value: quay.io/apicurio/apicurio-registry-mem:2.6.4.Final + - name: REGISTRY_IMAGE_KAFKASQL + value: quay.io/apicurio/apicurio-registry-kafkasql:2.6.4.Final + - name: REGISTRY_IMAGE_SQL + value: quay.io/apicurio/apicurio-registry-sql:2.6.4.Final + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: apicurio-registry-operator + image: quay.io/apicurio/apicurio-registry-operator:1.1.3 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: apicurio-registry-operator + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: apicurio-registry-operator + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: apicurio-registry-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - integration + - streaming + - messaging + - api + - schemas + - registry + - apicurio + - apicurio-registry + links: + - name: Website + url: https://www.apicur.io/ + - name: GitHub + url: https://github.com/Apicurio/apicurio-registry/ + - name: Issues + url: https://github.com/Apicurio/apicurio-registry/issues + - name: Twitter + url: https://twitter.com/Apicurio + maintainers: + - email: apicurio@lists.jboss.org + name: Apicurio + maturity: alpha + minKubeVersion: 1.19.0 + provider: + name: Apicurio + replaces: apicurio-registry-operator.v1.1.2-v2.5.11.final + selector: {} + version: 1.1.3-v2.6.4.final diff --git a/operators/apicurio-registry/1.1.3-v2.6.4.final/manifests/registry.apicur.io_apicurioregistries.yaml b/operators/apicurio-registry/1.1.3-v2.6.4.final/manifests/registry.apicur.io_apicurioregistries.yaml new file mode 100644 index 00000000000..50631f37a62 --- /dev/null +++ b/operators/apicurio-registry/1.1.3-v2.6.4.final/manifests/registry.apicur.io_apicurioregistries.yaml @@ -0,0 +1,4926 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + creationTimestamp: null + labels: + apicur.io/name: apicurio-registry-operator + apicur.io/type: operator + apicur.io/version: 1.1.3 + name: apicurioregistries.registry.apicur.io +spec: + group: registry.apicur.io + names: + kind: ApicurioRegistry + listKind: ApicurioRegistryList + plural: apicurioregistries + singular: apicurioregistry + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ApicurioRegistry represents an Apicurio Registry instance + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApicurioRegistrySpec defines the desired state of ApicurioRegistry + properties: + configuration: + description: Apicurio Registry application configuration + properties: + env: + description: "Environment variables: \n List of additional environment + variables that will be provided to the Apicurio Registry application." + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + kafkasql: + description: Configuration of Apicurio Registry KafkaSQL storage + properties: + bootstrapServers: + description: "Kafka bootstrap servers URL: \n URL of one of + the Kafka brokers, which provide initial metadata about + the Kafka cluster, for example: `..svc:9092`." + type: string + security: + description: "Kafka security configuration: \n Provide the + following configuration options if your Kafka cluster is + secured using TLS or SCRAM." + properties: + scram: + description: "SCRAM: \n Kafka is secured using SCRAM." + properties: + mechanism: + description: "Mechanism: \n Name of the SCRAM mechanism, + default value is SCRAM-SHA-512." + type: string + passwordSecretName: + description: "User password Secret name: \n Name of + a Secret that contains password of the SCRAM user + under the `password` key." + type: string + truststoreSecretName: + description: "Truststore Secret name: \n Name of a + Secret that contains TLS truststore (in PKCS12 format) + under the `ca.p12` key, and truststore password + under the `ca.password` key." + type: string + user: + description: User name + type: string + type: object + tls: + description: "TLS: \n Kafka is secured using TLS." + properties: + keystoreSecretName: + description: "Keystore Secret name: \n Name of a Secret + that contains TLS keystore (in PKCS12 format) under + the `user.p12` key, and keystore password under + the `user.password` key." + type: string + truststoreSecretName: + description: "Truststore Secret name: \n Name of a + Secret that contains TLS truststore (in PKCS12 format) + under the `ca.p12` key, and truststore password + under the `ca.password` key." + type: string + type: object + type: object + type: object + logLevel: + description: Third-party (non-Apicurio) library log level + type: string + persistence: + description: "Storage: \n Type of storage used by Apicurio Registry, + one of: mem, sql, kafkasql. Default value is `mem`." + type: string + registryLogLevel: + description: Apicurio Registry application log level + type: string + security: + description: Security configuration + properties: + https: + description: "HTTPS: \n Configure Apicurio Registry to be + accessible using HTTPS." + properties: + disableHttp: + description: "Disable HTTP: \n Disable HTTP if HTTPS is + enabled." + type: boolean + secretName: + description: "HTTPS certificate and private key Secret + name: \n Name of a Secret that contains HTTPS certificate + under the `tls.crt` key, and the private key under the + `tls.key` key." + type: string + type: object + keycloak: + description: "Keycloak: \n Configure Apicurio Registry to + use Keycloak for Identity and Access Management (IAM)." + properties: + apiClientId: + description: Client ID for the REST API + type: string + realm: + description: Keycloak realm + type: string + uiClientId: + description: Client ID for the UI + type: string + url: + description: "Keycloak auth URL: \n URL of the Keycloak + auth endpoint, must end with `/auth`." + type: string + type: object + type: object + sql: + description: Configuration of Apicurio Registry SQL storage + properties: + dataSource: + description: SQL data source + properties: + password: + description: Data source password + type: string + url: + description: "Data source URL: \n URL of the PostgreSQL + database, for example: `jdbc:postgresql://..svc:5432/`." + type: string + userName: + description: Data source username + type: string + type: object + type: object + ui: + description: Configuration of Apicurio Registry web console + properties: + readOnly: + description: "Read-only: \n Set the web console to read-only + mode. WARNING: This does not affect access to the Apicurio + REST API." + type: boolean + type: object + type: object + deployment: + description: Apicurio Registry deployment configuration + properties: + affinity: + description: Affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group of + existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key is + forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key in (value)` to select the group of + existing pods which pods will be taken into + consideration for the incoming pod's pod (anti) + affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value + is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature + gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod + label keys to select which pods will be taken + into consideration. The keys are used to lookup + values from the incoming pod labels, those + key-value labels are merged with `LabelSelector` + as `key notin (value)` to select the group + of existing pods which pods will be taken + into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist + in the incoming pod labels will be ignored. + The default value is empty. The same key is + forbidden to exist in both MismatchLabelKeys + and LabelSelector. Also, MismatchLabelKeys + cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling + MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. If it's null, this PodAffinityTerm + matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key in (value)` to select + the group of existing pods which pods will be + taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MatchLabelKeys and LabelSelector. Also, + MatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label + keys to select which pods will be taken into consideration. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are merged + with `LabelSelector` as `key notin (value)` to + select the group of existing pods which pods will + be taken into consideration for the incoming pod's + pod (anti) affinity. Keys that don't exist in + the incoming pod labels will be ignored. The default + value is empty. The same key is forbidden to exist + in both MismatchLabelKeys and LabelSelector. Also, + MismatchLabelKeys cannot be set when LabelSelector + isn't set. This is an alpha field and requires + enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + host: + description: "Hostname: \n Apicurio Registry application hostname + (part of the URL without the protocol and path)." + type: string + image: + description: "Apicurio Registry image: \n Replaces the default + Apicurio Registry application image. Overrides the values in + the REGISTRY_IMAGE_MEM, REGISTRY_IMAGE_KAFKASQL and REGISTRY_IMAGE_SQL + Operator environment variables." + type: string + imagePullSecrets: + description: "Apicurio Registry image pull secrets: \n List of + Secrets to use when pulling the Apicurio Registry image." + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + managedResources: + description: "Apicurio Registry managed resources: \n Configure + how the Operator manages Kubernetes resources." + properties: + disableIngress: + description: "Disable Ingress: \n Operator will not create + or manage an Ingress for Apicurio Registry, so it can be + done manually." + type: boolean + disableNetworkPolicy: + description: "Disable NetworkPolicy: \n Operator will not + create or manage a NetworkPolicy for Apicurio Registry, + so it can be done manually." + type: boolean + disablePodDisruptionBudget: + description: "Disable PodDisruptionBudget: \n Operator will + not create or manage a PodDisruptionBudget for Apicurio + Registry, so it can be done manually." + type: boolean + type: object + metadata: + description: Metadata of the Apicurio Registry pod + properties: + annotations: + additionalProperties: + type: string + description: "Annotations: \n Additional Apicurio Registry + Pod annotations." + type: object + labels: + additionalProperties: + type: string + description: "Labels: \n Additional Apicurio Registry Pod + labels." + type: object + type: object + podTemplateSpecPreview: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + clusterName: + type: string + creationTimestamp: + format: date-time + type: string + deletionGracePeriodSeconds: + format: int64 + type: integer + deletionTimestamp: + format: date-time + type: string + finalizers: + items: + type: string + type: array + generateName: + type: string + generation: + format: int64 + type: integer + labels: + additionalProperties: + type: string + type: object + managedFields: + items: + properties: + apiVersion: + type: string + fieldsType: + type: string + fieldsV1: + type: object + manager: + type: string + operation: + type: string + subresource: + type: string + time: + format: date-time + type: string + type: object + type: array + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + resourceVersion: + type: string + selfLink: + type: string + uid: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + replicas: + description: "Replicas: \n The required number of Apicurio Registry + pods. Default value is 1." + format: int32 + type: integer + tolerations: + description: Tolerations + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + status: + properties: + conditions: + description: "Conditions: \n Apicurio Registry application and Operator + conditions." + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + info: + description: Information about the Apicurio Registry application + properties: + host: + description: Apicurio Registry URL + type: string + type: object + managedResources: + description: "Managed Resources: \n Kubernetes resources managed by + the Apicurio Registry Operator." + items: + properties: + kind: + type: string + name: + type: string + namespace: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/apicurio-registry/1.1.3-v2.6.4.final/metadata/annotations.yaml b/operators/apicurio-registry/1.1.3-v2.6.4.final/metadata/annotations.yaml new file mode 100644 index 00000000000..27c47c45d21 --- /dev/null +++ b/operators/apicurio-registry/1.1.3-v2.6.4.final/metadata/annotations.yaml @@ -0,0 +1,13 @@ +annotations: + com.redhat.openshift.versions: v4.6 + operators.operatorframework.io.bundle.channel.default.v1: 2.x + operators.operatorframework.io.bundle.channels.v1: 2.x + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: apicurio-registry + operators.operatorframework.io.metrics.builder: operator-sdk-v1.13.0+git + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 diff --git a/operators/apicurio-registry/1.1.3-v2.6.4.final/tests/scorecard/config.yaml b/operators/apicurio-registry/1.1.3-v2.6.4.final/tests/scorecard/config.yaml new file mode 100644 index 00000000000..ce8e8edeaaf --- /dev/null +++ b/operators/apicurio-registry/1.1.3-v2.6.4.final/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.17.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.17.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.17.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.17.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.17.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.17.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-controller-manager-metrics-service_v1_service.yaml b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..dd53f5e61fa --- /dev/null +++ b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: eginnovations-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: eginnovations-operator + control-plane: controller-manager + name: eginnovations-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-manager-config_v1_configmap.yaml b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..439cd91cbc5 --- /dev/null +++ b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: 053a5393.eginnovations.com +kind: ConfigMap +metadata: + name: eginnovations-operator-manager-config diff --git a/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..c6ea88ad5a1 --- /dev/null +++ b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: eginnovations-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: eginnovations-operator + name: eginnovations-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-webhook-service_v1_service.yaml b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..56e84047d84 --- /dev/null +++ b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator-webhook-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: eginnovations-operator + name: eginnovations-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator.clusterserviceversion.yaml b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..a933ff54925 --- /dev/null +++ b/operators/eginnovations-operator/0.0.8/manifests/eginnovations-operator.clusterserviceversion.yaml @@ -0,0 +1,475 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "eginnovations.com/v1beta1", + "kind": "EgUniversalAgent", + "metadata": { + "name": "eguniversalagent", + "namespace": "egagent" + }, + "spec": { + "agent": { + "env": [ + { + "name": "EG_MANAGER", + "value": "Replace with eG Manager IP" + }, + { + "name": "EG_MANAGER_PORT", + "value": "Replace with eG Manager Port" + } + ] + } + } + } + ] + capabilities: Deep Insights + categories: Monitoring + certified: "true" + containerImage: docker.io/eginnovations/universal-agent-operator:0.0.8 + createdAt: "2024-09-17T17:21:27Z" + operators.operatorframework.io/builder: operator-sdk-v1.36.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 + repository: https://github.com/eginnovations/universal-agent-operator + name: eginnovations-operator.v0.0.8 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: EgUniversalAgent is the Schema for the eguniversalagents API + displayName: Eg Universal Agent + kind: EgUniversalAgent + name: eguniversalagents.eginnovations.com + version: v1beta1 + description: | + eG Innovations’ converged application and infrastructure performance monitoring capabilities provide end-to-end visibility and correlated analytics for every layer, every tier of your IT landscape. + + The eG Enterprise Universal Agent Operator automatically configures a host agent on every Kubernetes worker node. The host agent auto-discovers the worker nodes and application containers running as Pods on each node and tracks their performance and utilization levels. In-depth monitoring of applications running on containers is also provided using the same host agent. No additional agents are required for the containers. + + ### Capabilities + * Rolls out the egagent pod per node to monitor its pods and the node itself + * Automatic BTM profiler injection using webhook based injection for deep application monitoring and transection tracing. + + ### Prerequisite + * Check if cert-manager is installed in cluster or not using. + + ``` + $ kubectl get pods -namesapce cert-manager + NAME READY STATUS RESTARTS AGE + cert-manager-5c6866597-zw7kh 1/1 Running 0 2m + cert-manager-cainjector-577f6d9fd7-tr77l 1/1 Running 0 2m + cert-manager-webhook-787858fcdb-nlzsq 1/1 Running 0 2m + ``` +        If not available then install cert-manager using this [URL](https://cert-manager.io/docs/installation/). + + * Check if OLM(Operator Lifecycle Manager) is installed or not using by verifying its version. + + ``` + $ kubectl get csv packageserver -n olm + NAME DISPLAY VERSION REPLACES PHASE + packageserver Package Server 0.28.0 Succeeded + ``` +        If not available then install olm using this [URL](https://github.com/operator-framework/operator-lifecycle-manager/releases). + + ### Installation of eG Universal Operator + 1. Create the namespace "egagent" for installing eG Agent on kubernetes Cluster. + +
``` $ kubectl create ns egagent ``` + 2. Install eG Innovations Universal Agent operator from [OperatorHub.io](https://operatorhub.io/operator/eginnovations-operator) by clicking over install button on the operator page and follow instructions. + 3. Create the eG Universal Agent CRD (Custom Resource Definition) + a. Click "View YAML Example" and copy the yaml contents and save it to (filename).yaml on your host. + b. To apply the CRD run the following command + +
``` $ kubectl apply -f (filename).yaml ``` + + ### Required Parameters + * EG\_MANAGER, EG\_MANAGER\_PORT - provide the ip and port of your eG Manager Installation. + + ### Advanced Options + * Disable Certificate Checking - disable any certificate validation that may interact poorly with proxies within your cluster + * Image Override - use a copy of the eG Iniversal Agent container image from a registry other that Docker's or Red Hat's + * Environment variables - define environment variables for the eG Universal Agent container of for APM profiler. + * Namespace Selectors- select a subset of namesapces to enable instrumentation for applications. + + For complete list of supported parameters and the detailed documentation available in [eG Innovations Docs](https://docs.eginnovations.com) + displayName: eG Innovations Universal Agent Operator + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDI0LjEuMywgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCA2MCA2MCIgc3R5bGU9ImVuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgNjAgNjA7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCS5zdDB7ZmlsbDojRjA5MjIyO30KCS5zdDF7ZmlsbDojRkZGRkZGO30KPC9zdHlsZT4KPGc+Cgk8Zz4KCQk8cGF0aCBjbGFzcz0ic3QwIiBkPSJNNTYuMywzMGMwLDE0LjQtMTEuNiwyNi0yNiwyNnMtMjYtMTEuNi0yNi0yNnMxMS42LTI2LDI2LTI2UzU2LjMsMTUuNiw1Ni4zLDMweiIvPgoJCTxnPgoJCQk8Zz4KCQkJCTxwYXRoIGNsYXNzPSJzdDEiIGQ9Ik0zNy40LDQxLjZjLTAuMi0wLjEtMC4zLTAuMi0wLjUtMC40Yy0wLjEtMC4xLTAuMS0wLjEtMC4yLTAuMWMtMC42LDAuMS0xLjIsMC4xLTEuOSwwLjEKCQkJCQljLTAuOCwwLTEuNSwwLTIuMiwwYy0wLjUsMC0wLjktMC4xLTEuNC0wLjFjLTAuOS0wLjEtMS44LTAuMi0yLjgtMC40Yy0wLjQtMC4xLTAuOC0wLjItMS4xLTAuNWMtMC4yLTAuMS0wLjQtMC4zLTAuNi0wLjUKCQkJCQljLTAuNC0wLjQtMC41LTAuOC0wLjQtMS40YzAuMS0wLjUsMC4yLTAuOSwwLjUtMS4zYzAuNi0xLjIsMS41LTIuMiwyLjYtMy4xYzAuMS0wLjEsMC4xLTAuMSwwLjItMC4xYzAsMCwwLDAsMC0wLjEKCQkJCQljMC0wLjEtMC4xLTAuMS0wLjEtMC4xYy0wLjYtMC45LTEuMi0xLjktMS42LTIuOUMyNy40LDMwLDI3LjEsMjksMjYuOCwyOGMwLTAuMS0wLjEtMC4xLTAuMi0wLjFjLTEuOS0wLjQtMy44LTAuOS01LjctMS42CgkJCQkJYy0xLjQtMC41LTIuNy0wLjktNC4xLTEuNWMtMC4xLDAtMC4xLDAtMC4xLTAuMWMxLjEsMC4zLDIuMSwwLjUsMy4yLDAuOGMxLjEsMC4yLDIuMiwwLjUsMy4yLDAuOGMxLjEsMC4yLDIuMiwwLjUsMy4zLDAuNgoJCQkJCWMwLTAuMSwwLTAuMi0wLjEtMC40Yy0wLjItMS4zLTAuMS0yLjUsMC4zLTMuOGMwLjQtMS4xLDAuOS0yLjEsMS44LTIuOWMwLjUtMC41LDEuMi0wLjksMS45LTEuMmMwLjUtMC4yLDEuMS0wLjQsMS43LTAuNAoJCQkJCWMwLjUtMC4xLDEuMS0wLjEsMS41LDBjMS4xLDAuMSwyLjEsMC40LDMuMSwwLjhjMS42LDAuNiwzLDEuNyw0LjEsM2MwLDAsMCwwLDAuMSwwLjFjLTAuMSwwLTAuMS0wLjEtMC4xLTAuMQoJCQkJCWMtMC44LTAuNS0xLjUtMC45LTIuNC0xLjJjLTAuNi0wLjItMS40LTAuNC0yLjEtMC41Yy0wLjYtMC4xLTEuNCwwLTIsMC4yYy0wLjgsMC4yLTEuNCwwLjYtMS45LDEuMmMtMC43LDAuOC0xLjIsMS42LTEuNiwyLjYKCQkJCQljLTAuMiwwLjYtMC40LDEuMy0wLjUsMmMtMC4xLDAuMy0wLjEsMC42LTAuMSwwLjhjMCwwLjEsMCwwLjEsMCwwLjFjMC4xLDAsMC4yLDAuMSwwLjQsMC4xYzAuNywwLjEsMS40LDAuMSwyLjEsMC4yCgkJCQkJYzAuNSwwLjEsMSwwLjEsMS41LDAuMWMwLjgsMCwxLjUsMCwyLjMsMGMwLjYsMCwxLjItMC4xLDEuOS0wLjFjMC43LTAuMSwxLjUtMC4xLDIuMi0wLjJjMC40LTAuMSwwLjktMC4xLDEuMy0wLjIKCQkJCQljMC4yLTAuMSwwLjUtMC4xLDAuNy0wLjJjMC4xLTAuMSwwLjItMC4yLDAuNC0wLjJjMC4zLTAuMiwwLjQtMC41LDAuMi0wLjljLTAuMS0wLjItMC4yLTAuNC0wLjMtMC41Yy0wLjItMC40LTAuNi0wLjYtMC45LTAuOQoJCQkJCWMtMC42LTAuNS0xLjMtMC44LTEuOS0xLjJjLTAuMSwwLTAuMS0wLjEtMC4xLTAuMWMwLjEsMCwwLjEsMCwwLjEsMGMxLjYsMC40LDMuMiwwLjksNC44LDEuNmMwLjYsMC4zLDEuMywwLjYsMS45LDEuMQoJCQkJCWMwLjMsMC4yLDAuNiwwLjUsMC45LDAuOGMwLjIsMC4yLDAuNCwwLjQsMC40LDAuN2MwLjEsMC4yLDAsMC41LTAuMSwwLjdjLTAuMSwwLjEtMC4yLDAuMi0wLjQsMC40Yy0wLjMsMC4yLTAuNiwwLjMtMSwwLjQKCQkJCQljLTAuNSwwLjEtMC45LDAuMi0xLjUsMC4zYy0wLjgsMC4xLTEuNiwwLjEtMi41LDAuMmMtMC44LDAtMS41LDAtMi40LDBjLTAuMywwLTAuNSwwLTAuOCwwYy0wLjYsMC0xLjItMC4xLTEuOS0wLjEKCQkJCQljLTAuNi0wLjEtMS4yLTAuMS0xLjgtMC4xYy0wLjgtMC4xLTEuNi0wLjEtMi40LTAuMmMtMC45LTAuMS0xLjktMC4yLTIuOC0wLjRoLTAuMWMwLDAuMSwwLDAuMiwwLDAuM2MwLjEsMC45LDAuMiwxLjgsMC41LDIuNgoJCQkJCWMwLjEsMC40LDAuMiwwLjgsMC40LDEuMmMwLDAuMSwwLDAuMSwwLjEsMC4xYzAuMS0wLjEsMC4yLTAuMSwwLjMtMC4xYzEuMi0wLjYsMi42LTAuOSwzLjktMS4yYzAuNi0wLjEsMS4yLTAuMiwxLjktMC4yCgkJCQkJYzEuMS0wLjEsMi4xLTAuMSwzLjItMC4xYzAuNiwwLDEuMiwwLjEsMS44LDAuMWMwLjgsMC4xLDEuNSwwLjIsMi4yLDAuNGMwLjMsMC4xLDAuNiwwLjIsMC44LDAuNGMwLjEsMC4xLDAuMywwLjIsMC40LDAuMwoJCQkJCUM0NiwzMi43LDQ2LDMzLDQ2LDMzLjNjLTAuMSwwLjMtMC4yLDAuNi0wLjQsMC44YzAsMC0wLjEsMC4xLTAuMSwwLjFoLTAuMWMtMS44LDAtMy42LDAtNS40LDBjLTAuMSwwLTAuMSwwLTAuMiwwCgkJCQkJYzAtMC4xLDAuMS0wLjEsMC4xLTAuMWMwLjEtMC4yLDAuMi0wLjMsMC4zLTAuNWMwLjEtMC4xLDAuMS0wLjIsMC4xLTAuNGMwLjEtMC4xLDAtMC4zLTAuMS0wLjRjLTAuMS0wLjEtMC4yLTAuMS0wLjQtMC4xCgkJCQkJYy0wLjItMC4xLTAuNS0wLjEtMC44LTAuMWMtMC42LDAtMS4yLDAuMS0xLjgsMC4yYy0wLjcsMC4yLTEuMiwwLjYtMS44LDEuMWMtMC40LDAuNC0wLjgsMC44LTEuMSwxLjJjLTAuNCwwLjUtMC44LDAuOS0xLjIsMS40CgkJCQkJYzAsMC4xLTAuMSwwLjEtMC4xLDAuMXMwLjEsMC4xLDAuMSwwLjFjMC42LDEsMS40LDIsMi4yLDIuOWMwLjEsMC4xLDAuMSwwLjEsMC4yLDAuMWMwLjUtMC4xLDAuOS0wLjIsMS4zLTAuNAoJCQkJCWMwLjUtMC4zLDEtMC42LDEuNC0xLjJjMC4yLTAuMiwwLjQtMC41LDAuNS0wLjhjMCwwLDAtMC4xLDAuMS0wLjFjLTAuNSwwLTAuOSwwLTEuNCwwYy0wLjUsMC0wLjksMC0xLjQsMGMtMC41LDAtMC45LDAtMS40LDAKCQkJCQljMC4xLTAuMSwwLjEtMC4xLDAuMS0wLjFjMC42LTAuNSwxLjItMC45LDEuNy0xLjRjMC4xLTAuMSwwLjEtMC4xLDAuMi0wLjFjMi44LDAsNS41LDAsOC4yLDBjMC4xLDAsMC4xLDAsMC4xLDAKCQkJCQljMCwwLjEsMCwwLjEsMCwwLjFjLTAuNSwxLTEuMSwxLjktMS45LDIuN2MtMC45LDAuOS0yLDEuNi0zLjIsMmMtMC43LDAuMi0xLjUsMC40LTIuMiwwLjVjLTAuMiwwLjEtMC41LDAuMS0wLjgsMC4xCgkJCQkJYzAsMC4xLDAuMSwwLjEsMC4xLDAuMWMwLjEsMC4xLDAuMiwwLjIsMC4yLDAuMkMzNy40LDQxLjUsMzcuNCw0MS42LDM3LjQsNDEuNkwzNy40LDQxLjZ6IE0zNS4xLDM5LjgKCQkJCQlDMzUuMSwzOS44LDM1LjEsMzkuNywzNS4xLDM5LjhjLTAuOC0wLjctMS42LTEuNS0yLjQtMi4yYy0wLjEsMC4yLTAuMSwwLjMtMC4yLDAuNGMtMC4xLDAuMi0wLjIsMC41LTAuMSwwLjgKCQkJCQljMCwwLjQsMC4yLDAuNiwwLjUsMC44YzAuMiwwLjEsMC40LDAuMiwwLjUsMC4yYzAuNCwwLjEsMC45LDAuMSwxLjMsMC4xQzM0LjgsMzkuOCwzNSwzOS44LDM1LjEsMzkuOHoiLz4KCQkJCTxwYXRoIGNsYXNzPSJzdDEiIGQ9Ik0yNC4yLDM4LjljLTAuMSwwLTAuMSwwLjEtMC4xLDAuMWMtMC44LDAuNi0xLjYsMS0yLjUsMS40Yy0wLjcsMC4yLTEuNCwwLjQtMi4yLDAuNQoJCQkJCWMtMC44LDAuMS0xLjUsMC4yLTIuMywwLjFjLTAuNCwwLTAuNi0wLjEtMS0wLjFjLTAuNi0wLjEtMS4xLTAuMi0xLjctMC40Yy0wLjQtMC4xLTAuOC0wLjItMS4xLTAuNGMtMC4yLTAuMS0wLjQtMC4yLTAuNS0wLjQKCQkJCQljLTAuNS0wLjQtMC42LTAuOS0wLjUtMS41YzAuMS0wLjUsMC4zLTAuOSwwLjYtMS4zYzAuNS0wLjcsMS4xLTEuMywxLjgtMS43czEuNS0wLjcsMi4yLTAuOWMwLjYtMC4yLDEuNC0wLjMsMi4xLTAuNAoJCQkJCWMwLjYtMC4xLDEuMi0wLjEsMS44LTAuMWMwLjUsMCwwLjktMC4xLDEuNC0wLjFjMC45LDAsMS44LDAuMSwyLjYsMC40YzAuMywwLjEsMC42LDAuMiwwLjksMC40YzAuMSwwLjEsMC4yLDAuMSwwLjQsMC4yCgkJCQkJYzAuNCwwLjQsMC42LDAuOCwwLjQsMS40Yy0wLjEsMC4zLTAuMiwwLjUtMC40LDAuOEMyNiwzNi44LDI2LDM2LjksMjUuOSwzN3MtMC4xLDAuMS0wLjIsMC4xYy0yLjEsMC00LjIsMC02LjMsMAoJCQkJCWMtMC41LDAtMC45LDAtMS40LDBjLTAuMSwwLTAuMSwwLTAuMiwwLjFjLTAuMiwwLjMtMC41LDAuNi0wLjYsMC45Yy0wLjEsMC4yLTAuMiwwLjQtMC4yLDAuNmMtMC4xLDAuNCwwLjEsMC43LDAuNSwwLjkKCQkJCQljMC4yLDAuMSwwLjUsMC4yLDAuNywwLjJjMC40LDAuMSwwLjcsMC4xLDEuMS0wLjFjMC41LTAuMSwwLjktMC40LDEuMS0wLjljMC0wLjEsMC4xLTAuMSwwLjEtMC4xYzEuMSwwLDIuMiwwLDMuMiwwCgkJCQkJQzIzLjksMzguOCwyNC4xLDM4LjksMjQuMiwzOC45TDI0LjIsMzguOXogTTE4LjcsMzYuM2MwLjEsMCwwLjEsMCwwLjIsMGMwLjgsMCwxLjUsMCwyLjMsMGMwLjQsMCwwLjgsMCwxLjIsMAoJCQkJCWMwLjEsMCwwLjEsMCwwLjItMC4xYzAuMS0wLjIsMC4yLTAuNCwwLjItMC41YzAuMS0wLjEsMC4xLTAuMywwLjEtMC40YzAtMC4yLTAuMS0wLjQtMC4yLTAuNGMtMC4xLTAuMS0wLjItMC4xLTAuMi0wLjEKCQkJCQljLTAuMi0wLjEtMC40LTAuMS0wLjYtMC4xYy0wLjYtMC4xLTEuMiwwLTEuNywwLjNDMTkuNywzNS4yLDE5LjIsMzUuNywxOC43LDM2LjNDMTguOCwzNi4yLDE4LjgsMzYuMywxOC43LDM2LjN6Ii8+CgkJCTwvZz4KCQk8L2c+Cgk8L2c+CjwvZz4KPC9zdmc+Cg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - '*' + resources: + - clusteroperators + - componentstatuses + - cronjobs + - deploymentconfigs + - deployments + - endpoints + - events + - horizontalpodautoscalers + - ingresses + - jobs + - limitranges + - nodes + - nodes/log + - nodes/metrics + - nodes/proxy + - nodes/spec + - nodes/stats + - persistentvolumeclaims + - persistentvolumes + - pods + - replicasets + - replicationcontrollers + - resourcequotas + - services + - statefulsets + verbs: + - get + - list + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - eginnovations.com + resources: + - eguniversalagents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - eginnovations.com + resources: + - eguniversalagents/finalizers + verbs: + - update + - apiGroups: + - eginnovations.com + resources: + - eguniversalagents/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: eginnovations-operator-controller-manager + deployments: + - label: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: eginnovations-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: eginnovations-operator + control-plane: controller-manager + name: eginnovations-operator-controller-manager + spec: + replicas: 2 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: docker.io/eginnovations/universal-agent-operator:0.0.8 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: eginnovations-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: eginnovations-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - Monitoring + - Tracing + links: + - name: eG Innovations Kubernetes Monitoring Overview + url: https://www.eginnovations.com/documentation/Kubernetes/Introduction-to-Monitoring-Kubernetes.htm + maintainers: + - email: devops@eginnovations.com + name: eG Innovations + maturity: alpha + minKubeVersion: 1.22.0 + provider: + name: eG Innovations + url: https://www.eginnovations.com + version: 0.0.8 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - eguniversalagents.eginnovations.com + deploymentName: eginnovations-operator-controller-manager + generateName: ceguniversalagents.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: eginnovations-operator-controller-manager + failurePolicy: Fail + generateName: mpod.kb.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-v1-pod diff --git a/operators/eginnovations-operator/0.0.8/manifests/eginnovations.com_eguniversalagents.yaml b/operators/eginnovations-operator/0.0.8/manifests/eginnovations.com_eguniversalagents.yaml new file mode 100644 index 00000000000..d006d9a6c7a --- /dev/null +++ b/operators/eginnovations-operator/0.0.8/manifests/eginnovations.com_eguniversalagents.yaml @@ -0,0 +1,2400 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: egagent/eginnovations-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + name: eguniversalagents.eginnovations.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: eginnovations-operator-webhook-service + namespace: egagent + path: /convert + conversionReviewVersions: + - v1 + group: eginnovations.com + names: + kind: EgUniversalAgent + listKind: EgUniversalAgentList + plural: eguniversalagents + singular: eguniversalagent + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: EgUniversalAgent is the Schema for the eguniversalagents API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EgUniversalAgentSpec defines the desired state of EgUniversalAgent + properties: + agent: + properties: + agentCpuLim: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + agentCpuReq: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + agentMemLim: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + agentMemReq: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + annotations: + additionalProperties: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + fsGroup: + format: int64 + type: integer + image: + type: string + labels: + additionalProperties: + type: string + type: object + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + toleration: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + volume: + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in + the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the + blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure managed + data disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name, namespace + and uid are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use + for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the + downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool + associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + volumeMount: + items: + properties: + mountPath: + type: string + name: + type: string + type: object + type: array + type: object + features: + properties: + apm: + properties: + enabled: + type: boolean + ignoredNamespaces: + items: + type: string + type: array + java: + properties: + config: + properties: + egBtmSetLabel: + type: string + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + type: string + type: object + enabled: + type: boolean + labelsToMatch: + items: + properties: + appName: + type: string + containerSelection: + type: string + instancePort: + type: string + instanceType: + type: string + name: + type: string + selectedContainerNamesToMatch: + items: + type: string + type: array + tierName: + type: string + value: + type: string + type: object + type: array + type: object + monitoredNamespaces: + items: + type: string + type: array + nodeJS: + properties: + config: + properties: + egBtmSetLabel: + type: string + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + type: string + type: object + enabled: + type: boolean + labelsToMatch: + items: + properties: + appName: + type: string + containerSelection: + type: string + instancePort: + type: string + instanceType: + type: string + name: + type: string + selectedContainerNamesToMatch: + items: + type: string + type: array + tierName: + type: string + value: + type: string + type: object + type: array + type: object + workLoadsToMonitor: + items: + type: string + type: array + type: object + type: object + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a container + image + type: string + imagePullSecret: + type: string + type: object + status: + description: EgUniversalAgentStatus defines the observed state of EgUniversalAgent + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/eginnovations-operator/0.0.8/metadata/annotations.yaml b/operators/eginnovations-operator/0.0.8/metadata/annotations.yaml new file mode 100644 index 00000000000..54aced81a1a --- /dev/null +++ b/operators/eginnovations-operator/0.0.8/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: eginnovations-operator + operators.operatorframework.io.bundle.channels.v1: beta + operators.operatorframework.io.metrics.builder: operator-sdk-v1.36.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/eginnovations-operator/0.0.8/tests/scorecard/config.yaml b/operators/eginnovations-operator/0.0.8/tests/scorecard/config.yaml new file mode 100644 index 00000000000..b020daff718 --- /dev/null +++ b/operators/eginnovations-operator/0.0.8/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/flux-operator/0.9.0/manifests/flux-operator.clusterserviceversion.yaml b/operators/flux-operator/0.9.0/manifests/flux-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..a9d650c8729 --- /dev/null +++ b/operators/flux-operator/0.9.0/manifests/flux-operator.clusterserviceversion.yaml @@ -0,0 +1,300 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + name: flux-operator.v0.9.0 + namespace: placeholder + annotations: + alm-examples: >- + [ + { + "apiVersion": "fluxcd.controlplane.io/v1", + "kind": "FluxInstance", + "metadata": { + "name": "flux", + "namespace": "flux-system", + "annotations": { + "fluxcd.controlplane.io/reconcileEvery": "1h", + "fluxcd.controlplane.io/reconcileTimeout": "5m" + } + }, + "spec": { + "distribution": { + "version": "2.x", + "registry": "ghcr.io/fluxcd" + }, + "components": [ + "source-controller", + "kustomize-controller", + "helm-controller", + "notification-controller", + "image-reflector-controller", + "image-automation-controller" + ], + "cluster": { + "type": "openshift", + "domain": "cluster.local", + "networkPolicy": true, + "multitenant": true, + "tenantDefaultServiceAccount": "flux" + } + } + }, + { + "apiVersion": "fluxcd.controlplane.io/v1", + "kind": "FluxReport", + "metadata": { + "name": "flux", + "namespace": "flux-system" + }, + "spec": { + "distribution": { + "entitlement": "Issued by controlplane", + "managedBy": "flux-operator", + "status": "Installed", + "version": "v2.3.0" + }, + "components": [ + { + "image": "ghcr.io/fluxcd/kustomize-controller:v1.3.0@sha256:48a032574dd45c39750ba0f1488e6f1ae36756a38f40976a6b7a588d83acefc1", + "name": "kustomize-controller", + "ready": true, + "status": "Current Deployment is available. Replicas: 1" + }, + { + "image": "ghcr.io/fluxcd/source-controller:v1.3.0@sha256:161da425b16b64dda4b3cec2ba0f8d7442973aba29bb446db3b340626181a0bc", + "name": "source-controller", + "ready": true, + "status": "Current Deployment is available. Replicas: 1" + } + ], + "reconcilers": [ + { + "apiVersion": "kustomize.toolkit.fluxcd.io/v1", + "kind": "Kustomization", + "stats": { + "failing": 0, + "running": 1, + "suspended": 0 + } + }, + { + "apiVersion": "source.toolkit.fluxcd.io/v1", + "kind": "GitRepository", + "stats": { + "failing": 0, + "running": 1, + "suspended": 0, + "totalSize": "3.7 MiB" + } + } + ], + "sync": { + "ready": true, + "id": "kustomization/flux-system", + "path": "clusters/production", + "source": "https://github.com/my-org/my-fleet.git", + "status": "Applied revision: refs/heads/main@sha1:a90cd1ac35de01c175f7199315d3f4cd60195911" + } + } + } + ] + categories: Integration & Delivery + certified: "false" + createdAt: 2024-09-16T18:47:08Z + description: The Flux Operator manages the lifecycle of the CNCF Flux project. + containerImage: ghcr.io/controlplaneio-fluxcd/flux-operator:v0.9.0 + support: Community + capabilities: Deep Insights + repository: https://github.com/controlplaneio-fluxcd/flux-operator + operatorframework.io/suggested-namespace: flux-system +spec: + displayName: Flux Operator + description: >- + [Flux](https://fluxcd.io) is a leading GitOps Continuous Delivery tool + used to streamline and automate application deployments on Kubernetes. + Flux enables teams to achieve a reliable and auditable delivery process + while promoting collaboration and traceability across different environments. + + Flux is powered by the GitOps Toolkit, a set of composable APIs and + specialized tools that enable a wide range of continuous delivery use-cases, + from simple Kubernetes deployment pipelines to multi-tenant and multi-cluster + progressive delivery rollouts. + + For more information about the CNCF-graduated Flux project, please see + the [Flux architecture overview](https://fluxcd.control-plane.io/guides/flux-architecture/). + + ### Operator Capabilities + + The [Flux Operator](https://github.com/controlplaneio-fluxcd/flux-operator) provides a + declarative API for the installation, configuration and upgrade of CNCF Flux + and the ControlPlane [enterprise distribution](https://fluxcd.control-plane.io/). + + The operator allows the configuration of Flux multi-tenancy lockdown, network policies, + persistent storage, sharding, vertical scaling, custom patches, and the synchronization + of the cluster state from Git repositories, OCI artifacts and S3-compatible storage. + + The Flux Operator supervises the Flux controllers and provides a unified view + of all the Flux resources that define the GitOps workflows for the target cluster. + The operator generates reports, emits events, and exports Prometheus metrics + to help with monitoring and troubleshooting Flux. + + ### OpenShift Support + + The Flux Operator should be installed in a dedicated namespace, e.g. `flux-system`. + + To deploy Flux on OpenShift clusters, create a `FluxInstance` custom resource + named `flux` in the same namespace as the operator + and set the `.spec.cluster.type` field to `openshift`. + + For more information on how to configure the Flux instance, please see the + [Flux Operator documentation](https://fluxcd.control-plane.io/operator/flux-config/). + maturity: beta + version: 0.9.0 + minKubeVersion: 1.22.0 + keywords: + - flux + - fluxcd + - gitops + - continuous delivery + maintainers: + - name: ControlPlane Flux Team + email: flux-enterprise@control-plane.io + provider: + name: ControlPlane Ltd. + url: https://control-plane.io + labels: + app.kubernetes.io/name: flux-operator + selector: + matchLabels: + app.kubernetes.io/name: flux-operator + links: + - name: Source Code + url: https://github.com/controlplaneio-fluxcd/flux-operator + - name: Documentation + url: https://fluxcd.control-plane.io/operator/ + - name: Enterprise Support + url: https://fluxcd.control-plane.io/pricing/ + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAABd0AAAXdCAYAAAAcq/T/AAAACXBIWXMAAC4jAAAuIwF4pT92AAAgAElEQVR4nOzdPWxd15ku4CXJpkRbCmmp8nEhDmzoNhLEYNsGrMLkNLGKBKKQNFETzUyZbIgBJuVEVFKm8BFOUg6u3NjNHZhCUti3MTnFXCDBgSgkzTUchCqy3Vw7ZGRHtuJIF4tZ8tCiSPHn/Oyf5wGMzOgQGGstTsjznnd/37779+8HAAAAAABg7/Y7QwAAAAAA6A2hOwAAAAAA9IjQHQAAAAAAekToDgAAAAAAPSJ0BwAAAACAHhG6AwAAAABAjwjdAQAAAACgR4TuAAAAAADQI0J3AAAAAADoEaE7AAAAAAD0iNAdAAAAAAB6ROgOAAAAAAA9InQHAAAAAIAeEboDAAAAAECPCN0BAAAAAKBHhO4AAAAAANAjQncAAAAAAOgRoTsAAAAAAPSI0B0AAAAAAHrkCQcJAADlkuXF9EP/QivdTmvJNQEAQPntu3//vmsCAIAByvJiPIQwGUKYTv8Z//epbf4b3AohLIcQlh78Z7fTWtjwVQAAwFAI3QEAYACyvIjh+sUUtJ/uw//FxRDCfPyn22ktb3gVAAAYCKE7AAD0SZYXEyGE2RDCTAjh+ADP+WYI4Vr8p9tprWx4FQAA6BuhOwAA9FiWFzMpbN/uyJh+eiOEMKf9DgAAgyF0BwCAHsnyIo6PmRtwq327hO8AADAAQncAANijLC+mU9hehmb748TwfdbYGQAA6A+hOwAA7FKWF+MpbL9UsTNcTa339oZXAACAPRG6AwDALqS57e2SjpLZrsUQwkUjZwAAoHeE7gAAsAOp3X4thHCuJuem9Q4AAD0kdAcAgG1K7fYYuI/V8MwW06z3pQ2vAAAA2yZ0BwCAx8jyYiKNkqlLu30rV7qd1twWrwMAAFsQugMAwBayvJhNy1Lr2G7fzM00613rHQAAdkjoDgAAj5Da7XGUzNTGVxvjSmz4dzutFd8jAACwPUJ3AAB4SEPb7Zu5lVrvC5u8DgAArCN0BwCAJMuLydRuP+1MNrgaP4jQegcAgK3t3/JVAABoiCwvYrP9hsB9U5dCCEtZXkxv9gUAAICmOwAADafdvivX08gZrXcAAHiI0B0AgEbK8mI8zW2/5DtgV1ZT8D5fwX93AADoG6E7AACNk0akxHb7cbe/Z1rvAACwjtAdAIDG0G7vm9W0ZLVd078fAABsm9AdAIBGyPJiJoTQ1m7vq8XUel+u8d8RAAC2JHQHAKDWUrs9jpI556YHQusdAIBGE7oDAFBbqd0eA/cxtzxwsfU+2+20lhr29wYAoOGE7gAA1E6WFxNplIx2+/Bd6XZac00/BAAAmkPoDgBArWR5MZuWpWq3l8fNNOtd6x0AgNoTugMAUAup3R5HyUy50dK6Ep9A6HZaK00/CAAA6kvoDgBA5Wm3V8qt1HpfaPpBAABQT0J3AAAqK8uLyTS7Xbu9eq7GD0q03gEAqBuhOwAAlZTlRWy2X3Z7lab1DgBA7QjdAQColNRuj7PbT7u52riewnetdwAAKk/oDgBAJWR5MR5CmNVur63VFLzPN/0gAACoNqE7AACll+XFdGq3H3dbtaf1DgBApQndAQAordRuj7PbL7mlRllNS1bbTT8IAACqR+gOAEApabcTQlhMrfdlhwEAQFUI3QEAKJXUbo9h+zk3g9Y7AABVI3QHAKA0sryYSYH7mFvhIbH1PtvttJY2vAIAACUidAcAYOi029mBK91Oa86BAQBQVkJ3AACGKsuL2bQsVbud7bqZZr1rvQMAUDpCdwAAhiLLi4nUbp9yA+zSlRBCu9tprThAAADKQugOAMDAabfTQ7dS633BoQIAUAZCdwAABibLi8nYTNZupw+uxg9ytN4BABg2oTsAAAOR5UVstl922vSR1jsAAEMndAcAoK9Suz3Obj/tpBmQ6yl813oHAGDghO4AAPRFlhfjIYRZ7XaGZDUF7/MuAACAQRK6AwDQc1leTKd2+3Gny5BpvQMAMFBCdwAAeia12+Ps9ktOlRJZTUtW2y4FAIB+E7oDANAT2u1UwGJqvS+7LAAA+kXoDgDAnqR2ewzbzzlJKkDrHQCAvhK6AwCwa1lezKTAfcwpUjGx9T7b7bSWXBwAAL0kdAcAYMe026mRK91Oa86FAgDQK0J3AAB2JMuL2bQsVbuduriZZr1rvQMAsGdCdwAAtiXLi4nUbp9yYtTUlRBCu9tprbhgAAB2S+gOAMBjabfTILdS633BpQMAsBtCdwAANpXlxWRs/mq300BX4wdNWu8AAOyU0B0AgEfK8iI22y8/6jVoCK13AAB2TOgOAMBXpHZ7nN1+2snAmuspfNd6BwDgsYTuAACsyfJiPIQwq90Oj7Sagvf5R70IAAAPCN0BAIiB+3Rqtx93GrAlrXcAALYkdAcAaLDUbo+z2y/5PoBtW01LVtuODACAhwndAQAaSrsd9mwxtd6XHSUAAA8I3QEAGia122PYfs7dw55pvQMA8BVCdwCABsnyYiYF7mPuHXoqtt5nu53WkmMFAGg2oTsAQANot8PAXOl2WnOOGwCguYTuAAA1l+XFbFqWqt0Og3EzzXrXegcAaCChOwBATWV5MZHa7VPuGIbiSgih3e20Vhw/AEBzCN0BAGpIux1K41ZqvS+4EgCAZhC6AwDUSJYXk7FZq90OpXM1fhCm9Q4AUH9CdwCAmsjyIjbbL7tPKC2tdwCABhC6AwBUXGq3x9ntp90lVML1FL5rvQMA1JDQHQCgorK8GA8hzGq3QyWtpuB93vUBANSL0B0AoIKyvJhO7fbj7g8qTesdAKBmhO4AABWS2u1xdvsl9wa1EVvvs91O65orBQCoPqE7AEBFaLdD7S2m1vuyqwYAqC6hOwBAyaV2ewzbz7krqL3Yep/rdlptVw0AUE1CdwCAEsvyYiYF7mPuCRpF6x0AoKKE7gAAJaTdDiRXup3WnMMAAKgOoTsAQMlkeTGblqVqtwPRzdR6X3IaAADlJ3QHACiJLC8mUrt9yp0Aj6D1DgBQAUJ3AIAS0G4HtulWar0vODAAgHISugMADFGWF5MhhLZ2O7BDV+MHdd1Oa8XBAQCUi9AdAGBIsryIzfbLzh/YJa13AIASEroDAAxYarfH2e2nnT3QA2+EEGa13gEAykHoDgAwIFlejMdgTLsd6IPV1Hqfd7gAAMMldAcAGIAsL6ZTu/248wb66HoK37XeAQCGROgOANBHqd0eZ7dfcs7AgKymcTPXHDgAwOAJ3QEA+kS7HRiyxdR6X3YRAACDI3QHAOix1G6PYfs5ZwsMWWy9z3U7rbaLAAAYDKE7AEAPZXkxkwL3MecKlIjWOwDAgAjdAQB6QLsdqIgr3U5rzmUBAPSP0B0AYI+yvLgYQmhrtwMVcTO13pdcGABA7wndAQB2KcuLidRun3KGQAVpvQMA9IHQHQBgF7K8mI3LCbXbgYq7lVrvCy4SAKA3hO4AADug3Q7U1NX4QWK301pxwQAAe7Pf+QEAbE+WF7HZ/geBO1BDl0IIS1leTLtcAIC90XQHAHiMLC8mU7v99NZfCVALb4QQZrXeAQB2R9MdAGALqd1+Q+AONMj3QgjLWV7MuHQAgJ3TdAcAeIQ0YiG2249vfBWgMa6nRata7wAA2yR0BwBYJ8uL8bhMMM03BiCE1TRu5pqzAAB4PKE7AECi3Q6wpcXUel/e6osAAJpO6A4ANF5qt7fTHGMANhdb73PdTqu96VcAADSc0B0AaLS0KDC228eafhYAO6D1DgCwCaE7ANBIqd0ew/ZzvgMAdu1Kt9Oac3wAAP9N6A4ANE6WFxfTOBntdoC9u5la70vOEgBA6A4ANEiWFxOp3T7l3gF6TusdAGi8IHQHAJoiy4vZuPxPux2gr26l1vuCYwYAmkroDgDUmnY7wFBcjR90djutFccPADTNfjcOANRVlhex2f4HgTvAwF0KISxleTHt6AGAptF0BwBqJ8uLydRuP+12AYbujRDCrNY7ANAUmu4AQK2kdvsNgTtAaXwvhLCc5cWMKwEAmkDTHQCohTTCILbbj7tRgNK6nhatar0DALUldAcAKi3Li/G4rC/NDwag/FbTuJlr7goAqCOhOwBQWdrtAJW2mFrvy64RAKgToTsAUDmp3d5Oc4IBqK7Yep/rdlptdwgA1IXQHQColLSIL7bbx9wcQG1ovQMAtSF0BwAqIbXbY9h+zo0B1NaVbqc153oBgCoTugMApZflxcU0Tka7HaD+bqbW+5K7BgCqSOgOAJRWlhcTqd0+5ZYAGkfrHQCoJKE7AFBKWV7MxuV62u0AjXYrtd4Xmn4QAEB1CN0BgFLRbgfgEa7GD2K7ndbKxpcAAMplv/sAAMoiy4vYbP+DwB2Ah1wKISxleTG94RUAgJLRdAcAhi7Li8nUbj/tNgB4jDdCCLNa7wBAWWm6AwBDldrtNwTuAGzT90IIy1lezDgwAKCMNN0BgKFIIwJiu/24GwBgl66nRata7wBAaQjdAYCByvJiPC7DS/N5AWCvVtO4mWtOEgAoA6E7ADAw2u0A9NFiar0vO2QAYJiE7gBA36V2ezvN4QWAfomt97lup9V2wgDAsAjdAYC+SovuYrt9zEkDMCBa7wDA0AjdAYC+SO32GLafc8IADMmVbqc15/ABgEESugMAPZflxcU0Tka7HYBhu5la70tuAgAYBKE7ANAzWV5MpHb7lFMFoGS03gGAgRC6AwA9keXFbFxep90OQIndSq33BZcEAPSL0B0A2BPtdgAq6Gr8oLjbaa24PACg1/Y7UQBgt7K8iM32PwjcAaiYSyGEpSwvpl0cANBrmu4AwI5leTGZ2u2nnR4AFfdGCGFW6x0A6BVNdwBgR1K7/YbAHYCa+F4IYTnLixkXCgD0gqY7ALAt6RH82G4/7sQAqKnradGq1jsAsGtCdwBgS1lejMdlc2n+LQDU3WoK3ufdNACwG0J3AGBT2u0ANNhiCt+XfRMAADshdAcANkjt9naacwsATRVb73PdTqvtOwAA2C6hOwDwFWmRXGy3jzkZAFij9Q4AbJvQHQBYk9rtMWw/50QAYIPYem93O625Da8AAKwjdAcAYuB+MY2T0W4HgK3dTK33pS2/CgBoLKE7ADRYlhcTqd0+5fsAAHbkitY7APAoQncAaKgsL2bjcjjtdgDYtdh6n+12WguOEAB4QOgOAA2j3Q4APXc1fpDd7bRWHC0AsL/xJwAADZLlRWy2/0HgDgA9dSmEsJTlxbRjBQA03QGgAbK8mEzt9tPuGwD6SusdABpO0x0Aai61228I3AFgIGLrfTnLixnHDQDNpOkOADWVHnGP7fbj7hgAhuJ6COGi1jsANIvQHQBqJsuL8fhYe2raAQDDtZqC93n3AADNIHQHgBrRbgeA0lpM4fuyKwKAehO6A0ANpHZ7O4TwPfcJAKW1mpastl0RANSX0B0AKi4taovt9jF3CQCVoPUOADUmdAeAikrt9hi2n3OHAFA5sfXe7nZac64OAOpF6A4AFaTdDgC1cTO13pdcKQDUg9AdACoky4uJFLZPuTcAqJUrWu8AUA9CdwCoiCwvZuPyNe12AKit2Hqf7XZaC64YAKpL6A4AJafdDgCNczV+0N7ttFZcPQBUj9AdAEosy4vYbJ/VbgeAxrmVZr1rvQNAxQjdAaCEsryYTO320+4HABpN6x0AKma/CwOAcknt9hsCdwAghHAphLCc5cWMwwCAatB0B4CSyPJiOoTQFrYDAJu4nkbOaL0DQIkJ3QFgyLK8GI+PjacmGwDAVlZT8D6/xdcAAEMkdAeAIUrt9ji7/bh7AAB2YDGF78sODQDKRegOAEOg3Q4A9MBqWrLadpgAUB5CdwAYsLQILbbbx5w9ANADWu8AUCJCdwAYkNRuj2H7OWcOAPRYbL23u53WnIMFgOESugPAAGi3AwADcjO13pccOAAMh9AdAPooy4uJFLZPOWcAYICuaL0DwHAI3QGgT7K8mE3LUrXbAYBhiK332W6nteD0AWBwhO4A0GPa7QBAyVyNRYBup7XiYgCg/4TuANBDWV7EZvusdjsAUDK30qx3rXcA6DOhOwD0QJYXk6ndftp5AgAlpvUOAH223wEDwN6kdvsNgTsAUAGXQgjLWV7MuCwA6A9NdwDYpSwvpkMIbWE7AFBR19PIGa13AOghoTsA7FCWF+PxsezUFAMAqLLVFLzPu0UA6A2hOwDsQGq3x9ntx50bAFAjiyl8X3apALA3QncA2AbtdgCgAVbTktW2ywaA3RO6A8BjpEVjsd0+tvVXAgDUgtY7AOyB0B0ANpHa7TFsP/forwAAqK3Yem93O605VwwAOyN0B4BH0G4HAFhzM7XelxwHAGyP0B0A1snyYiKF7VPOBQDgS1e03gFge4TuAJBkeTGblqVqtwMAbBRb77PdTmthwysAwJeE7gA0nnY7AMCOXI1FhW6nteLYAGAjoTsAjZblRWy2z2q3AwDsyK00613rHQAeInQHoJGyvJhM7fbTvgMAAHZN6x0AHrJ/w58AQM2ldvsNgTsAwJ5dCiEsZ3kx4ygB4O803QFojCwvpkMIbWE7AEBfXE8jZ7TeAWg0oTsAtZflxXh87Dk1sQAA6J/VFLzPO2MAmkroDkCtpXZ7nN1+3E0DAAzMYgrflx05AE0jdAeglrTbAQCGbjUtWW27CgCaROgOQO2kRV6x3T7mdgEAhk7rHYBGEboDUBup3R7D9nNuFQCgVGLrvd3ttOZcCwB1J3QHoBa02wEAKuFmar0vuS4A6kroDkClZXkxkcL2KTcJAFAZV7TeAagroTsAlZXlxWxalqrdDgBQPbH1PtvttBbcHQB1InQHoHK02wEAauVqLFJ0O60V1wpAHQjdAaiULC9is31Wux0AoFZupVnvWu8AVJ7QHYBKyPJiMrXbT7sxAIDa0noHoPL2u0IAyi61228I3AEAau9SCGE5y4sZVw1AVWm6A1BaWV5MhxDawnYAgEa6nkbOaL0DUClCdwBKJ8uL8fhYcWo6AQDQXKspeJ/3PQBAVQjdASiV1G6Ps9uPuxkAAJLYep/tdlrLDgSAshO6A1AK2u0AADzGalqy2t76ywBguITuAAxdWpQV2+1jbgNooqNH9ofnjj0Rnjt2YO1/PnrkwIZT+ONHX4Q7n98PH3z4Rfjj//si3Lnr93igsRbTyBmtdwBKSegOwNCkdnsM28+5BaBpYsD+8v84GE5NjIRnDu/f8d+++Ohv4dfvfx5+u3w3fHz73obXAWpO6x2A0hK6AzAU2u1AU7184mCYOnUotI5tbLPv1u+W74bF330ePij+6vsKaJqbqfW+5OYBKAuhOwADleXFRArbp5w80CSx0X7+zFO7arVv1+8//CK8ufCJ5jvQRFe6ndacmwegDITuAAxMlhezaVmqdjvQGKMj+8KF6afDyYmRgf2V3+3eCe9072z4c4Ca03oHoBSE7gD0nXY70FRxbvsPvvW1cGhk38BPILbe//3d2xauAk10Nc17X3H7AAyD0B2AvsryIjbbZ7XbgaaJs9u/O/30UP/Wf/rk3lrw/seP/rbhNYCau5Va7wsuGoBBE7oD0BdZXkymdvtpJww0TRkC9wc+u3s//PyXfxa8A02l9Q7AwPVvixMAjZXa7TcE7kATlSlwj+JomzjiJo66AWigSyGEpSwvZlw+AIOi6Q5Az2R5MR1CaAvbgaaKwfa/fruc07SKj/621ng34x1osOtp5IzWOwB9JXQHYM+yvBiPj+2mJhFAI42O7As/vjA+lKWp2/W75bvh3//3J75BgSZbTcH7vO8CAPpF6A7AnqR2e5zdftxJAk32L984HE5OjJT+BN5a+DT8+v3PN/w5QMPE1vtst9NadvEA9JqZ7gDsSmy3Z3kRR8m8J3AHmu7UxEglAvfo/Jmn1lr5AA13Ls16n236QQDQe5ruAOxYWkTVFrYD/F0cK/PM4er0Wf7zd5+Ft//rLxv+HKChFtPIGa13AHpC0x2AbUvt9jj/8m2BO8Dfnc1GKxW4R6+ePBSOHvFWACCZ0noHoJf8pg3AtqR2+3J6FBeAtDx16tShSh7FhenDG/4MoMHGQgivZ3kRw/dJ3wgA7IXQHYAtZXkxsa7dPrbV1wI0TZyPfqii89Gff/aJtVn0AHzF6RDCjSwv5hwLALsldAdgU+kR2yXtdoCNXmg9GV46cXDDn1dJ/NAAgEe6rPUOwG5ZpArABrHdHkK4luZbAvAIP/jW19ba4lX3bvdOeKd7xxUDbO5qCGGu22mtbPoVALCOpjsAX7Gu3S5wB9jEyycO1iJwj+JM+tGKjsgBGJBLadHqtAMHYDs03QFYkx6dvZbmWAKwiRhQ/+g7Y+GZw/Xpr/zm/c/DmwufbvhzADbQegfgsTTdAQhpUdQNgTvA48VmeJ0C9yjOpo8z6gF4rAet9xlHBcBmNN0BGky7HWBnjh7ZH3707bFwqIbjWH7/4Rfh57/884Y/B2BT10MIF7XeAXiYpjtAA2V5MZ7lRVu7HWBnzr/yVC0D9yjOqI+z6gHYtnMhhGWtdwAeJnQHaJi0AGopPRoLwDbF8SsnJ0ZqfVxnXxy1VBVgZ8ZCCG9neTGf5cWEswMgCN0BmmNdu/29EMJxVw+wM7HlXndxVn2cWQ/Ajp1Ls95nHR0AZroDNEB65LUtbAfYnTh25bvTTzfi9D67ez/87D9Ww8e37214DYBtWUyz3pcdF0AzaboD1Fhqt8/HR14F7gC7E8etnD9T/5b7A3FmfRNa/QB9NKX1DtBsQneAmkrt9uX0qCsAuxTHrdR1eepm4uz6OMMegF2Ls95fz/Iihu+TjhGgWYTuADUTFzita7ePuV+A3Tt6ZH94LRtt5AlquwP0xOkQwo0sL+YcJ0BzCN0BaiQ9wrqk3Q7QGxemDzf2JFvHDqzNsgegJy5rvQM0h0WqADUQ2+0hhGtpfiQAPRDHq3z/m0cafZRxqepP3lwJd+56zwDQQ1dDCHPdTmvFoQLUk6Y7QMWta7cL3AF66ML0040/zjjLPs60B6CnLqVFq9OOFaCeNN0BKio9mnotzYkEoIdi0DxjpvmXfvrWSvj49r0Nfw7Anmm9A9SQpjtABaVFTDcE7gC9NzqyL5xt6PLUzTR5tj1Anz1ovc84aID60HQHqBDtdoD+O3/mqfDqSSNVHvaLX90OHxR/3fDnAPTM9RDCRa13gOrTdAeogCwvxrO8aGu3A/TXc8cOCNw3YcY9QN+dCyEsa70DVJ/QHaDk0oKlpfToKQB9dP6MYHkzzxzeb6kqQP+NhRDezvJiPsuLCecNUE1Cd4CSWtdufy+EcNw9AfTXqYmR8PyzTzjlLcRZ93HmPQB9dy7Nep911ADVY6Y7QAmlR0rbwnaAwfnxhfG1Njdb+8/ffRbe/q+/bPk1APTUYpr1vuxYAarBuwqAEknt9vn4SKnAHWBwYoNb4L49ceZ9nH0PwMBMab0DVIt3FgAlkdrty+lRUgAG5OgRs8p3yux7gIGLs95fz/Iihu+Tjh+g3ITuAEMWFySta7ePuQ+AwYot90PmlO9InH0fZ+ADMHCnQwg3sryYc/QA5SV0Bxii9IjoknY7wHC80HoyvHTioNPfhfNnnqrcvzNAjVzWegcoL4tUAYYgtttDCNfSfEYAhuQH3/raWmub3Xm3eye8073j9ACG62oIYa7baa24B4By0HQHGLB17XaBO8AQvXzioMB9j+Is/DgTH4ChupQWrU67BoBy0HQHGJD06Oe1NIcRgCEaHdkXfvSdsfDMYYHxXv3m/c/DmwufVvsvAVAfWu8AJeBdBsAApEVHNwTuAOUQG9oC996IM/HjbHwASuFB633GdQAMj6Y7QB9ptwOUTxyH8m/fHXczPfT7D78IP//ln2vz9wGoieshhIta7wCDp94D0AdZXoxnedHWbgcon/OvPOVWeizOxo8z8gEolXMhhGWtd4DBE7oD9FhaYLSUHu0EoETiGJSTEyOupA/Ovji6NisfgFIZCyG8neXFfJYXE64GYDCE7gA9sq7d/l4I4bhzBSgfLff+iTPy46x8AErpXJr1Put6APrPTHeAHkiPbLaF7QDlFceffHf6aTfUZz99ayV8fPterf+OABW3mGa9L7tIgP7QdAfYg9Run4+PbArcAcorjj05f0bLfRA8TQBQelNa7wD9JXQH2KXUbl9Oj2oCUGJx3vgh88YHIs7Mj7PzASi1OOv99SwvYvg+6aoAekvoDrBDcQHRunb7mPMDKLejR/aHV0+aNT5I2u4AlXE6hHAjy4s5VwbQO0J3gB1Ij2AuabcDVMeF6cNua8Baxw6szdAHoDIua70D9I5FqgDbENvtIYRraf4hABURx5x8/5tHXNcQfHb3fvjJmyvhzl3vNwAq5moIYa7baa24OIDd0XQHeIx17XaBO0DFXJh+2pUNSZyhH2fpA1A5l9Ki1WlXB7A7mu4Am0iPVl5Lcw4BqJipU4fCjNniQ/fTt1bCx7fvNfwUACpL6x1gFzTdAR4hLRK6IXAHqKbR2LLOtKzLwEx9gErTegfYBU13gHW02wHqIY6Veckiz9L4xa9uhw+Kvzb9GACq7noI4aLWO8DjaboD/D1sH8/yoq3dDlB9zx07IHAvGbP1AWrhXAhhOcuLGdcJsDWhO9B46VHJpfToJAAVd/6MgLdsnjm8f23GPgCVNxZCeDvLi/lYXHKdAI8mdAcaa127/b0QwnHfCQDVd2piJDz/7BNusoTijP04ax+AWnjQep91nQAbmekONFJ6JLItbAeojxjo/ug7Y2utasrpN+9/Ht5c+NTtANTLYpr1vuxeAf7OOxKgUVK7fT4+EilwB6iXOL5E4F5ucdZ+nLkPQK1MxXGdWu8A/827EqAxUrt9OT0KCUCNHD1iZnhVmLkPUEtx1vvrWV4sZHkx6YqBphO6A7WX5cXEunb7mBsHqJ84L/yQeeGVEGfux9n7ANRSbL3fyPJizvUCTWamO1Br6RHHOWE7QH290HoyfP+bR7M880QAACAASURBVNxwhfzpk3vhZ/9rNdy5670IQI3dTLPel1wy0DRCd6CWYrs9hHAtNS0AqLEffOtra+1pquXd7p3wTveOWwOovyshhHa301px10BTGC8D1E5qty8J3AHq7+UTBwXuFRVn8MdZ/ADU3uW0aHXaVQNNoekO1EZa2BPb7afdKkD9jY7sCz++MG6We4X95v3Pw5sLnzb9GACa5Goc/6n1DtSdaglQC2lRzw2BO0BzxKa0wL3aXjpxcG0mPwCNcUnrHWgCTXeg0rTbAZopjiX5t++Ou/0a+P2HX4Sf//LPTT8GgCa6nhatar0DtaPpDlRSlhfjWV60tdsBmun8K0+5+ZqIM/njbH4AGudcCGE5y4sZVw/UjaY7UDnpUcTYbj/u9gCaJ44j+f43j7j5Gvns7v3wkzdXwp273psANJTWO1Armu5AZaxrt78ncAdoLi33+omz+eOMfgAa60Hrfda3AFAHmu5AJWi3AxDS8tQZoXtt/fStlfDx7XtNPwaApltMrfflph8EUF2a7kCppXb7vHY7AKMj+8LZbLTx51BnnmIAIH7GHkJY0noHqkzoDpRWWqiznB41BKDhzr44ujaGhPo6OTGyNrMfgMYbCyG8nuXFQpYXk00/DKB6hO5A6axrt7+dftkCoOGOHtkfXj1p5ncTaLsDsE5svd/I8mLOoQBVInQHSiU9QqjdDsBXXJg+7EAaonXsgKWqADzscpYXS1rvQFVYpAqUQpYXE2lR6pQbAWC9UxMj4Z+/IXRvks/u3g8/eXMl3LnrvQoAG1wJIbS7ndbKhlcASkLTHRi61G5fErgD8Cjnzxg30jRxdn+c4Q8Aj3A5LVqd3vgSQDlougNDkx4NbAvbAdjM2Ww0vJYJX5vqp2+thI9v32v6MQCwuashhDmtd6BsNN2BoUiLcG4I3AHYzOjIPrO9G84sfwAe45LWO1BGmu7AQKV2e5zdftrJA7CVC9NPh5dOHNziK2iCX/zqdvig+Ku7BuBxrocQLmq9A2Wg6Q4MRJYX4+va7QJ3ALb03LEDAnfWxA9fAGAbzoUQlrO8mHFYwLBpugN9lx71i+32404bgO34wbe+Fp5/9glnxZp3u3fCO907DgOA7dJ6B4ZK0x3om9Ruj4tS3xO4A7BdL584KHDnK+Js/zjjHwC26UHrfdaBAcOg6Q70hXY7ALsRg9UffWcsPHNYN4Sv+s37n4c3Fz7d8OcA8BiLqfW+vPWXAfSOdzNAT6V2+7x2OwC7ERvNAnceJc74j7P+AWCHpkIIS1rvwCB5RwP0TFpYs5we5QOAHTl6ZP9a6A6bOX/GUlUAdmUshPB6lhcLWV5MOkKg34TuwJ6ta7e/nX6ZAYAdO5uNhkPmdrOFOOs/zvwHgF2KrfcbWV7MOUCgn4TuwJ6kR/S02wHYkxdaT66ND4HHOfviqKWqAOzV5SwvlrTegX6xSBXYlSwvJtKi1CknCMBe/ejbY6FlXjfb9G73Tnine8dxAdALV0II7W6nteI0gV7RdAd2LLXblwTuAPRCHBcicGcn4uz/uAMAAHrgclq0Ou0wgV7RdAe2LT161xa2A9ArcUzIjy+Mm+XOjv3m/c/DmwufOjgAeulqCGFO6x3YK/UQYFvSopkbAncAeik2lgXu7EbcARB3AQBAD13Segd6QdMd2FJqt8fZ7ae3+joA2Kk4HuTfvjvu3Ni14qO/hZ/9x6oDBKAfrocQLmq9A7uh6Q48UpYX4+va7QJ3AHru/CtPOVT2JO4CiDsBAKAPzoUQlrO8mHG4wE5pugMbpEfpYrv9+IYXAaAH4liQ73/ziKNkzz67ez/85M2VcOeu9zUA9I3WO7Ajmu7Al1K7PS5KfU/gDkA/XZh+2vnSE3EnQNwNAAB99KD1PuuQge3QdAfWaLcDMCgxIJ0xWoYe++lbK+Hj2/ccKwD9tpha78tOGtiMpjs0XGq3z2u3AzAIoyP7wtls1FnTc3YEADAgUyGEJa13YCtCd2iwtBBmOT0qBwB9d/bF0bVxINBrJydG1nYFAMAAjIUQXs/yYiHLi0kHDjxM6A4NtK7d/nb6ZQEA+u65YwfCqyfN3qZ/7AoAYMBi6/1GlhdzDh5YT+gODZMegdNuB2Dgzp8RiNJfzxzeb6kqAMNwOcuLJa134AGLVKEhsryYSItSp9w5AIN2amIk/PM3Djt3+u6zu/fDT95cCXfuep8DwFBcCSG0u53WiuOH5tJ0hwZI7fYlgTsAw3L+jCWXDEbcGRB3BwDAkFxOi1anXQA0l6Y71Fh6tK0tbAdgmM5mo+G1TAjKYP30rZXw8e17Th2AYboaQpjTeofm0XSHmkrt9hsCdwCGaXRknxnbDMWFaeOMABi6S1rv0ExCd6iZLC/Gs7xYCCG87m4BGLY4ViaO+4BBe/7ZJ9Z2CQDAkB0PIbyX5cWci4DmMF4GaiSNk5lPP9QBYKheaD0Zvv/NIy6BofnTJ/fWlqoCQElcDyFcNG4G6k/THWoiPa62IHAHoCzOmuPOkD1zeL/vQwDK5Fx83x6fUHcrUG9Cd6iBLC8uxsfVQghj7hOAMnj5xMG18R4wbHGnwKgRRwCUx+k0533SnUB9Cd2h4lLg/j/dIwBlEQPOsy9qF1MOcadA3C0AACVyPDXeBe9QU0J3qDCBOwBlFJvFcawHlMVLJw6u7RgAgBKJT6rPGzUD9eTdEFRU+kS87f4AKJOjR/avhe5QNma7A1BCx814h3oSukMFpR/IC2a4A1A25195am2cB5RN3DEQdw0AQMnEGe/XXArUi9AdqkngDkDpxPEdJydGXAylFXcNWKoKQAmdy/JizsVAfQjdoWKyvGinT8IBoFRiyx3KLO4aMP4IgJK6nOXFtMuBehC6Q4WkH8CX3BkAZRPHdrSOHXAvlF4M3ePuAQAooWvmu0M9+G0TKiL94DXnDYDSieM6zp/Rcqca4s4BT2UAUFJxsaoxM1ADQneojtn0AxgASiU2hy1PpUri7oG4gwAASuiSMTNQfUJ3qIAsLybifDd3BUDZxDEdr2Wj7oXK0XYHoMS03aHihO5QDX7gAlBKF6YPuxgqKe4giLsIAKCEprK8uOhioLqE7lByqeX+PfcEQNnE8RzPP/uEe6Gy4i6CUaORACgn5TuoMKE7lJ8ftACU0oXpp10MlRZ3EcSdBABQQsezvJhxMVBNQncosSwvxrXcASijGFQ+c9ivklRf3EkQdxMAQAnNuhSoJr9dQrn5AQtA6cRxHGctT6VG7CYAoKSm0shZoGKE7lBuFqcAUDpxDvYhc7CpkbibIO4oAIASUsaDChK6Q0lleTEZZ7i5HwDK5LljB8JLJw66E2rHjgIASspcd6ggoTuUl5Y7AKVz/oxgknqKOwosVQWghI6nUh5QIUJ3KC+fZgNQKqcmRtbGcEBdxV0Fo0YnAVA+SnlQMUJ3KKG0KMVoGQBKJc5yhzqLuwrOvmhJMAClM+1KoFqE7lBOfqACUCqxARzHb0DdvXry0NruAgAokdNZXoy7EKgO75ygnITuAJTG0SNmXdMsdhcAUELmukOFCN2hnCbcCwBlEVvuh8y5pkHi7oK4wwAASkQ5DypE6A7lNOVeACiDF1pPhpdOHHQXNI4dBgCUjKY7VIjQHUomLVEFgFKILXdoorjDwPc/ACVipjtUiNAdykfoDkApvHzi4NqYDWiquMsg7jQAgBLwRDxUiN8goXx8eg3A0I2O7AtnX9TypdniLgNtdwAAdkroDuVjThsAQxcbvnG8BjRd3GkQdxsAwLBleaGkBxXhnRQAAF8Rx2m8pt0LX9J2B6AklPSgIoTuAAB8xflXnnIgsE7cbRB3HAAAwHYI3QEA+FIco3FyYsSBwEPijoO46wAAAB5H6A4AwJe03OHR4o6DuOsAAAAeR+gOAMCaOD6jdeyAw4BNxF0HcecBAABsxW+MUD4r7gSAQYtjM86f0XKHx/E0CADD0u20Fhw+VIPQHcpnyZ0AMGhxXvUh86rhseLOg7j7AAAANiN0BwBouDgu49WTZlXDdmm7AzAEqw4dqkPoDuWj6Q7AQF2YPuzAYQfi7oO4AwEABkhWABUidIeS6XZaKz7BBmBQ4piM5599wnnDDsUdCKNGMgEwOMvOGqpD6A7l5BNsAAbiwvTTDhp2Ie5AiLsQAGBA5ARQIUJ3KCcbyQHou7PZaHjmsF8HYbfiLoS4EwEABkDoDhXiN0QoJz9MAeirOBZj6pTlqbBXdiIAMAjdTks5DypE6A7l5IcpAH0V51EfMo8a9izuRIi7EQCgjxYdLlSL0B1KKC1T9UMVgL547tiB8NKJgw4XesRuBAD6bN4BQ7UI3aG8/FAFoC/OnxEQQi/F3QjGNQHQR/IBqBihO5SXH6oA9NypiZG1cRhAb8XFxKNGNgHQeze7ndayc4VqEbpDSaUfqkbMANAzMRCMs9yB3jvk/78A6I9rzhWqR+gO5eaHKwA9E8dfxDEYQH/EXQlxZwIA9JBcACrIuy4osW6nFX+4rrojAPbq6BEzp2EQ7EwAoIfe6HZaKw4UqkfoDuXXdkcA7FWcN33IvGnou7gzIe5OAIAekAdARQndofza2u4A7MULrSfXxl4AgxFnu1uqCsAeLXY7rSWHCNUkdIeSS4+S+XQbgF2LLXdgcOLuBOOcANijWQcI1SV0h2qIofstdwXATr184uDauAtgsGLoHncpAMAuvKHlDtXmt0CogNR2n3NXAOxEHG8Rx1wAgxd3KHjKBIBdWNVyh+oTukNFdDuta3Gmm/sCYLti09byVBieuEsh7lQAgB2YS8U7oMKE7lAtFy1VBWA74liL17RsYei03QHYgbg81U43qAGhO1RIt9Na9pgZANtx/hVjZaAM4k6FuFsBAB4jFuxmtv4SoCqE7lAxaczMG+4NgM3EcRYnJ0Y2eRUYtLhbYdSoJwC2dtFYGagPoTtUULfTimNmbro7AB5Fyx3KJe5WiDsWAGATV7qd1vyjXwKqSOgO1TUteAfgYTHYax07sOHPgeGKOxbirgUAeMgb3U5rbsOfApXmtz6oqPTYmcWqAHwpjq+wtBHKy1MoADzkjfQkO1AzQneosG6ntZQa74J3AMLZF0fXxlgA5RR3LcSdCwAQQlgUuEN9Cd2h4gTvAERxbMWrJ82MhrLTdgcgNdynHQTUl9AdaiAF7xNmvAM014Xpw24fKiDuXLBUFaDRjJSBBhC6Q02kGe/xk/Lr7hSgWU5NjITnn33CrUNFxN0Lo0ZBATTRPwncoRmE7lAjMXjvdlozIYQfuleA5jh/xrgKqJK4eyHuYACgMW6FEL7e7bSuuXJoBqE71FC302rHH+jGzQDUX2zMPnPYr3RQNXEHQ9zFAEDtxafRJ9NYWKAh9t2/f99dQ41leTEXQrjsjgHqJ46n+PGF8bXWLFA9v//wi/DzX/7ZzQHU02oI4WK305p3v9A8qhVQc91Oa07rHaCe4lgZgTtUV9zF8ELrSTcIUD9XQwgTAndoLk13aJDUep8NIYy5d4Bqe+7YgfCv3/Zf51B1f/rkXvjJmyvuEaAebqV2+4L7hGbTdIcGSa33yRDConsHqLbzZ552g1ADcSdD3M0AQOVdTbPbBe6Apjs0VZYXsfE+p/UOUD0vnzgYvjstdIe6+Ozu/bW2+5273psBVFAc5TorbAfW03SHhup2Wm2td4DqictTz76oFQt1EnczxB0NAFTOlW6npd0ObCB0hwbrdlrL3U5rOk4pSJvVASi5qVOH1sZRAPXy0omDa7saAKiE2G7/ehrhCrCBd2xASBvVJ0II150GQHkdPbJ/LXQH6smuBoDSW13Xbl9yXcBmzHQHviLLi5kQwjWz3gHK58L002ttWKC+3lr4NPz6/c/dMED5xNGsF+MT4+4GeBxNd+Ar1rXerzoZgPJ4ofWkwB0aIO5siLsbACiN2G7/YRzNKnAHtkvTHdhUlhfTqfV+fLOvAWAwfvTtsdAy7xka4d3unfBO947LBhg+7XZgVzTdgU2lDeyTWu8Aw/XyiYMCd2iQuLsh7nAAYGhiu/28djuwW36TA7bU7bRWup3WbAjhH9OGdgAGKI6ZOH/mKUcODXJoZF84m426coDhuB5HrqbRqwC7YrwMsCNZXsyFEC47NYDBiMHba8I3aKRf/Op2+KD4q8sHGIzVNEpG2A7smaY7sCPdTiuG7l/XegfovzheQuAOzXX+FU+5AAzIVe12oJc03YFdS633OHpmzCkC9N6/fONwODkx4mShwd5a+DT8+v3PfQsA9Met1G5fcL5AL2m6A7uWWu+TaaM7AD30QutJgTuwttMh7nYAoOdiu31S4A70g6Y70BNZXsTG+5zWO0Bv/PjCeHjmsH4EEMK73Tvhne4dJwHQG3FU6qywHegn7+SAnuh2Wm2td4DeePnEQYE78KWpU4e03QF640q309JuB/rOuzmgZ7qd1nK305oOIfxT2vwOwC7EgA3ggUMj+/z3AsDexHb719OIVIC+E7oDPdfttK7Fze8hhOtOF2Bnnjt2ILSOHXBqwFe8/D8OOhCAnVtd125fcn7AoAjdgb7odlor3U5rJu7/0noH2D7BGvAoceTUcz6QA9iJxbQoVbsdGDihO9BX3U5rPrXe33DSAI93amLEKQGP5EM5gG2Jpa8fxtGncQSqIwOGQegO9F1qvV8MIfxjCOGWEwd4tKNH9lugCmzqhWef3OwlAP7uQbu97TyAYfKuDhiYtCF+MoRw1akDbPTcsSc2/BnAA/Y9AGwqttvPa7cDZSF0BwYqtd5ntd4BNjKvGXicF1ra7gAPuR5HmqbRpgCloE4FDEVqvU9keRGX2lx2CwBCd+DxRkf2OSWAv4vt9ovCdqCMNN2BoUqb5L8eQrjpJoCmGz3oVzNgaz6cA1hzVbsdKDNNd2Doup3WUpz1rvUOAADAFm6ldvvC5l8CMHzqVEBppNb7P6SN8wAAAPBAbLdPCtyBKtB0B0olbZqfzvIiLluNIfyYGwIAAGisOIp0VtgOVImmO1BK3U6rHVsMWu8AAACNdaXbaWm3A5UjdAdKK7beu53WdAjhn9JmeoBau/P5PRcMbOmDD7/Y6mWAuojt9q+nEaQAlSN0B0qv22ldi5vpQwjX3RZQZ3/86G/uFwBostV17fYl3wlAVQndgUrodlor3U5rJoRwXusdqCuhO/A4HxR/fcxXAFTWYlqUqt0OVJ7QHaiUbqc1n1rvb7g5oG7++JGxEcDmCh/MAfUUS1U/jKNF44hRdwzUgdAdqJzUer8YQvjHEMItNwjUxce37wnVgE198KGWO1A7D9rtbVcL1InQHaistMF+MoRw1S0CdSFUAzbz6//7+SavAFRObLf/k3Y7UFdCd6DSUut9VusdqIvF337mLoEN/vTJPXsfgLq4HkeGdjuta24UqKt99+/fd7lAbWR5EZfuXHajQJX94FtfC88/+4Q7BL40/3/+4kM5oOpiu/1i2tMFUGua7kCtpE33Xw8h3HSzQFW9073j7oAvfXb3vtEyQNW9kdrtAnegETTdgdrSegeqTNsdeODd7h0fxgFVdSu12xfcINAkmu5AbaXW+z+kjfgAlSJgA0Ka5W6sDFBRV0MIkwJ3oIk03YFGyPIiLluNIfyYGweq4vyZp8KrJw+5L2iwX/zqdvig+KtvAaBKtNuBxhO6A42R5cVECCFuyJ9y60AVjI7sWxsz0zp2wH1BA/3n7z4Lb//XX1w9UCVX0hPHAI0mdAcaJ8uLiyGEttY7UAXPHTuwFrwfGtnnvqBBio/+Fn72H6uuHKiKm6ndvuTGAITuQENleTGeWu/nfA8AZReD93/9ts8JoSli4P7zX/453LnrvRpQCdrtAA8RugONluXFTArfpVlAqb184uDajHeNd6g3gTtQIYup3b7s0gC+SugONF5qvcdxM99r+lkA5WbUDNSbwB2oiDj7aq7babVdGMCjCd0BkiwvplPr/bgzAcrq6JH94V++ccRyVagZS1OBitBuB9gGoTvAOqn1HucRXnIuQJmdzUbDa9moO4KK+9Mn99bC9t8u33WVQJnFdvtst9O65pYAHk/oDvAIWu9AFcTW+/lXngonJ0bcF1TMZ3fvh8Xffrb2j3EyQMldT+32FRcFsD3/n737ia0sPfMC/FanOulAkuqZSCM4o1G7YTSrabWtq9kgkXZtRmxQ24CQYNOOZoXEVbtGsLa9YsEits4WMS6Ehg0oNmIxsBm7kRiR4Whs1WyIgrCFctlMQplMJtVJpwt9le82t8t2+d+5954/zyO1EuVYat/3c1mp3/3d9xO6A7zCYDhKrfeNy78CYP7Srvf33nkjfus3vuQ0oOFSs/07//1jYTvQBmc5bN9zWgA3I3QHuMJgOFrMrfd3X/2VAPP15S/ei3cWvhjvLLwev1687sJVaIgUtH9v9LN4cvIza2SAtnic18lotwPcgtAd4Jq03oG2SetnfvmrX4hf/6v3G/edj7+35K838Puj+dJ6lu//4Ocvvs/v/+CT+MnHzfp7zU/y9/f9P/tEox1ok9Pcbj9wagC3J3QHuIHBcLSQW+/vmRtAfdKKnF/9+v0XLX076rnIZFs8/acgG6B2OxGxqd0OcHdCd4BbGAxH6+n/kEbEA/MDqNd4TU7aU198/Qum23N//N2P4zvf/emLoB2AqdBuB6iZ0B3glrTeAaYv7ab/h8t/OX7pK6+Zds+ksP0Pqp/ED3/0ad9HATBNW1VZbJowQL2E7gB3NBiO1iJiW+sdYHpS6/1vDb7sctgeSGtkfv/gx5rtANN1nNvtR+YMUD+hO0ANBsPRm7n1/r55AkxHunz1d377q1bOdFhqt3/7v/yFfe0A06XdDjBlQneAGg2Go5Ucvmu9A0xB2ve++jf+UvzWb3zJeDvm3xz8OL7z3Y/7PgaAaTrM7fYTUwaYLqE7QM1y6z2tm/nAbAGmI+15F7x3w7OfPn/Rbhe4A0zNWURsVmWxbcQAsyF0B5iSwXC0nFvvb5kxQP0E793wL//Tn8eTk5/2fQwA06LdDjAHQneAKcqt97Qv8UNzBqjf7/z2V+I3F75osi1lpQzA1KR2+3pVFrtGDDB7QneAGdB6B5iOtOP9H//tr7lctYU++tNnL9bKAFC7/dxuf2q0APMhdAeYocFwlFrvG2YOUJ9f/foX4p/8XfdXt8noBz+Pf/7vzvo+BoC6neWwfc9kAebrNfMHmJ2qLFLovhQRx8YOUI/v/+Dn8R+rn5hmi3z7jzTcAWr2OCIWBO4AzaDpDjAnWu8A9UlrZv7p33sQv/QVnZKm++Pvfhy/f/Djvo8BoC6nud1+YKIAzeFvJQBzklvvb0fEoTMAuJuf/PR5/MF/03Zvgz/wqQSAuuxExKLAHaB5NN0BGmAwHK1HRArhLSUGuIN/tvZL8cYX7xlhQ2m5A9RCux2g4TTdARqgKovt1FLRege4m+9892MTbLDDJ8/6PgKAu9qqymJB4A7QbEJ3gIaoyuKkKovliPhmRJw5F4CbE+o21//5809fXHoLwK0cR8RSXlEJQMMJ3QEapiqL3YhYiIh9ZwNwMz/80acxEuw20pOTn/Z9BAC3ldrtaXf7kQkCtIPQHaCBqrJ4WpXFSkSsar0D3Mz3/vfPTKyBnpw4F4AbSqsn39ZuB2gfoTtAg1VlsZdb74+dE8D1fG/0iUk10PdGQneAa0qlm0dp9WRaQWloAO0jdAdouNx6X4uIhxFx6rwAXu2HP7Jepmms/AG4ttRuT6tkto0MoL2E7gAtUZXFQfo/4BGx48wALueyzub5yU+f930EAFdJ7fZvarcDdIPQHaBFcut9Xesd4NWeCXkbxWoZgFfaTyslq7LYfdUXAdAeQneAFkqt96os0q73LecHcJ62OwAtkNrtq1VZrKRyjQMD6A6hO0CLVWWxGRFLEXHsHAEAoDUe53b7niMD6J77zhSg3aqyOEq73gfDUQrgNxwnAAA0VloRuZbvawKgozTdAToit97fjohDZwoAAI2zk8oyAneA7tN0B+iQqixOImJ5MByly1ZTCP/A+QIAwFxptwP0jKY7QAdVZbGdWjRa7wAAMFdbVVksCNwB+kXoDtBRqfVelcVyRDyKiDPnDAAAM3McEUt5BSQAPSN0B+i43HpfiIh9Zw0AAFOX2u1pd/uRUQP0k9AdoAeqsnhalcVKRKxqvQMAwFSk1Y5va7cDIHQH6JGqLPa03gEAoFap1PIorXZMKx6NFgChO0DPTLTeH0bEqfMHAIBbS+32xbzSEQBeELoD9FRVFgfpLwgRseNnAAAAbiS127+p3Q7ARYTuAD2WW+/rWu8AAHBtaVXjQlUWu0YGwEWE7gBMtt63TAMAAC6U2u2raVVjKq9c9AUAEEJ3AMZy630zIpYi4thgAADgM49zu33PSAC4yv0rngPQM1VZHKXW+2A4SgH8hvMHAKDH0grGtfzJUAC4Fk13AC400Xo/vOg5AAB03E4qowjcAbgpTXcALpVb78uD4ShdtppC+AeXfS0AAHSEdjsAd6LpDsCVqrLYzhetar0DANBlW1VZLAjcAbgLoTsA11KVxUlVFssR8SgizkwNAIAOOU6rFfOKRQC4E6E7ADeSW+8LEbFvcgAAdEBqty/m1YoAcGdCdwBurCqLp1VZrETEqtY7AAAtlVYnvq3dDkDdhO4A3FpVFnta7wAAtEwqjTxKqxPTCkWHB0DdhO4A3MlE6/1hRJyaJgAADZba7Yt5ZSIATIXQHYBaVGVxkP4CExE7JgoAQMNotwMwM0J3AGqTW+/rWu8AADRIWoW4oN0OwKwI3QGo3UTrfct0AQCYk9RuX02rEFM5xCEAMCtCdwCmIrfeNyNiKSKOTRkAgBkat9v3DB2AWbtv4gBMU1UWR6n1PhiOUgC/YdgAAExRWnG4lj95CQBzoekOwExMtN4PTRwAgClIF/ovCtwBmDdNdwBmJrfelwfDUbpsNYXwD0wfAIA70m4HoFE03QGYAKeNEAAAIABJREFUuaostvNFq1rvAADcxZZ2OwBNo+kOwFxUZXGi9Q4AwC0d53b7kQEC0DSa7gDMVW69L0TEvpMAAOAatqqyWBS4A9BUQncA5q4qi6dVWaxExGpEnDkRAAAukFYTLuUL+gGgsYTuADRGVRZ7Wu8AALwklTIeVWWxrN0OQBsI3QFolInW+8OIOHU6AAC9dpgvSt3u+yAAaA+hOwCNVJXFQfoLVkTsOCEAgN6ZbLefOH4A2kToDkBj5db7utY7AECvpFWDC9rtALSV0B2AxptovW85LQCAzkrt9tW0ajCVLxwzAG0ldAegFXLrfTMiliLi2KkBAHTKuN2+51gBaLv7ThCANqnK4ii13gfDUQrgNxweAECrpRWCa/mTjQDQCZruALTSROv90AkCALRSujB/UeAOQNdougPQWrn1vjwYjtJlqymEf+A0AQAaT7sdgE7TdAeg9aqy2M4XrWq9AwA025Z2OwBdp+kOQCdUZXGi9Q4A0FjHud1+5IgA6DpNdwA6JbfeFyJi38kCADTCVlUWiwJ3APpC6A5A51Rl8bQqi5WIWI2IMycMADAXafXfUr4AHwB6Q+gOQGdVZbGn9Q4AMHOp9PCoKotl7XYA+kjoDkCnTbTeH0bEqdMGAJiqw3xR6rYxA9BXQncAeqEqi4P0F8CI2HHiAAC1m2y3nxgvAH0mdAegN3LrfV3rHQCgVmmV34J2OwD8gtAdgN6ZaL1vOX0AgFtL7fbVtMovlRuMEQB+QegOQC/l1vtmRCxFxLGfAgCAGxm32/eMDQA+7/65/wUAeqQqi6PUeh8MRymA33D2AACvlFb0reVPDgIAF9B0B4BfhO/j1vuheQAAXChdSL8ocAeAV9N0B4Ast96XB8NRumw1hfAPzAYAQLsdAG5C0x0AXlKVxXa+aFXrHQDouy3tdgC4GU13ALhAVRYnWu8AQI8d53b7kR8CALgZTXcAeIXcel+IiP3LvwoAoFO2qrJYFLgDwO0I3QHgClVZPK3KYiUiViPi7NVfDQDQWmm13lK+YB4AuCWhOwBcU1UWe1rvAEAHpVLBo6oslrXbAeDuhO4AcAMTrfeHEXFqdgBAyx3mi1K3HSQA1EPoDgC3UJXFQfoLakTsmB8A0EKT7fYTBwgA9RG6A8At5db7utY7ANAyaVXegnY7AEyH0B0A7mii9b5llgBAg6V2+2palZfKAw4KAKZD6A4ANcit982IWIqIYzMFABpm3G7fczAAMF33zRcA6lOVxVFqvQ+GoxTAbxgtADBnaQXeWv5kHgAwA5ruADAFWu8AQAOkC98XBe4AMFua7gAwJROt93TZagrhH5g1ADAD2u0AMEea7gAwZVVZbOeLVg/NGgCYsi3tdgCYL013AJiBqixOImJZ6x0AmJLj3G4/MmAAmC9NdwCYoYnW+765AwA12arKYlHgDgDNIHQHgBlLrfeqLFYiYjUizswfALiltLpuKV/gDgA0hNAdAOakKou9iFjQegcAbii9af+oKotl7XYAaB6hOwDMUVUWTyda76fOAgC4wmG+KHX71V8GAMyL0B0AGiC33tOu9x3nAQBcYLLdfnL+MQDQFEJ3AGiI3Hpfj4iHWu8AwIS0im5Bux0A2kHoDgANU5XFgdY7AJDb7atpFV16c95AAKAdhO4A0EATrfeliDh2RgDQO+N2+56jB4B2ue+8AKC5qrI4Sq33wXC0GREbjgoAOi+tmFvLn3wDAFpI0x0AWqAqi02tdwDovLRablHgDgDtpukOAC0x0XpPa2dSCP/A2QFAJ2i3A0CHaLoDQMtUZbGdL1o9dHYA0Hpb2u0A0C2a7gDQQlVZnETEstY7ALTWcW63HzlCAOgWTXcAaLGJ1vu+cwSA1tiqymJR4A4A3SR0B4CWS633qixWImI1Is6cJwA0Vmq3L+UL0gGAjhK6A0BHVGWxFxELWu8A0DjpTfFH2u0A0A9CdwDokKosnk603k+dLQDM3WG+KHXbUQBAPwjdAaCDcus97Xrfcb4AMBfjdvtyvgAdAOgJoTsAdFRuva9HxEOtdwCYqX3tdgDoL6E7AHRcVRYHWu8AMBOp3b6aVr1ptwNAfwndAaAHJlrvSxFx7MwBoHap3b6QV7wBAD123+EDQH9UZXGUWu+D4WgzIjYcPQDcWVrhti5sBwDGNN0BoIeqstjUegeAO9vJu9sF7gDAZzTdAaCnJlrvae1MCuEf+FkAgGtJ7fa1fG8KAMDnaLoDQM9VZbGdL1o97PssAOAaxu12gTsAcCFNdwAgBe8nEbGs9Q4AlzrO7fajy74AACA03QGASROt932DAYDPbFVlsShwBwCuQ+gOAHxOar1XZbESEasRcWY6APRYarcv5QvIAQCuRegOAFyoKou9iFjQegegh9Kbzo+02wGA2xC6AwCXqsri6UTr/fSyrwOADjnMF6VuO1QA4DaE7gDAlXLrPe163zEtADpq3G5fzheMAwDcitAdALiW3Hpfj4iHWu8AdMy+djsAUBehOwBwI1VZHGi9A9ARqd2+mlapabcDAHURugMANzbRel+KiGMTBKCFUrt9Ia9QAwCozX2jBABuqyqLo9R6HwxHmxGxYZAAtEBakbYubAcApkXTHQC4s6osNrXeAWiBnby7XeAOAEyNpjsAUIuJ1ntaO5NC+AcmC0BDpHb7Wr6XBABgqjTdAYBaVWWxnS9aPTRZABpg3G4XuAMAM6HpDgDUriqLk4hY1noHYI6Oc7v9yCEAALOk6Q4ATM1E633flAGYoa2qLBYF7gDAPAjdAYCpSq33qixWImI1Is5MG4ApSu32pXzBNwDAXAjdAYCZqMpiLyIWtN4BmIL0pu4j7XYAoAmE7gDAzFRl8XSi9X5q8gDU4DBflLptmABAEwjdAYCZy633tOt9x/QBuKVxu305X+ANANAIQncAYC5y6309Ih5qvQNwQ/va7QBAUwndAYC5qsriQOsdgGtK7fbVtKpMux0AaCqhOwAwdxOt96WIOHYiAFwgtdsX8ooyAIDGuu9oAICmqMriKLXeB8PRZkRsOBgA8gqydWE7ANAWmu4AQONUZbGp9Q5AXj22KHAHANpE0x0AaKSJ1ntaO5NC+AdOCqA3Urt9Ld/7AQDQKpruAECjVWWxnS9aPXRSAL0wbrcL3AGAVtJ0BwAaryqLk4hY1noH6LTj3G4/cswAQJtpugMArTHRet93agCdslWVxaLAHQDoAqE7ANAqqfVelcVKRKxGxJnTA2i11G5fyhdoAwB0gtAdAGilqiz2ImJB6x2gldKbpo+02wGALhK6AwCtVZXF04nW+6mTBGiFw3xR6rbjAgC6SOgOALRebr2nXe87ThOgscbt9uV8QTYAQCcJ3QGATsit9/WIeKj1DtA4+9rtAEBfCN0BgE6pyuJA6x2gMVK7fTWtAtNuBwD6QugOAHTOROt9KSKOnTDAXKR2+0JeAQYA0Bv3HTUA0FVVWRyl1vtgONqMiA0HDTATacXXurAdAOgrTXcAoPOqstjUegeYiZ28u13gDgD0lqY7ANALL7Xe0+qZB04eoDap3b6W79UAAOg1TXcAoFdy6z1dtHro5AFqMW63C9wBgN4LTXcAoI+qsjiJiOXBcJQa75ta7wC3cpzb7UfGBwDw/2m6AwC9VZXFttY7wK1sVWWxKHAHADhP6A4A9FpqvVdlsRwRqxFx1vd5AFwhtduX8qouAAAuIHQHAPhF+L4XEQsRsW8eAOekNyUfabcDAFxN6A4AkFVl8bQqixWtd4DPOcwXpW4bCwDA1YTuAAAvmWi975x7CNAf43b7cr6AGgCAaxC6AwBcILfe1yPiYUScnv8KgE7b124HALgdoTsAwCtUZXGQgietd6AnUrt9Na3a0m4HALgdoTsAwBVear0fv/qrAVortdsX8ootAABu6b7BAQBcz7j1PhiONiNiw9iAjkgrtNaF7QAA9dB0BwC4oaosUui+pPUOdMBO3t0ucAcAqImmOwDALVRlcTTRek+rZx6YI9Aiqd2+lj/BAwBAjTTdAQDuILfe00Wrh+YItMS43S5wBwCYAk13AIA7qsriJCKWB8NRarxvar0DDXWc2+1HDggAYHo03QEAalKVxbbWO9BQW1VZLArcAQCmT+gOAFCj1HqvymI5IlYj4sxsgTlL7falvAoLAIAZELoDAExBVRZ7EbEQEfvmC8zBmXY7AMB8CN0BAKakKounVVmsaL0DM3aYL0rVbgcAmAOhOwDAlE203nfMGpii9Obeo7TiKl/wDADAHAjdAQBmILfe1yPiYUScmjlQs3G7fdtgAQDmS+gOADBDVVkcpGBM6x2oSWq3r2q3AwA0h9AdAGDGXmq9H5s/cEvpouaFvMIKAICGuO8gAADmY9x6HwxH6bLDDccAXFNqt68J2wEAmknTHQBgzqqySKH7ktY7cA072u0AAM2m6Q4A0ABVWRxNtN7T6pkHzgWYcJrb7QeGAgDQbJruAAANklvv6aLVQ+cCZKndvihwBwBoB013AICGqcriJCKWB8NRarxvar1Db6WVU+vCdgCAdtF0BwBoqKostrXeobe2qrLQbgcAaCGhOwBAg6XWe1UWyxGxGhFnzgo6L7Xbl/KqKQAAWkjoDgDQAlVZ7EXEQkTsOy/opLOJdvuRIwYAaC+hOwBAS1Rl8bQqixWtd+icw3xRqnY7AEAHCN0BAFpmovW+4+yg1dKbZ4/SCql8gTIAAB0gdAcAaKHcel+PiIcRceoMoXXG7fZtRwcA0C1CdwCAFqvK4iAFd1rv0Bqp3b6q3Q4A0F1CdwCAlnup9X7sPKGx0kXIC3lFFAAAHXXfwQIAdMO49T4YjtJljBuOFRojtdvXhO0AAP2g6Q4A0DFVWaTQfUnrHRphR7sdAKBfNN0BADqoKoujidZ7Wj3zwDnDTJ3mdvuBsQMA9IumOwBAh+XWe7po9dA5w8ykdvuiwB0AoJ803QEAOq4qi5OIWB4MR6nxvqn1DlOTVjqtC9sBAPpN0x0AoCeqstjWeoep2arKQrsdAAChOwBAn6TWe1UWyxGxGhFnDh/uLLXbl/IqJwAAELoDAPRRVRZ7EbEQEft+AOBWziba7UdGCADAmNAdAKCnqrJ4WpXFitY73NhhvihVux0AgHOE7gAAPTfRet/p+yzgCunNqUdpRVO+oBgAAM4RugMAMG69r0fEw4g4NRE4Z9xu3z73BAAAJgjdAQD4TFUWBylY1HqHz6R2+6p2OwAA1yV0BwDgc15qvR+bDj2WLhpeyCuYAADgWu4bEwAAFxm33gfDUboscuOCL4GuSu32NWE7AAC3oekOAMArVWWRQvclrXd6Yke7HQCAu9B0BwDgSlVZHE203tPqmQemRsec5nb7gYMFAOAuNN0BALi23HpPF60emhodktrtiwJ3AADqoOkOAMCNVGVxEhHLg+EoNd43td5psbQyaV3YDgBAnTTdAQC4laostrXeabGtqiy02wEAqJ3QHQCAW0ut96osliNiNSLOTJIWSO32pbwqCQAAaid0BwDgzqqy2IuIhYjYN00a6myi3X7kkAAAmBahOwAAtajK4mlVFita7zTQYb4oVbsdAICpE7oDAFCridb7jskyZ+nNn0dpBVK+ABgAAKZO6A4AQO1y6309Ih5GxKkJMwfjdvu24QMAMEtCdwAApqYqi4MUfGq9M0Op3b6q3Q4AwLwI3QEAmKqXWu/Hps0UpYt8F/KKIwAAmIv7xg4AwCyMW++D4ShdZrlh6NQotdvXhO0AADSBpjsAADNVlUUK3Ze03qnJjnY7AABNoukOAMDMVWVxpPXOHZ3mdvuBQQIA0CSa7gAAzE1uvb8dEYdOgRtI7fZFgTsAAE2k6Q4AwFxVZXESEcuD4ShdtppC+AdOhEuklUTrwnYAAJpM0x0AgEaoymI7tZe13rnEVlUW2u0AADSe0B0AgMZIrfeqLJYj4psRceZkyO32pbyKCAAAGk/oDgBA41RlsRsRCxGx73R662yi3X7U92EAANAeQncAABqpKounVVmsRMSq1nvvHOaLUrXbAQBoHaE7AACNVpXFXm69P3ZSnZfeXHmUVgzlC3YBAKB1hO4AADRebr2vRcTDiDh1Yp00brdv930QAAC0m9AdAIDWqMriIAWzEbHj1DojtdtXtdsBAOgKoTsAAK2SW+/rWu+dkC7KXcgrhAAAoBPuO0YAANoot94XBsNRumxzwyG2Smq3rwnbAQDoIk13AABarSqLFLovRcSxk2yFHe12AAC6TNMdAIDWq8riKO1613pvtNPcbj/o+yAAAOg2TXcAADojt97f/tLr8dSpNsfXv/aF/5reFBG4AwDQB/eeP3/uoAEA6JSPnjxL4e57TrUxtr7xzhubfR8CAAD9oOkOAEAXbefLOpm/tGvf/nYAAHpD0x0AgE766MmzNyNiNyLed8Jzo+EOAEDvCN0BAOi0j548W8nh+wMnPTOH6dLUb7zzxklPXi8AAHxG6A4AQOfl1ntaOfOB056qtNJn8xvvvLHd4dcIAACvJHQHAKA3PnrybDm33t9y6rXTbgcAoPdC6A4AQN/k1nvaM/6hw69Farevf+OdN3Y78FoAAODOhO4AAPSS1nst9nO7/WkHXgsAANRC6A4AQK999ORZar1v9H0ON3SWw/a9Vn3XAAAwA0J3AAB676MnzxZz6/3dvs/iGh7ndTLa7QAAcAGhOwAAZFrvr3Sa2+0Hr/oiAADou9f6PgAAABj7xjtvpND97Yg4NJTP2YmIRYE7AABcTdMdAAAu8NGTZ+sRkUL4B+ef9oZ2OwAA3JDQHQAALvHRk2cLedf7exd/Radt5eY/AABwA0J3AAC4wkdPnq1FxHZPWu/Hud1+dO4JAABwJaE7AABcw0dPnr2ZW+/vd3he2u0AAHBHQncAALiBj548W8mt97c6NLfD3G4/OfcEAAC4EaE7AADcwkdPnqVG+HrLV864KBUAAGomdAcAgFvKK2fWn0c8uhfxtRbNMYXtm994543dc08AAIA7EboDAMAd5fB97fnz+N179+LXGjzPtEZm+xvvvLF37gkAAFALoTsAANQo7Xz/2SfP//7r9+/9gybM9eOfPf/Bl16/969z2G5nOwAATJnQHQAApiC331d++KNP/9FXv3xv8fX79744qzn/+NnzH336/Pm//eqXX/v3Wu0AADBbQncAAJiBj548W/5ff/bJWjyPv/krb37hrS+9fu8Ldf1bf/B/Pz378ceffveTn8d/+Gt/5f6/0mgHAID5EboDAMAcpCb8f/7TZ2tffP3eb37p9Xu//umn8Wu/8uZrv5y+k59+El95/jzuj7+r178Qf/7aa/FJ+u/f/8HPT7/0+r2nf/Hs+R998fV7/+N3/87X/oXzAwCA5hC6AwAAAABATV4zSAAAAAAAqIfQHQAAAAAAaiJ0BwAAAACAmgjdAQAAAACgJkJ3AAAAAACoidAdAAAAAABqInQHAAAAAICaCN0BAAAAAKAmQncAAAAAAKiJ0B0AAAAAAGoidAcAAAAAgJoI3QEAAAAAoCZCdwAAAAAAqInQHQAAAAAAaiJ0BwAAAACAmgjdAQAAAACgJkJ3AAAAAACoidAdAAAAAABqInQHAAAAAICaCN0BAAAAAKAmQncAAAAAAKiJ0B0AAAAAAGoidAcAAAAAgJoI3QEAAAAAoCZCdwAAAAAAqInQHQAAAAAAaiJ0BwAAAACAmgjdAQAAAACgJkJ3AAAAAACoidAdAAAAAABqInQHAAAAAICaCN0BAAAAAKAmQncAAAAAAKiJ0B0AAAAAAGoidAcAAAAAgJoI3QEAAAAAoCZCdwAAAAAAqInQHQAAAAAAaiJ0BwAAAACAmgjdAQAAAACgJkJ3AAAAAACoidAdAAAAAABqInQHAAAAAICaCN0BAAAAAKAmQncAAAAAAKiJ0B0AAAAAAGoidAcAAAAAgJoI3QEAAAAAoCZCdwAAAAAAqInQHQAAAAAAaiJ0BwAAAACAmgjdAQAAAACgJkJ3AAAAAACoidAdAAAAAABqInQHAAAAAICaCN0BAAAAAKAmQncAAAAAAKiJ0B0AAAAAAGoidAcAAAAAgJoI3QEAAAAAoCZCdwAAAAAAqInQHQAAAAAAaiJ0BwAAAACAmgjdAQAAAACgJkJ3AAAAAACoidAdAAAAAABqInQHAAAAAICaCN0BAAAAAKAmQncAAAAAAKiJ0B0AAAAAAGoidAcAAAAAgJoI3QEAAAAAoCZCdwAAAAAAqInQHQAAAAAAaiJ0BwAAAACAmgjdAQCAqRoMRwsmDABAXwjdAQCAadsdDEd7g+HoTZMGAKDrhO4AAMAsvB8RJ4PhaMW0AQDoMqE7AAAwKw8i4tta7wAAdJnQHQAAmLVx633d5AEA6BqhOwAAMA+p9f6twXB04KJVAAC6ROgOAADM03sRcaT1DgBAVwjdAQCAeZtsvS86DQAA2kzoDgAANEVqvf/JYDjadCIAALSV0B0AAGiajcFwdKT1DgBAGwndAQCAJnp33HofDEdvOiEAANpC6A4AADTZRr5oddkpAQDQBkJ3AACg6d6KiD8cDEfbWu8AADSd0B0AAGiLD7XeAQBoOqE7AADQJuPW+57WOwAATSR0BwAA2uj9iDgZDEcrTg8AgCYRugMAAG31ICK+rfUOAECTCN0BAIC2G7fe150kAADzJnQHAAC6ILXevzUYjg4Gw9GCEwUAYF6E7gAAQJe8FxFHWu8AAMyL0B0AAOiaydb7otMFAGCWhO4AAEBXpdb7nwyGo00nDADArAjdAQCArtsYDEdHWu8AAMyC0B0AAOiDd8et98Fw9KYTBwBgWoTuAABAn2zki1aXnToAANMgdAcAAPrmrYj4w8FwtK31DgBA3YTuAABAX32o9Q4AQN2E7gAAQJ+NW+97Wu8AANRB6A4AABDxfkScDIajFbMAAOAuhO4AAAC/8CAivq31DgDAXQjdAQAAPm/cel879wQAAK4gdAcA4Jx0seRgONo89wD6I7Xef28wHB0MhqMF5w4AwHXde/78uWEBAPBCXqmxm5u+yXFErFVlcWRC3FYKriPivRYP8CwiNquy2D73BAAAXqLpDgDAC/kCyZOJwD15NyL+ROudnkut929pvQMAcB2a7gAAPXdBu/0yqfW+XpXFwSXP4UIdaLq/bKsqC29EAQBwIaE7AECPDYaj9bQ2Izd5r2snr9p46meH6+hg6B5WLwEAcBnrZQAAeiityMhB6LduGLgnH0bEUV5HA9exnUPqLrF6CQCAC2m6AwD0zC3b7ZfZz21frXeuNBiOltPPS0R80LFpneY/B1YvAQAgdAcA6IvBcLSYG8d1r/k4y+tmts89gQvkewRS+J7eAHrr/Fe0ltVLAAAI3QEA+iCvwNiY8ks9zBet2nHNteU1RWvXuMi3LbTeAQB6TugOANBhud2+m/dPz4q2LzeW7hnI4ftaR9rvj/ObUP4cAAD0jNAdAKCjZtRuv8xpDhz3LnkOl+pQ+/0st979OQAA6BGhOwBAx+TLKncb0hY+zKHjybkncIUOtd9dOAwA0CNCdwCAjsiXU6Z2+4cNfEVb6RJXoSO31YH2+1n+9MfuuScAAHSK0B0AoAMa1m6/jJUz3FkH2u8+/QEA0HFCdwCAFsvt9u2I+KBFr+Iwh+9H557ADeQ3m9Za9vMfufWeLhvePvcEAIDWE7oDALRUXreR2u0PWvoSdnLwaOUMd5LffEp/HtYj4t0WTVPrHQCgg4TuAAAtkwPG3Rbvtp6k8UutBsPR4sT6mba8IbVVlcXmuf8VAIBWEroDALTIYDhay+tk2tpuv8xpbvweXPIcbqxll68e5z8D1i4BALSc0B0AoAXy5ZGp3f5ex8/Lug1qlz8dMm6/N339jNY7AEDLCd0BABpuMBylPdWbHWy3v8rjfNmqfe/UqiXrZ3zyAwCgxYTuAAAN1aN2+2XO8iqdbeE705DXz6R/PmjogF02DADQQkJ3AIAGGgxHqdm+4WxeOMut991zT6AGef3MeP97097k0noHAGgZoTsAQIPk1Re7Ldg7PQ+nOXzf699LZ1byJ0xSAJ/WOr3VoMFbuQQA0BJCdwCAhtBuv7bDvHJD85epmtj/vtKQAP4st9698QQA0GBCdwCAORsMR8u53d6kVm0bCN+ZmfzndBzAz/sC1v0cvmu9AwA0kNAdAGBO8h7p1G7/0BncyeMcvp+0+DXQIhMXsM4zgHfXAQBAQwndAQDmQLt9KoTvzNxgOBq339+f0/QPc+vdzz0AQEMI3QEAZii327cj4gNznxrhOzOX/2yvzCmAP8s/89vnngAAMHNCdwCAGcoN970G7ITuuq2qLDb7PgTmY44BvNY7AEADCN0BAGZsMBwt5NUy75n91AjdaYQ5BfB+/gEA5kjoDgAwJ4PhKIViG+Y/FUJHGmfGAfxxbr0fnXsCAMBUCd0BAOZoMBwt5nUzLlStl9CdRnspgF+e4sopfxYAAGZM6A4AMGcuV50KQSOtMhiOViZC+LoD+NPcej849wQAgNoJ3QEAGiKHbrsuWa2F0J3Wmgjgl2v+FMxORGxWZfH03BMAAGojdAcAaBCXrNZG6E4n5BVUazmEryOA13oHAJgyoTsAQAMNhqP1iPiWs7k1oTudk9+UW8kh/Lt3fH2PI2Jd6x0AoH5CdwCAhsoN190awrU+ErrTaTVdxHqWW+97554AAHBrQncAgIYbDEcpPN5wTjcidKdX8h745VuuodnP4bvWOwBADYTuAAAtoPV+Y0J3eiv/vhgH8Ne9H+Isr5vZPfcEAIAbEboDALREXieRguQPndmVhO7w+TU04xD+qjU0h7n1fnLuCQAA1yJ0BwBomcFwtJxb7zddIdEnQne4QG7Bj3fBX/bJmdR636zKYvvcEwAAriR0BwBoIa33Kwnd4QrXaMFrvQMA3ILQHQCgxbTeLyV0hxt6xS54f54AAG5A6A4A0AGD4SgFYhszK/evAAAgAElEQVTO8jNCQriD3IJfngjhn+bW+5G5AgC8mtAdAKAjckt19xV7mvtE6A41GgxHCzmA36vK4qnZAgBcTugOANAxWu8vCN0BAIC5eM3YAQC6JYfNb+dLEAEAAJghoTsAQAdVZXFSlUVaBfEoIs6cMQAAwGwI3QEAOqwqi+2ISLuY950zAADA9AndAQA6Ll16WJXFSkQ8jIhT5w0AADA9QncAgJ6oyuIgIhbTJaPOHAAAYDqE7gAAPZJb7y5aBQAAmBKhOwBAD01ctPpNF60CAADUR+gOANBjVVns5otWd/wcAAAA3J3QHQCg5/LKmfWIWLJyBgAA4G6E7gAAvFCVxZGVMwAAAHcjdAcA4HMmVs5smQwAAMDNCN0BADgnr5zZjIi3rZwBAAC4PqE7AACXqsriJK+ceRgRp5d9HQAAAL8gdAcA4EpVWRxUZTFeOWPfOwAAwCWE7gAAXFteOZPC98emBgAAcJ7QHQCAG8n73tfsewcAADhP6A4AwK3Y9w4AAHCe0B0AgDuZ2Pf+TeE7AADQd0J3AABqUZXFbkQsumwVAADoM6E7AAC1yfvex5et7pgsAADQN0J3AABql8P39XzZ6mMTBgAA+kLoDgDA1OTLVtciYikiDk0aAADoOqE7ADBzg+HozcFwtDsYjjZNvx+qsjiqymI5Ih4K3/tnMBytDIajhb7PAQCAfrj3/PlzRw0AzMxgOEqt5+2IeJD/nSmAXUnrSJxCfwyGo+X8c/DulF70Vt4tTwMMhqODiHgvIo4jIv333fRGjLMBAKCLhO4AwEzklutuDt5edpaD94NzT+i0/CZMCsffqvl1Ct0bZCJ0n3QaEXsphK/KYq/vMwIAoDuE7gDA1A2Go/UcrD644t+1ky/fpGemEL4L3RvkktB90lkO4MchvE++AADQWkJ3AGBqrmi3X+Y4t95PLnlOh9UYvgvdG+QaofvL9icCeL8LAABoFRepAgBTkS9JPbph0BZ5x/dRDl/pmaos0q7v9GbNN/P6Efrp/Yj4vYj4n4PhKP0+2BwMR4t+FgAAaANNdwCgVjkY263pgszUdl2zaqK/7tB813RvkFs03S9zmi9i3bMHHgCAphK6AwC1ye32jZonepqDd5es9tgtwnehe4PUGLq/zBoaAAAaR+gOANzZYDhajojtmtrtl3HJKuPwfe0aAa7QvUGmGLpPOs4t+LSi6OjcUwAAmBGhOwBwa4Ph6M3cPv5wRlM8zq13gVrP5Td6Nl8R5ArdG2RGofuks3EDPq+isaIKAICZEboDALeSQ8/dW+zarsOjqiy2nRyvCN+F7g0yh9D9Zcc5hN/zph0AANMmdAcAbmQO7fbLHObWuz3OpJ/Lhfxz+UGehtC9QRoQuk/SggcAYKqE7gDAtQ2Go5Xcbn/QkKml8GxT652xHL6n3f8nfi6ao2Gh+8u04AEAqJXQHQC4Um63p7D9/YZOaz+33jVWoYEaHrpPmmzBH/gkDQAAtyF0BwBeqYHt9suc5eB975LnwJy0KHR/2fHEGpqDc08BAOACQncA4EJ5TcduC4MyrXdomBaH7i/bn2jBW0UDAMCFhO4AwDmD4Wg9X0rZ9Hb7ZbTeoUE6FLpPOh0H8C5kBQBgktAdAPhMi9vtl9F6hwboaOj+suOJFrw3/AAAekzoDgC8MBiOUrN9vcXt9suk1vt6VRa7lzwHpqwnofvLDida8FbRAAD0iNAdAHpuMBwt5nb7ux2fxGFuvZ+cewJMVU9D90lnL62i8XsIAKDDhO4A0GO53b7Rowmk4GuzKovtc0+AqRG6nzO5D/5ACA8A0C1CdwDoocFwtBwR2z1ot1/mMK+csfIBZkDofqXjl0J491AAALSY0B0AemQwHL2Zmt4R8aFzf2Ervfkg4ILpErrf2PHEKpqDln3vAAC9J3QHgJ7I7fa0u/0tZ/45p3nXu2ALpkTofmeHEy14v6sAABpO6A4AHafdfm2P88oZrXeomdC9dkJ4AIAGE7oDQIcNhqOV3G5/4JyvxUWrMAVC96k6e2kfvLsqAADmTOgOAB2U2+0pbH/f+d6Ki1ahRkL3mRLCAwDMmdAdADpIwFWbndx8t3IG7sDvpLkSwgMAzJjQHQA6KDfd04qUD5zvnZ3li1b3Wv46YG6E7o0ihAcAmDKhOwB02GA4SheobjjjWhzm8P2kA68FZkro3mhCeACAmgndAaDjXKZaOytn4IaE7q0ihAcAuCOhOwD0wGA4WszB+7vOuxZn+aLV3Q68Fpg6oXurCeEBAG5I6A4APZH3vKeQ+H1nXpvD3Ho/6MjrgakQuneKEB4A4ApCdwDoGXvep+JxDt/te4cLCN07TQgPAPASoTsA9JA971ORgqft9I997/B5QvdeSb8LjyZCeJ8EAgB6R+gOAD01GI4WImLPnvfanebWu33vkAnde+9QCA8A9InQHQB6LO95T+3sD/wc1M6+d8iE7rxECA8AdJrQHQBIgdhaDt+tm6mffe/0ntCdKwjhAYBOEboDAC8MhqPFvG7mLROZii373ukroTs3JIQHAFpN6A4AfCavm0m7yN83lak4y8H7ZgdfG1xK6M4dCeEBgFYRugMA5wyGo/WI+Na5B9TFZav0itCdmh2PQ/gcxPsEEQDQKEJ3AOBC1s3MRArf1zQ36TqhO1MmhAcAGkXoDgBcyrqZmTnMzXfhO50kdGfGxiH8nt+rAMA8CN0BgCvldTNpD/kD05qqFL6vV2Vx1OHXSA8J3ZkzO+EBgJkSugMA15LXzaTW+7smNnWPc/P9pOOvk54QutMwQngAYKqE7gDAteV1M6nx/qGpzYTwnU4QutNwQngAoFZCdwDgxgbD0UpuvVs3MxvCd1pN6E7LHOaLxA+s+wIAbkPoDgDcymA4WsjBuyBtdoTvtJLQnRY7G7fghfAAwHUJ3QGAO8mXrH7LFGdK+E6rCN3pkHEIP27C+z0MAJwjdAcA7swlq3MjfKcVhO502OlEE36vKounDhsAELoDALVwyepcCd9ptMFwtBYRa4J3euD4pXU0QngA6CGhOwBQq8FwtJxb72+Z7MwJ32m0/OZcuoh5Of+ny5jpusOJAP7AaQNAPwjdAYDa5WAtBe/vm+5cpPB9V8BD0+U36VbyP96oo+tcygoAPSF0BwCmZjAcreTwXZt1Pg5z8134TuMNhqOFiRa8N+zoA/vgAaCjhO4AwFRpvTfCYW6+7/Z9ELRD/r2xPBHCa8HTB8cTAbw3SwGgxYTu8P/Yu7vbRq51TcCaCLbnVjf2RGAPKgBrImhOBE0HQDR3BK2OwGwoAFMRHCmCkQIQjhnBMW/qejODQfX56F1N/fGnSK6f5wGEDUjegFgUq6ve+ta7ADgJU+9JWMbku/CdrDST9pcI37vNWH/27lGJ+14Ib68OAMiI0B0AOBlT78noeoVn3Zc6A3JjM1Yqta6iuYs+eOduAEiY0B0AODlT78lYRYBzbYqSXMUU/DqE/9UbSSUeewG8DVkBIDFCdwDgLEy9J+c+Jt/1CJMtXfBUav0A1YasAJAIoTsAcFam3pOziPBd7zvZ63XBX3nAR0UWEcLfmYIHgPMQugMAZxfTqdcXFxefvBvJWPe+z1XPUIp4yLcO4W3ISg3WU/C64AHghITuAEAymkl7FVPvKiHSchvhu+oZitFM2p96AbwNWanFY28K3gNVADgSoTsAkJxm0nZT75+9M8lRPUOxelU0IxuyUollbwL+zpsOAMMRugMASYoAbCb8StIqViTMTEpSqlh5M1JFQyVW641YbcYKAIcTugMASWsm7TT63lU/pOkxwndTkhQr9p3oh/AqsCjdIh6uPtiMFQB2J3QHAJIXgVc39f7Ru5WsZQQ0Nl6leL0++HUI76EgJVv2JuDt7QEAWxC6AwDZsNFqNu4jfDf9ThV6ffBXQngKt1oH8DEFr4YGAF4gdAegWDGJ2E1HdzeEUzeG5YiNVqeCreStpyN1v1OVeEC4/rIvBSW71wMPAM8J3QEo0gs94F036ZUbwnL0Hqp8qP1YZOIxVikIZqhOL4Qf2ZSVgi1653kPWgGomtAdgKJEEDt/ZbKwm7od2RCsLCpnsrPqTb/7LFKd3qas6y8hPCWyESsAVRO6A1CMF6bbX7KK4N1GYIVROZMlm69SPSE8FVhXjc0F8ADUQugOQPZiA7v5jkHFb083l/Nn3yVrEV51lTMfvZPZUT8DQnjKJ4AHoApCdwCyFtPNn/d8DbdPN5fjZ98le1E5c/1KzRDpu43w/c57Re2iNq0fwqvSohTL2OjeuR6A4gjdAcjSntPtL3mMuhmTtQVqJu04Jt9VzuRJ/ztsEMJToPuLi4uxazEASiJ0ByArsey+m2D+NODvvYibPaFegeJvZnrAigjSoJIAXiCEpxCruBYz9Q5AEYTuAGQjKkPmRwoUbLBauAimrvW9F0EAD68QwpO5+6icsbk2AFkTugOQvCNNt7/mn083l7NXfkYB9L0XRwAPbxDCk6FuEOLa9RgAORO6A5C0ZtKOopP7lCHBbUxZ6RYtWPS9XwugiiKAh3fEg+x+CH/o3ihwLI9ROWPqHYDsCN0BSFKEAl2VzIcz/X6LqJtxo1e4ZtJOI3y32WpZvjzdXF7XfhDgPUJ4EmfqHYAsCd0BSE5Mt88TCEH1vFeit9nqVPheDKE77EEIT6Jseg9AVoTuACQjemdnZ5xuf42e90rYbLUoQncYgBCexDi3A5AFoTsAScig4uM+Jqz0vFcg4QdAbE8wA0cghCcBpt4BSJ7QHYCzinCzq5L5NYN3wk1eZZpJexUPg3L4++R7Qnc4kThXrr+cLzmVr9H3biACgOQI3QE4m0w3sOx63qdPN5fzZz+hWML3LAnd4UyE8JzQMgYi7L8DQFKE7gCcXDNpf4np9pyXpN8+3VyOn32XojWTdhzh+4/e6eQJ3SERQnhOwNQ7AEkRugNwUs2k7UKwz4Uc9a5uZvR0c/nXs59QNOF7FoTukCghPEeyjNWIdw4wAOcmdAfgJAqZbn/JKpY1u8GrkPA9aUJ3yIQQnoHZ/B6AsxO6A3BUzaT9IULJT4Uf6a9PN5fTZ9+lCsL3JAndIVNCeAZgKAKAsxK6A3A0cdM8ryiIXMQN3p/PfkIVhO9JEbpDIYTwHOA+KmdUAQJwUkJ3AAZX0XT7S1Zxczd/4WdUQvieBKE7FEoIz45WscnqzIED4FSE7gAMqpm0o4uLi5mwUZ8owvczE7pDJYTwbOkxrs1MvQNwdEJ3AAYR0+3ddPcHR/Rvy4uLi5G6GYTvZyF0h0oJ4XmDqXcATkLoDsDBYrq9C9z/4Wi+SPjHNxG+j4VAJ+FzB3wTIfwoQvifHRXswwPAsQndAThIM2nvTLdvZRFT75Y0sw6AroXvRyV0B56JlXn9SXghfN38WwHAUQjdAThITO7+4ShuxSarfCfC96kHV0chSAHe1Qvh15PwasDqY+odgMEJ3QE4mOB9ZzZZ5TvNpP0pJt8/OjKDEboDO4vzcX8SXghfj6/R9+76DICDCd0BGERM7N7pdd/aKoL3u0x+X04gwp5p9L77LB1G6A4crJm0v2yE8M7NZVvG9dlD7QcCgMMI3QEYTNyYPrgh3YmpKp6JuoN1+G7Kcj9Cd2Bwca2zrqKxL0e5XJ8BcBChOwCDipvRuY3JdmKqildFfdO18H1nQnfg6JpJO7Ipa7GWsRePVYkA7EzoDsDgYkr3wc3nzkxV8aqocLo2Wbk1oTtwUnH9M9IHXxx78QCwM6E7AEcRN57dxPsHR3gnpt55k01XtyZ0B85qow/e9VDe7MUDwE6E7gAcVTNp58LBvZh65016398ldAeSEiuWRqposnYflTN/1X4gAHib0B2Ao2smbRcM/u5I78zUO1uJ3vepEOc7QncgWRtVNCOb0GdlFYMRs9oPBACvE7oDcBIRCv7haO9FlyhbiSnKsdUl3wjdgWxEFc06hLd3Rx4e4/rM1DsAzwjdATiZuKF8MM21F12ibC1638eVV88I3YEsxRR8v4pGhVi6TL0D8CKhOwAnFcH7XA3G3kxVsZNYZTKucHJS6A4Uobch68gUfLIWcX32Z+0HAoD/JnQH4ORigutB8L43U1XsLEKbaUXdwUJ3oDgbU/C64NPj3x4AvhG6A3A2zaSd654+iKkqdtbbvO+68MoCwUdC4nx/EQ9cH6zWgWH0uuBHhhmS4foMAKE7AOfVTNpu8vZ3b8NBvsbku41W2UnhG68K3RPSTNqHjVqM5TqAF8LDMHoPVddd8Kbgz8v1GUDFhO4AnF0zaUfR8+7mcH82WmVvEdSMo36mlOl3oXtCXgjdNwnhYWBxfbWuorEZ63ks4/rsocYXD1AzoTsASYjl0XduCg9mo1UOUtD0u9A9IVuE7puE8DCg3masYzU0Z2HqHaAyQncAkhHTtnc7BjO87MvFxcXMzR376k2/5xrQCN0TskfovkkIDwNpJu1PvQn4D47ryXTnsalViQB1ELoDkBwbrA7GzR2DiAnJaQQ0udRACd0TMkDovkkIDwOIB6xXvS54VX/Hdx+rEg1GABRM6A5AkppJ203X/uHdGcRjhO9/FvBaOLP4bI4zWJEidE/IEUL3TUJ4GIAe+JOxFw9A4YTuACQrpmsfTF0NRp8og4l6gnUAn2IwI3RPyAlC901CeDhQXIeNBfBHdR+DEc5RAIURugOQtFj2/GDTr8GsInifFfJ6SEBv89WUqgmE7gk5Q+i+SQgPB4gHrSMbsR6FazOAAgndAciCnvfBLWNZ80Nhr4sziodko0TqZ4TuCUkgdN8khIc9CeCP5jGuzZyPAAogdAcgG9ElPVM3Myg3eBxFL5SZnqmWQOiekARD9039EP5Pe2DAdgTwgzP1DlAIoTsAWYl+0TvdooPT987R9HqBxyd8aCZ0T0gGofum1cYkvBAe3iGAH5RN8AEyJ3QHIDtRYdHVzXzw7g2qC5lmgkqOqZm0owhljl0XJXRPSIah+yYhPOxAAD8Y/5YBZEroDkC2mknb3YR89g4ObhlT7/PCXhcJ6fW/j470AE1QkZACQvdNQnjYkgD+YIuoAnSeAciI0B2ArDWT9irqZvS8D28RS5tttspRRQA/HjiQEbonpMDQfZMQHrYQAfz6fK8qcDdfYkWiKkCADAjdAcheBHYPpqeO5jEm34XvHN2AE5FC94RUELpvEsLDO3r7fYwE8FtbxtS7azKAxAndAShGM2lnFxcXn7yjR3Mb4ftfhb4+EtML4Kd7BDJC94RUGLpv6ofwfwrM4HuxcnEdwFu9+D4b4AMkTugOQFFik8a5G7ajEr5zcntMRArdEyJ0f9FjbxJeCA8hruXGNsx/l6l3gIQJ3QEoTtTN3Al4js6UFWexZQAvdE+I0H0r6xD+Th0NfLfh9lSF4JvuI3x3PQaQEKE7AMVqJm0XuH32Dh9VV5kws7EX5/JGAC90T4jQfWc64aHHBqzvWkXwfpf47wlQDaE7AEWLjtA7dTNHJ3zn7CKAH8XXndA9HUL3gwnhIeh/f5Opd4BECN0BKF4sT57rBj0J4TvwjNB9cEJ4qternxk7v3xnFfV/s2c/AeBkhO4AVKOZtF0n6LWpqJMQvgN/E7ofXT+Ev7PRNbWJ+pnpC1VjNXuMqXfnA4AzELoDUJWon5jbkOtkhO+A0P30lhuT8EI3qtFM2vX0uxWOpt4BzkboDkCVmknb3Xx88u6fjPAdKiZ0P7vlxiS88zDFi/qZcUzA1z793k29T1VRAZyO0B2Aatlk9SyE71AhoXtyFhuT8M7HFK23+erHyt/pLzYZBzgNoTvAQKIv/FuXpCmSfNhk9axuY8mz2gMonNA9eYt4CN0F8A+1HwzKZfr9m0V0vbtfATgioTvAgWLjpnkvTOgmea9cyOYl+j/npt7PQvgOhRO6Z+e+NwXveoYimX6/+GLlIcDxCN0BDhDT7dcvBLWC9wy98ACF07qPmz9TllAYoXvWVuspeJuyUqK4/hvHV23T78uYenftBTAwoTvAHppJ+0v0Ur8VIKyiasZFbGbeeJjCaTxG+H7neEMZhO5FWW6E8KZkKUasfJxWeL76GqsOfZ4BBiJ0B9hRM2m7MPbzDv+v355uLufPvkvSTL0nYRk3gD4/kDmhe9EeI4C/s8KPUsR1YHfNP6poCMPUO8CAhO4AW4rp9i78+3mPYyZ4z5Sp9ySsYmWJ3lHIlNC9Gqt1AK+KhhLExqujuBaspXrmPsJ311wABxC6A7wjLranO063v0TwnilT78lY9wrbdBUyI3Sv1qJXQ6MyjKzFxqvXlZzLVhG8+9wC7EnoDvCGuLieDzjZInjPmKn3pNh0FTIidCfc90J4VTRkqbLqGVPvAHsSugO8IKbbu4vpT89/erDbp5vLseOeJ1PvyVlE+O5hFiRM6M4LlhtVNEI9stJbDTsuvHpmFasMZ89+AsCrhO4AG44w3f4SwXvmTL0nZ937Plc9A+kRurOFx14AbwqerDSTdhwB/D57P+XiMabeXWcBbEHoDhBiWqUL2z+c6JjcdhfnJrvyZeo9WbcRvquegUQI3dnR31PwOqXJSQW976beAbYkdAf47wvkUYSnp55a7qoxrgTveTvj3w9vW8T0+53PGJyX0J0D3fdCeFO2JK/X+/6x0HfrMYaHrEoBeIXQHajaGabbXyJ4L0D8Lc0KvrnK2So+5zNhDZyH0J0BLXoBvBVNJC3C93X1TInDGV+ebi6vn30XAKE7UK/EOrm7ZdQj0yL5O9GeAOzvMapnbLwKJyR050hW6x54q5pIWW/T1RLD90V0vbuPAegRugPVSbiHexUT7y5YC9BM2u6Bzufaj0PClnEesPEqnIDQnRNZb8aqhoZkxaar1wUOaHyJVYUefgHVuxC6A7VJbLr9JavoRzSFWwAbrWbjPsJ3m/XBkQjdOYNlBPBzAw2kqNDwfRlT76qfgOoJ3YEqNJP2l+jbzuWG/zfBezlstJoN0+9wJEJ3zmzVm4D3gJWkFBq+f+1ek6l3oGZCd6B4Gdd83D7dXI6ffZcsRZdn97f4yTuYhfsIZzz8ggEI3UnIat0BrweelMS+QNcFnStNvQNVE7oDxYrp9i4w+znj13gfF6tuCAuR4aqL2q3iPDIz/Q77E7qTsPveRqzO85xdgeG7+xmgSkJ3oDgxUTwtaBPLRWyw6kK1ILGUeKZyJiuLeM9MRsKOhO5kYhEPWgXwnF1h4fsqgnf1TkA1hO5AUeLidF5YJ+JFXKhe2QisLCpnsnarGxi2J3QnQ4teBY3rL86msPDd1DtQDaE7UIRKwksTIoVSOZO1ZYQy6mfgDUJ3Mrc+188F8JxLQcNFq9hkdfbsJwAFEboD2St4uv01/3SRWqZm0o4ifK/lb7k06mfgFUJ3CiKA56yiovC6gOvFxxgoMrQAFEnoDmQrptu7sP1Dhe/i7dPN5fjZdylCM2mvY18Cfe/5uo9AxsoU+PeKnqvel/MbJRDAczaFhO+m3oFiCd2BLMVE8Lzym3YbrBasmbQ/xY3Ux9qPReZWvUDmofaDAWtCeAokgOcsCtmcv5t6n/rsACURugNZqXy6/SXdDd7IBWq5Cts8q3YCGXiFEJ7CLON6da46g1OIe6RpASslvzzdXF4/+y5AhoTuQFaaSfuXvutnVjEZMn/2E4qh7704iwhk7gQy8JwQnoI433MyEb53ofWnjI/6IrreDSgAWRO6A1mJm/AHN98v+vp0czl96QeUo5m007iZ8hkoh0AG3hH//veDeA8gyZENtzmJQmoKv3SfF58VIFdCdyA7ceP9n965Fz1G3YyL04L1lhB/rv1YFOixF8D7HMMrIlC6EsKTsfuoHHO+52gKqClcxtS7fXGA7AjdgSzFhkF/ePdepOe9EjZbLZ5ABrYkhCdjq965/s4byTFE+D7P+Nz4tbvmdT0E5EToDmRL8P4mPe8VidUfM5utFk0ADzsQwpMpG25zVJnXFJp6B7IidAeyJnh/l573ihSwhJjtCOBhR0J4MmS/D46igJrC+wjfXQMBSRO6A9kTvL+ru2m7cmFaj/hMXAuVqnAfm0sLZWAHvRB+vTnrz44fCbuP87wVjAwmzoPdSskPGR7VVQTvKpmAZAndgSII3t+1ip53yzErInyvjqlI2FNMfvYn4YXwpGjd/z5TP8NQMu97N/UOJEvoDhRD8L6VL083l9cZ/J4MKPP+Tvaz6FXQCGZgR0J4MrCMKWUPWhlExteLq9hkdfbsJwBnJHQHiiJ438pjTL2bCKlIr79zKnyvjo354EBCeBJ3H+d4VRscJM51XXj9McMj+RhT7x5CAUkQugPFEbxvRd1MpYTv1Vv1JuCFM7AnITyJWkVNyEzwyCGaSftLhO+5bc5v6h1IhtAdKFJcKD4IFd+lbqZSwnfCfS+Et/oF9iSEJ0GPMf1u81X2FsNMswyvFbu//6kVfsA5Cd2BYgnet6ZupmLCd3rWG7E+uEmFwwjhSYjpdw6SeeWMASPgbITuQNEE71tTN1M54Tsb1j3wD2po4HBCeBJh+p29NZP2KsL33M5fi+h6N1AAnJTQHSie4H0nX59uLqcZ/b4MTPjOC1ZxDl2H8CYl4UBCeM7M9Dt7ayZtd414neF14pf4m7e6FzgJoTtQhQjeu8DoR+/4uxYx9e4mrGLCd96w6PXAmxqDAQjhOSPT7+ysmbQ/xdT7h8yO3jKm3q3uBY5O6A5UI25oH9zIbmUVmw+5AatcfG7GEb57aMWm1XoC3masMJw49456IbzzL8e2jOn3ucELttVM2lH83eQ2oPG1m9Z33QIck9AdqIrgfWf3MQ3igpTu8zOO5cTCH15jCh6OIKZKr4TwnMhthO+mgXlX3F9114efMjtapt6BoxK6A9WJC8MuFPrVu78Vm6zynQjfpx5e8Q5T8HAkvRB+PQ2vBoxjWEaY6hzOu2Kj1XmGDwVvY4Wvv3FgUEJ3oFrNpO0uCj/6C9iaZZh8J26urj3AYsNHo1AAACAASURBVEum4OFIYu+a/iS8EJ4h2XiVrTWTtrs2/JzZEVvF1Pvds58A7EnoDlRN8L6zRVyQCsz4W4TvY58ldrBaT8B3/yvEgWHFeXn95cEoQ1I9w7viQeA8w1WRqjWBwQjdgeo1k7aryfi99uOwoy9PN5fXWf3GHF3UHVxH3YEpS3ax7AXwpsxgYLHZ4TqEVw3GEBYx+W7TfV6V8dT71N82cCihO8C/O6r/cCx2YuqdF8W+CdP4Er6zj8deCO8cAwOKc/TIpqwMZNmrnjEdzDMZT70/xr2O1XjAXoTuACGmwOZCwp2ZeudV8UDrWqjDAVTRwBHFKqWRPngOtN48+9p5mpdkPPXe/U3Pnv0E4B1Cd4CemMR4cMO5M1PvvMmmqwzo7yqaCOFNVsKAen3wI1U07Ok+Jt/1vvMdU+9ATYTuABsyvhhMgal33tTrfbfpKkNZ9KbgBTwwoKiiuepNwlu1xC4eY9NV3dh8J9Op9wv3OsAuhO4AL4ibzAfB+15MvfOuXu/7WIjDwNZ98Hcm0mBYG1U0HxxetrSMig7hO3+LVTXzDK8D3esAWxG6A7wiQsGZidy9fbGpFtuI3vex6hkGZhoNjixCs3UIb1CB96zi2tr1Id/E/Vb3b/WnDI+I6wzgTUJ3gHc0k3aW6YVgCpYxCaLygXdFtdPUgy4G4mYYTiim4PshvP1xeI3wne80k3YUU++5nTfc6wCvEroDbCEmcf9wrPb2NZYVu7HiXTH1NI4AXvUM+xK6wxmZgmcLq6gDu1YHRlz/3WW68tG9DvCM0B1gS3HzeGdya2+rmAS5y/T35wxi8mmsO5g9CN0hEabg2cKt8J2L/z5fdEMXv2d4MEy9A98RugPsIOov5ia2DvIYF6RuqthaBDbrjVeFNWxD6A6Jigeq6xDeiib6hO/kfs/V/Q1PTb0DQneAHcXSxwfB+0FW0eMpEGNnNl5lS0J3yEA8VB3Fl/M6a8L3ymW+yaoVvoDQHWBfzaSd2/DxYJZhsjfT77xD6A6ZiZCtPwXv3I7wvXIZb7LauY97HVPvUCGhO8ABMu4cTI1lmBzE9DsvELpD5nqbsaqhQfhesRi0uMt0pbGpd6iU0B3gQDZYHcwqbqZmhbwezsD0Oz1CdyhIr4ZmrOKvasL3ijWTdpZp3cyFqXeoj9AdYAA2WB3UIqbeVc5wkFiO3IUzHxzJKgndoVC9GpqRc3y1hO+VyrxupqvWHD3dXP757CdAcYTuAAOJG8C5m7/BuJliEL3pyKl6gqoI3aECcf3Vr6GxyqkurhcrVEDdTDdgNH/2E6AoQneAgTWTtgt5Pjuug+guSmeCM4YSdVBjwUwVhO5QoZiCXW/G6kFrPYTvFcq8buY3wTuUTegOcASZL3tM0TImQmxAxCB61QQ2Xy2X0B0qF/V/YxuxVuVLDGzoza5E5vddgncomNAdMhdT1T893VyOvZdp0fN+FI8RvutBZDCxRHkcX0KZcgjdgb8J4KvybaWk8L0emd93Cd6hUEJ3yFgzabsbhz/iFdwK3tOj5/1obiN8dyPFoOKmbap+pghCd+BFAvhq6M6uSNx3dQ9bPmb4qgXvUCChO2RqI3Bf8491ovS8H4UpJo4qzrMjD82yJXQH3iWAr8Iy+t7dJ1WgmbTd8MTvGb7S//N0c/nw7LtAtoTukKG4OXh4ZQpT8J6o2MDx7pX3jf25keKoev3vU3VRWRG6AzsRwBfvMa4ZBZuFy/S+qxso+sVmwFAOoTtkJsKfP9+5ERC8Jyq6o+8Ed0exiCXEbqQ4mvgMrwP4t87DnJ/QHdibAL5oXfg+Fm6WLdP7rsXTzeUvz74LZEnoDplpJu3dFlUH3VPyK5tNpquZtF0tyqfaj8OR2GyVkxDIJE/oDgyid74fW7FYFHsEFS7TnvevTzeX02ffBbIjdIeMNJO2C3b+Y8vfWPCeuHg/527ejuY2lhCbYuLoBDJJEroDg4vrt5ENt4uxiv2B/HtRsAx73vW7QwGE7pCJeEr/144X94L3xKmbOYmvEb6bYuIkBDLJELoDRxXn+7ENt4uwjKn3u9oPRKky63lfPt1c/vTsu0BWhO6QiQPqSATvGVA3c3SrWFo6E75zSgL4sxK6AyfR23C7C+B/ddSzpqawYLEycZ7JwJPrGMic0B0yENPQ/3XAb7qI4F3YmDB1MychfOdsBPAn52YVODkbbhdD33uh4iHZXQYPyLr7lp/8DUK+hO6QgWbSPgxwUSB4z4C6mZNZxY3UvJLXS2IE8CchdAfOKqZqp8712dL3XrBm0s4z2GDVtQxkTOgOiYuL9f8c6LcUvGdC3czJLKPvXfjO2Qjgj8aNKpAM/e9Z664Xxza2LE8zabvP5B8JvzDT7pAxoTsk7ghP4AXvmchss5/cCd9JQi+Av1JLcDChe0Ji1V63mushvu5ci1CjqLYYq5/J0n2slPyr9gNRkgwqPl3PQKaE7pCwAbrcXyN4z0RGnYOlEL6TjFjpNI4QXjCzOzepCXmlKm/RC+EfXJdQG/Uz2fpif6CyxGfxIdHP4erp5vKHZ98Fkid0h4Q1k7YLCz4f6TcUvGekmbTdDdnvtR+HExK+k5S4GVxPwdvzYTtC94S8ErpvEsJTrai5GBu0yIbKmcLEsNNDotdZv7kvgfwI3SFhzaT968jTjYL3jEToNhe4nZTwneTEKqh1AC+ceZ3QPSF7bgr/2AvgBVtUIc7x0wjgTb+nT+VMQSJ4nye498L9083l6Nl3gaQJ3SFRA2+g+hbBe2ZssnoWXfjeHfe5zwopiZvDfg+8gObfhO4J2TN03/QYlWtdCP/ns59CYWy+mo1V1M34N6cQR9hXbQj/030I5EXoDok6cbAqeM+MTVbPZhXhux5PkmQj1u8I3RMyUOjet9rYlNWUKcWK6ff15quu/dK1iKl3K3MKkGC9p4oZyIzQHRLVTNo/T1wjInjPTMLLH2sgfCd5euCF7ik5Qui+abkRwjs3UyTd71m4jfDdeShz8Xn7I5FXoWIGMiN0hwTFNMt/neE3E7xnKCZb5yafzuY2et9NWZKs+HflKgL4Wh7UCd0TcoLQfdOi1wd/9+ynkDnd78lbxUarzj+ZS2iF8erp5vKHZ98FkiV0hwRFiPofZ/rNupvUkQAxLzH1fmfq6axuY/JdzzDJq6SGRuiekDOE7pv0wVOk3t4eU5vtJ+kxwnf3VhmL1YMPCQTv/9u/YZAPoTskKIGNMlcx8e4f9MxE9+C1iaezeozJd32eZCFuJK9iWrKkwEbonpAEQve+1TqAjxBeGEYRYiJ3nOAGkLVbxbXhrPYDkbO4Xro787CCXnfIiNAdEpTIjangPVOx3Hhu6v3slnGD5cKYbPQmJtdVNDk/wBO6JySx0H2TKhqKEufydfVM7Ztqp2QRU+/urzIVn62HMw4pfH26uZw++y6QJKE7JKiZtP9KJOgQvGfM1HsybLpKtjLfjFXonpDEQ/dN970Q3jUQWYuNIFXPpMW/Txk7c/D++HRzefXsu0CShO6QoGbSpvTBFLxnzNR7UtZ1BjZdJUsZTsELNRKSWejet4xwZd0H7+EpWVI9kxxT7xmLa6L5GTanXz7dXP707LtAkoTukJi4IP5/Cb4v+uMyZuo9OXrfyV5vCv4q0TBV6J6QjEP3TTZkJWsxkLGunnFdeH7+rcpYM2nnp36Q9XRz+T+efRNIktAdEpNw6H4heM9b3GTNzjCRweuW8TDkzvQkOYuJr6teCJ9Ch7AgIyEFhe59puDJVpy319Uzet/Py9R7xk4dvAvdIR9Cd0hM4qH7heA9f82kHcVySNNN6VjFezJTPUMJ4iHfOoC/OtP5RuiekEJD902m4MlS9L6P1RGenX+3MnXi4P3/WC0LeRC6Q2LiovePxN+X26eby/Gz75KNmG6a6fVMUreB3/zp5vKu9gNBOeKB8tWJN2QVXiSkktC97+8peOdzchHn6qlVkWdl6j1TzaTt7q0+neC3F7pDJoTukJhm0nYBwecM3hfBewHi5mpuWXGSlvFgZK6ygJKcsIpG6J6QCkP3Tfe9EN6KJpIWq5WuDWeclX/DMnSiATqhO2RC6A6JySh0v4hl1COBYN4iAJtm9HdXo9sI311gU5wjVtEILBIidP/OIgL4uWlWUmbT1bMz9Z6hEwTvQnfIhNAdEtNM2u7C9veM3pfuYvBK8J6/ZtL+EpPVQpF0LeI9svEqxYpz0TqEP+R8JHRPiND9VavogVdDQ7J6AxpT4fvJdeeI66eby1llrztrRw7ehe6QCaE7JCaDjVRfsoyJd1MYBYgHP9duqpK2DmlmPneULv5dXIfwu/TBC90TInTf2n1vM1Y1NCSlF76PVROenBXGmTli8C50h0wI3SExmYbuFxECXgkAy2Cj1ayYfqcavT74dRD/VugjdE+I0H0vi9h3RQ88yYlA8fqd8zDDWkXdjFUxmThG8P50c/k/nn0TSJLQHRKTcei+9tvTzeX82XfJUvw9znacLuU81tPvut+pRvQNX/W++uGP0D0hQveDLXvneAMOJEP4fhbdXj9TwxZ5GDp4F7pDPoTukKBm0ub+wfyn3sGyqJzJzjIelszdkFGTjRD+wUPgdAjdB7WMjVj1wJMM4fvJqffMyIDB+/Lp5vKnZ98FkiR0hwQ1k/ZfBYSbt083l+Nn3yVbKmeydR/hu2AGOBuh+9HYiJWkCN9PzqquTAwUvD8+3VxePfsukCShOySooBtTG/4USOVMtlbRDTzTDQycmtD9JFbrCXj7fHBuwveTcs+ViQGC969PN5fTZ98FkiR0hwQ1k7YLND8V8t4sYsMfSx8Lo3Ima+vN+dTPACchdD+LewE85yZ8PxmbrGbiwODd/mmQEaE7JOgYu5yf2SqmL2zuWJionLku6CFRjdTPAEcndD87ATxnJXw/GZPQGTjgfv9/G2aDfAjdIUGxEdx/FfjeeDJfqGbS/hKVMwKVfK17gWcu5oGhCd2TIoDnLGJYYxpfVkoezyIGntQJJixWDf++w2+4erq5/OHZd4FkCd0hUc2k/avQSRAbrBasmbSjCN9NMeVt2aufccMGHEzoniwBPCcnfD8JdTMZaCZtd739ccvf1H00ZEboDokqrNd9k81+CtdM2ms3UsXQ/w4cTOiehfsI361K5CTUFJ6EupnE7RC8WzUOmRG6Q6JiYvg/Cn5/lhG8q7EolBupIpmIBPYidM/KqneuNyXL0UW15vUOE7/sRt1M4rYM3v+n62/Ii9AdElZwxcyaZY8ViBupubClOCYiga0J3bO1DuDnNsTn2OwRdFTuuxLXTNruvfnwym95/3RzOXr2XSBpQndIWOEVM31fnm4ur599l6I0k/YqppjcSJXFRCTwLqF7EZa9AN5KRY4mrhm7+6CfHeXBue9KVKwSfnjl7/7/us6G/AjdIWExIfxflbxH9zF9Yclc4ZpJO47w3War5RHAAy8Suhdnvd/HncoKjsU149HYXytRrwTvy6eby59qPzaQI6E7JO6dZWal0fNekWbSTuNGymarZRLAA38TuhftsRfAC/EYVISQUxv0D859V6Lib/7P3sMmqxMgU0J3SFwsr/x/Fb1PXVA31RNdBzdS1RDAQ+WE7tW4da7nGGy2ejS/ue9KT+xvsN5H4ycPNCFPQnfIQKU3ql+fbi6nz75LkSJ8n7mRqoIAHiokdK/Ouv99pn6GIdkj6Chun24uxwW+rqxF8H71dHM5q/1YQK6E7pCBCqfd1xax7NHNWiVMMVXpvhfCm+KBQgndq7aIB+vO8wxG3/vgFhHw+owCDEToDploJu280iByFcH7w7OfUCzhe7UE8FAooTtB/QyD6dUUfnZUB7GK4F3PO8AAhO6Qibio/Kvi3msbyFTIEuKqLXob81ntApkTurNhGef4uXM8h4phjW41xQcHcxB63gEGIHSHjDSTtpvk+L3i9+wxpt5NwFZG+F69RWwmNTd9BXkSuvOGxzi/C/k4SFwvzlXODELPO8CBhO6QGTet6mZqJnwnpiMf1BNAXly/sIVVBKY2X+UgzaS9jtqZWlcID8XAE8ABhO6QGTUzf1M3UzHhO2G1DuD1wEPahO7syPQ7B1E5M5huteHYSkOA3QndIUPNpP3l4uLiP7133y4CR6ah6iV8Z8O6B/7BzSGkRejOnky/c5Bm0o4ifFc5sz8rjQH2IHSHTDWTtuvY+8P79+0icKxmom7Cd16wjAn4B+cHOD+hOwMw/c5eYqVwVzfz2RE8iA1WAXYgdIeMNZO2m9r45D385ra7mFYvUTfhO2+473XBm5aEExO6MyDT7+wlVgvPnIsOYoNVgC0J3SFzzaTtbjo+eh+/WcbSR7USlYsez2ufDV6x6AXwlkrDCQjdOZL7mH63oomtNZN2GteJte+RtS8brAJsQegOBRC8P2OTVb4RvrOF/masD6Ym4TiE7hzZMiaY54JAthGVM3Mbre7N3loA7xC6QyFUzTzzGF3vLgRZh+/dVNPYVBPvMAUPRxIVYOsvATzHsIqHqDMrH9lGbLQ6d324l+7zduWzBvAyoTsUxOaqz6yi592GP3zT20hr6uaKLayn4HXBwxFECD+KEP5nx5iB2XiVrcT14bUBpr2sYtBJxRPABqE7FCZuYO8Eit+5j4tBy435Jm6uRnGD9aOjwpaW6xqaqKJxToGBxHl5PQU/cm5mQKpn2ErcR82df/bymwdcAN8TukOB4sb1ztLt75jC4EWxQmRqypI9PPa64C2thgFFLVg/hDdMwKHW1TPXVi7xGlPvB7l9urkcZ/z7AwxK6A4FszP/i26jcsakE9+J6aZrD6vY02pjCl6gAwNqJu0vvRDexocc6j563+3dwYtMve9N8A4QhO5QuJgUmwsSv7OMqXc3WjwTn5kufP/47IewvUWvD14VDQystynryEolDrCI8F0tBs+Yet/bIjZYde0DVE3oDpWwM/+LvsYSYxeEPGPTVQb22AvgPfCDAfX64NebsppMZVfLuE6euS5kk6n3vQjegeoJ3aEicVM6tyz7O6beeZfedwa22piC1wcPA4oVS6NeHY0Hp2xr1dt0VU0YfzP1vpfuPmvkOgeoldAdKmTq/UX3Eb6bxuBVMek09eCKgS03QnhBDwwozt3rEN7DU7Z1a9NVNrmP2tkqJt4F70B1hO5QqZjWmOmt/s4qgve7Zz+Bnpii7ML3sZsujmC5sSmrh4EwkLj+GfXqaJzDeY9NV/mO1cM7W8XEu88QUBWhO1ROR+GLupurqckm3tMLb1TPcEw2ZYUjaSbtL3EetyEr73mMyXfBId80k3YalTMe3m3nN5sWAzURugM6Cl+2ihur2Ys/hQ3xAGts9QgnYFNWOAJT8GxpEZPvwkPWqx/vPLTbmuAdqIbQHfibqfcXPcbUux5CthI3X+P48lniFITwcASm4HnHMgY0BIh054tugOmzI7GVfxpsAmogdAeecdH4oi8x1aTWga3FZlvd0uNfHTVOSAgPA+tNwa8n4U3BsyZ85xsDTDu5fbq5HGf0+wLsTOgOvCimu+Ymu76zjI1WhVjsxMarnNFqow/eqh0YQIRr6xBewMaF8J0Lm6zuSvAOFE3oDrzJ1PuLbLTK3ppJu66eMf3OOQjhYWDxYHUdwDu3I3zHJqvbE7wDxRK6A++Km8m5G8nv2GiVg5h+JxFCeBiQzVjpEb5XzsrhrQnegSIJ3YGtmdh40SKm3lXOsLeYfh9ZikwChPAwIDU0CN/rFg/iuiGdj7Ufi3d0+9GM7J8FlEToDuzE1PurbuOGSuUMe4vP17p+RjhDCoTwMJCYer2Kc7zJ1/oI3ysWAxYzw0tv6oaZrgTvQCmE7sBeXDi+qAunZk83l9cv/RB20Uza9WSkyShSIoSHAfR64K+scqqO8L1S6ma2IngHiiF0B/Zmd/5XdTdTY5UzDCE+Z2OTkSTssRfCO+/Bjno98GrG6iJ8r5C6ma0I3oEiCN2Bg8VE7tzU+zOPEb6rnGEQMSE1tvkqiRPCw54ikOv3wDvXl+8xwnfny4rEXlm/134c3iB4B7IndAcGYWrjTV/jZspFI4NRP0NGhPCwp965XgBfPuF7ZWKY4s4+Pq8SvANZE7oDg2om7VVMvbt4/N4qbqRmz34CB+jVEkzVz5AJITzsQQBfjfvu33QrJesQ13Fd8P5r7cfiFYJ3IFtCd2BwcfHYbSb6ydF9Rt87RxMb863rZzz4IhePvc1Z/3RjDe8TwFfhNgY2hO8VaCbtzL3TqwTvQJaE7sDRmHp/02NMMf351n8E+9L/TsYWvRD+wU02vE0AX7RV1DfOnAvL10zacbzfPsfPCd6B7AjdgaNrJm039f7ZkX6RKSaOTiBD5oTwsCXn+2KpKayEnvc3LZ5uLn956z8ASInQHTiJuICc65x+1RdTTBxbr/+9+/rggJMpITxswYbbRVrGSsm72g9EyfS8v+n26eZy/NZ/AJAKoTtwUqbe32QJMScjgKcgQnh4g/N9kdQUVkDP+6sE70AWhO7AycVmj3PTG69axhLi+Wv/AQwpPpOj6H+3GoXcCeHhFRHAj53vi3Eb4bvzXKGi5/2P2o/DCwTvQPKE7sDZNJN22oXLOkdfJXzn5ATwFEgIDy+I8/06gNcfna9VrJK8rv1AlCpqOh/cMz3zT/scACkTugNnZep9K4uYYnrI4HelIAJ4CiWEhw0R6k1twJo1fe8Fi1UqD67HnvlfTzeXfz37LkAChO5AEmLp5MyN3pseY/Jd+M7JCeApmBAeemID1rH+92zpey9UBO8zmyN/0/3bPfZ3DqRM6A4kIy4k527y3iV856wE8BROCA/630vwNa4XncMKY4PViy/qlIAcCN2B5MSE1dzU+7uE75xdBPBXEcJ7YEaJhPBUL+pn1gG867N8rGLq3f5Ahal0g9XHmG5XJwNkQegOJMnyyZ0I30lCfG5HAngK99gL4J13qY76mSzZH6hAFW2wuop7HZumAlkRugNJaybtVUy9/+idepfwnWREAH/VC+FNRlIqITxV6tXPTF2nZeM2wncrdgoRwftdwZ9B0+1AtoTuQPLipu668u7CXQjfSU5MRq5DeOEMJbvvhfA2eKMKMSQxtkIxCypnChP3Sg+F7b3g7xTIntAdyIap950J30lSTGWtJ+BtzkfJVr0++DuTepSuVzM2dX5P3mOEmh4OFqCwas77mG63IgPImtAdyE4zabup98/eua11PZ4zkyKkKDZiXU/B6wemdMuNTVmF8BQrHrBOVYwl72sMaQg4C9BM2nnGwfsqwva7Zz8ByJDQHchS3MjNTVHtZBk3VcJ3ktSbkLwS0lCJxUYIL/SiOLrfs7CMqXdhZwGaSdt91n7P7JXYbwAojtAdyJqp970sY/np3IUtKYtKqXUI7wEbNXjsVdGofKA4ut+Tdx/Bp1U4mWsmbfc5+yODV7GM6XZ1mEBxhO5A9qKeopve/tW7uZNVhO8z4TupU0NDhfTBU6yYfp9GAG/6PS2rWBk5q/1A5C4ect0lvHJQtRFQNKE7UIxYSnmtkmIvt3HRK9QheRHW9KfgBTbUYN0Hf6eKhpLERO7Y8ERybLRagKjkfEjs/sh0O1AFoTtQFFPvB7uPyXcXwWQjbijXIbzPPrVYRACvioYixDXctT09kvPl6ebyuvaDkLO4TrpLZEjB3xNQDaE7UKSYmpq5advbY3S+23SVrJiCp1KrjSl4q5bIlo1Xk7SIyWQP+DIVn6uHM+6R428IqI7QHShWXFzO9T8fxKarZM0UPJVa9LrgrVwiW6pnkvPFXkD5OmPwbrodqJLQHSheM2lHEb6bet/fKiYo9b6TLVPwVOzehqzkLB6gdpPvH72RZ6ePO2MnDt4f42/FvztAlYTuQBXiAnPmZm0Qet8pQvQHrwN4K2KoxbJXQ3PnXScncd5eV88YpjivrzGMYeo9Q82knR/xvmgVfxuzZz8BqIjQHahKM2mvYurdhOvhlrHh2Z0bLkoQ54d1CH+uzlM4tXtd8OQmhilGcR3imu58TL1n7EjBu+l2gCB0B6oTN2rdTdon7/4gVM9QnF6gc6WKhorogic7et+ToLM7UwMG7939wPTp5nL+7CcAlRK6A9Uy9X4Uj7HpqgtuitLbkFUVDbVYP1B9sKKJHMR13bXw/WwWMeH8Z6WvP1sDBO/38d77dwKgR+gOVK+ZtN0N2ufaj8PAlvFAY276nRJFuLOuo1FFQw0eI4S3GStJi973a/v4nI2p9wztGbyvImy3PwjAC4TuAP+eYp0Lz47iPsJ3F+QUKapo+iG81TOUbtkL4NXQkCTh+1l1U+8jD+jy0kza2Q71m7dRJ2O6HeAVQneAHlPvR9WFNLMI4F2gU6wIeq70wVOJdQ3NejNW53eSEufkrvN9enFx8Q/vzsmsYr+fWSWvtwixR8Ifb7wWm+cCbEnoDrAhbs7mOkGPyvQ71djog78S+lC4+14Ab8qVZMSqpKnw/eT0fWfmjeD9azxI8V4CbEHoDvCKZtJOY1myG7Pj0f1OdXoh/MjDPQq3iHO8HniSIXw/C93fmdkI3k23A+xB6A7wBlPvJ3Ufwcy8otcM/U1Zr5xrKNi6B757yPqnN5pzE76fhUnpjETw/pONcQH2I3QH2EJcdM7clJ3Eqjf9LpihOr0QfmRzZwplI1aSIXw/uUVMTbvGA6BoQneALcVNWRcGf3DMTmbRC+BNRVGdOO/0J+GF8JRm1QvgVU9wNsL3k7LJKgDFE7oD7KiZtKMIgt2QnZbNV6meEJ7CCeA5O+H7SdlkFYBiCd0B9hA3ZN10zkfH7+TUz0AQwlMwATxnJXw/ma5uauSaDoDSCN0BDhDdy10A/KPjeBbLePjRhTJ/Vfj64TtCeAolgOdseuH7Z+/CUX2xYScAJRG6Axwobsa6m4RPjuVZPcYDkDvLlOG/CeEpkACes2gm7U9xvWeV4/E8xtS76zgAsid0BxiIqfek6H+HFwjhKYwAFaSgmQAAIABJREFUnpMTvh/dKoL3h8JfJwCFE7oDDKyZtNeWICdDIANvEMJTEPt9cFIxbNFd8/3qyB/FP59uLmcFvi4AKiF0BziCZtL+Ejf/Aqx0LCOAF8jAK4TwFML5npOJ8H3mfHkU3crFsboZAHIkdAc4IlPvyRLIwBaE8BRg0dvvw4bbHE0zaccx+a5mcFjLqJtxvQZAVoTuAEcW3Z9zy4+TJYCHHcRU5/rLeY2c2HCbo4oHldP4+oejPZiuPmr6dHM5L+T1AFABoTvAiTSTdhoTUG7C0iWAhx0J4cmUDbc5mgjfZzZbHdzt083luLDXBEChhO4AJ2TqPSsCeNiDEJ7M2ICVo3HddxSLqJtRFwVA0oTuAGcQvZ8zU+/ZEMDDnoTwZGQZ/zbrf2dQcR6c63sfzCqC94dCXg8ABRK6A5xJLD3ubsA+eA+ysg7g79zswe56Ifwv8b8ePpKi+zjP65BmMKoGB/fPp5vLWWGvCYBCCN0BzqyZtKMI392A5WfVC+D1AsMemkn7S28SXghPatbn+ZmVTgxB3/vgbmOTVZsjA5AUoTtAAtyAFaELZh56IbybP9iDEJ6ELXr9787xHCTOdTO1W4PQ8w5AcoTuAAnR+VmU+3UI7yYQ9ieEJ1G3VjkxBPv8DKYbfriyIgWAVAjdARITU+9d3+cn700xFr0JeDeDcAAhPIlZ9qbfPWBlL679BvWbvRgASIHQHSBRpt6LtexNwJuQhAMJ4UnIfYTvzu3sReXMYG6fbi7HhbwWADIldAdIWEw+TS8uLj57n4rU74F/MCUJhxPCkwDT7xykmbTTmHx3/trfY/S8238BgLMQugNkIEKk7gb+Z+9X0dTQwMCE8JyZ6Xf2YpP9QXTXVWPXVACcg9AdICPNpL029V6N5cYUvEktGMBGCP/BMeVElhGgzp3P2YW6wYPZYBWAsxC6A2RG32e1HnsBvBtHGEgEWusv51VO4TbC9wdHm20ZvDiYDVYBOCmhO0Cm9H1WzRQ8HIkQnhPqqi9mgkC2ZfDiYF+fbi6nmb8GADIhdAfIWDNpf4olx26+6mYKHo6kmbSjXghvXw2OYdWrnrHxKu8yeHGQ26eby3HGvz8AmRC6AxTAzRc9puDhSGJjw3UAP9KxzBHcx/S76hneZPDiIIvoeXeNBMDRCN0BChFh0NzGgGxYRAB/ZwoehhWhV7+ORgjPUFTPsJVYjTM3eLGz7jM2dm0EwLEI3QEK4+aLN6w2puDVGMCAom+5H8I7D3OodfXMzFQurzF4sbdVTLwL3gEYnNAdoEBuvtjSch3Aq6KB4UUIP7IpKwO5jfBdQMiLDF7spQvep1aVADA0oTtAwZpJexU3XyoP2MbjehJeqAPD2uiDtykrh+jO1dd633mJwYu9/SZ4B2BIQneAwsXNV7fJ6ifvNTtYV9GsQ3hVNDCgjT74kclU9rCM8F1QyDOm3vfy9enmcprh7w1AgoTuAJUw9c6BlhshvCoaGFCvD36kioYdLePfd73vfCcGL+6cU3Zy+3RzOc7o9wUgUUJ3gIrEzVc3wfPZ+86BFr0QXh88DGijimbkYSlbWvXCd6uT+Fszaaex6tHU+3Zuo+fdtQ0AexO6A1QoJirnOoUZ0GK9KaueYRhWVNGMekG84Iz33Eb1jPCdb+I8cufab2vddc2V4B2AfQndASrWTNprU+8ciU1Z4UiiLmxkQ1a20IXvcw9DWXPttxPBOwB7E7oDVC6m3mf6Pjmi1UYVjRAeBtLbkHVkCp43PMbku/Cd9bXfneqqrXTB+9i1CwC7EroD8E30fU7dgHECQng4kt4UvC54XiJ855vYO6IbuvjoiLxrFRPvrlcA2JrQHYDvNJN2FOG7yXdOZR3CrzvhdRDDADa64D84pvQsYsPVuYNSt7jum1sl8y7BOwA7EboD8KIIa7rwfexGjBNbbkzCC+FhABGurUN4U/BcxPn2WvheN5usbkXNDAA7EboD8K5m0o4jfDf9zjkI4WFg0em8DuEFbQjfscnq67483Vxev/pTAHiB0B2ArZl+JxFCeBjQxmasamjqJnyvXOwLcec675tuD4Sp6XYA9iF0B2Avpt9JiBAeBtSroRkJ3qolfK9YbLJ6V/E13ir+/mfPfgIAWxK6A3CQmJBcB/A6gkmBEB4GEjU04wjgnePrI3yvWKV1M4/R3e7aAYCDCN0BGExvOvKjo0pChPAwgAjgryKE1wNfl8cI3x9qPxC1qahuxnQ7AIMSugMwuFiWPBbMkKh1CP9nhPC6WmFHscpp/aBVzVg9hO8VqqBu5j6m2//17CcAsCehOwBH1asmsPkqqVptTMIL4WEHEciNbMRaFeF7hQqsm1lF2H737CcAcCChOwAnE/UzY6EMiRPCw54E8NW5jfBdbVcl4lpuXsAghel2AI5K6A7AyfVCman6GTIghIc9COCrInyvSNRL3WV6DbeMsN0qDQCOSugOwFnFjdu6fuZH7wYZEMLDHmy2Xbzu3NhtQjkzPVy+eKg2y+zz/DUeDvn7BODohO4AJCP636cRyuh/JyePvRDe9By8wQR88VYRbM5qPxA1aCZtd932e+Iv1XQ7ACcndAcgSSYiyZwQHrYggC/aMsL3ee0HonTNpL2KupkUBya+WH0BwDkI3QFImkCGQgjh4R3O98V6jPDdua9gCfa8L2K6XQUcAGchdAcgG71Aput//9U7R8aE8PCGCPDW53sbbpfhvquQs9lquRLqef/ydHN5/ey7AHBCQncAsiSQoTBCeHhF73w/teF2EdR9FO6MPe+P8WDHdDsAZyd0ByB7AngKJISHF8SG2+P4suF2vlYRjup7L1TszTM/0efU5r0AJEfoDkBRBPAUSggPG2y4XYRFhO/OawWKh2R3R16h8hjd7WqLAEiK0B2AYgngKZgQHoL9Poqg771Q8fl8OMJ1mOl2AJImdAegCgJ4CieEh3+f69f1M/rf87KKTTj1vReombTzAVel3Md0u78TAJIldAegOr0AfmQqkkIJ4aleM2mvInwf6X/PyjKm3u9qPxClaSbt9cXFxecDXtYqwnZ/GwAkT+gOQNV6tQTd14fajwdFWq0D+Ajh//Q2UxP1M9nS1V2gZtKOY0XDrg/CTLcDkBWhOwCEXjBzZTKSggnhqVasdJpGAO8cn4cvKmfKEhusPmz5GVxG2G7VFgBZEboDwCuaSTvqhfC6gSnVciOEN1VKFeIcP7bKKQsqZwoTwfv8nX12vsZmqR64AJAdoTsAbCFuDtfdwAJ4SrYO4e8ihBd2UDSbr2blPsJ3DwcLECsMH14I3k23A5A9oTsA7MhGrFRm0ZuCN2VK0Uy/Z2EVdTPXtR+IEkTw3nW8f4yXo04IgCII3QHgABsbsV7pCKYCj70Q3hQiRTL9noVFTL07DxWgmbTdQ5Q7+4wAUAqhOwAMKKYkr9TQUIn+pqx3Kh8oUTNp1+G7lU1p0vsNACRH6A4AR6KGhgotN0J4IRjFiHP6NAJ4q5rSsooOcBVYAEAShO4AcAK9Gpr1FLzAhhosegG8CgiK0DufX1vRlBwbrQIASRC6A8AZNJP2l94U/M/eAypxr4qGkjST9iom3z96Y5OxirqZWe0HAgA4H6E7AJyZKXgqta6iuYtNWVXRkK3exqtT5/BkPEbljAd8AMDJCd0BIDGm4KnUYy+A/9MfATlSPZMcU+8AwFkI3QEgYabgqdRqHcDbkJVcRfXMtY20k7CIqXcP9ACAkxC6A0BGYgp+HcALcqjFIkL4O6EZuYnqmWu970n48nRzeV37QQAAjk/oDgCZiin4q14Ir8qAGqyn4HXBk5U4Z0/1vp+dqXcA4OiE7gBQiJimvOrV0Qh1qIEueLKi9z0Jut4BgKMSugNAoXobsl6poqESy14Af+dNJ3XNpB3H5LtNs8/jMabe/6rxxQMAxyN0B4AKbFTRXAl4qMBqvRGrzVhJnU1Xz8rUOwAwOKE7AFSoV0Wz/lJxQOm6Hue5GhpSFuH72KarZ9FNvY88oAMAhiB0BwDWVTT9EF4fPCVTQ0PS4sHotfD95FZRN+O8AAAcROgOADzTC+FH6g4o3GpdQRMhvClXkiF8P5vbrmvf+QAA2JfQHQB4V1QeXNmUlQrc9wJ4myuSBOH7WSyjbkYdFQCwM6E7ALATm7JSkXUP/J0AnhRE+D6N3nc1YKfx5enm8rqGFwoADEfoDgAcRAhPJRbrGhqTr5xbnHen8SV8P77H6Hr38A0A2IrQHQAYVIRBo14I/6MjTGHWG7HOBfCcU5xvuynsT96Io7PJKgCwNaE7AHBUUYdwJYSnUAJ4zk7n+0l97Y61TVYBgLcI3QGAkxLCUzABPGclfD+ZRUy9+5wDAC8SugMAZyWEp1ACeM5G+H4SXd3M9Onmcl7BawUAdiR0BwCSIoSnQAJ4ziLOp10o/Kt34GhuI3xXNwMA/E3oDgAkTQhPYQTwnFwzaa9i8l34fhzqZgCA7wjdAYCsCOEpyDKmkLsA/i9vLMcW4fvcefMo1M0AAH8TugMAWRPCU4hFhKF3AniOrZm045h8d74cnroZAEDoDgCURQhPAR57AbzgjqNoJu0PXTgcX/9wlAfVPUQbeYAGAPUSugMARYtgqR/C/+wdJyP3UT9z503jGOIc2U29f3KAB7WKnnefXQCokNAdAKiKEJ5MrWID1pnNGjmGWCU0t9nq4L483VxeF/aaAIB3CN0BgKoJ4cmQDVg5mthsdeZcOKjHqJtRFwUAlRC6AwD0COHJjP53jiI2W53pex/MMoJ3K1UAoAJCdwCAN2yE8L+oXiBhtzH9/uBNYgj63gfX1URNn24u54W9LgBgg9AdAGBHUb+w/hLCkxr1MwxK3/vgvj7dXE4Le00AQI/QHQDgQEJ4EvYY4bvJWg7WTNpRVM786GgeTM87ABRM6A4AMDAhPAnqai3uusBUpzSHaiZtVzkz1fd+MD3vAFAooTsAwJEJ4UnMIqaVbb7K3qJypvs7+uAoHqR7IDZ+urm8y/g1AAAbhO4AACcmhCcRpt85WJzP5ipnDvbl6ebyOvPXAAAEoTsAwJkJ4UmA6Xf21kzaH6Ju5rOjeJDb7jj6DAJA/oTuAACJEcJzRqbf2VtUzsydtw7SPQC7ErwDQN6E7gAAiYsQfhQh/M/eL07E9Dt7aSbtOP52bLS6n9+ebi7nOf7iAMB/E7oDAGQkahz6k/BCeI5tFdPL3fT7X44224hzVRe8f3TAtraITVWtMgGAzAndAQAyJoTnxB4jfL9z4NmGjVa30j3Yun66uZxl8LsCAFsQugMAFCQ6lfshvKCLY1jGFPNc9QzvsdHqmx5jut0qEgAoiNAdAKBgGyH8SMcyA1tvvHotNOQ9zaT9Jabercgx3Q4ARRO6AwBUJEKv/iS8EJ6hqJ5hK82kva586v2+m/z3oAoAyiV0BwCoWPQtr79+9bfAALrqmS5UvVM9w2sqnXpfRZWMB1MAUDihOwAA39iUlYGtIlSdmejlNRVNvd9H4O5BFABUQOgOAMCL9MEzoNsI3/90UNlU+NT7MqpkTLcDQEWE7gAAbKXXBz9SRcOe9L7zqgKn3r/GZqmm2wGgMkJ3AAD20kzakSoa9rSMMHLuANJXyNT7MqpkHp79BACogtAdAICDqaJhT8te77tpYP6W8dS76XYAQOgOAMDwYlp1FF+m4HlPt+nqrAvgbbrKWjNpr+KhzI8ZHJRFTLfbtwAAELoDAHBczaT9IcL39SR8DgEa53Mbk8LCd9bnj+6BzMeEj8aXp5vL62ffBQCqJXQHAOCkbMjKloTv/C32kJgnVl1luh0AeJHQHQCAs9mYgtcFz0vuo/PdppSVi/PFXQIP61bxQGj27CcAQPUuhO4AAKREFzxveIygU/heuWbSTi8uLn4/01F4jOl2KzAAgFcJ3QEASFIzaX/qTcBfmYInCN9ZP6C7O+EeEabbAYCtCd0BAMhCdDqvQ3ibsSJ8r9wJN1ntKo6mptsBgG0J3QEAyE5vM9axGprqCd8r10zacYTvQ6+GWUWVzN2znwAAvEHoDgBA1jZqaD54N6slfK9YPIibD/gQ7j4C9389+wkAwDuE7gAAFCPqJq56m7Hqga+P8L1SA9XNLKNKxnQ7ALA3oTsAAMXSA1814XulDqib+Rp/M6bbAYCDCN0BAKhC1E+MBfDVsQlmhXasm1lGlYwHNADAIITuAABUJ3rgRzZircptTDEL3yuxZd2M6XYAYHBCdwAAqiaAr85tTL4LWSvRTNrpxcXF7xuvdhHT7X/WfnwAgOEJ3QEAIAjgq7GKCeiZ8L0OUTfzED3vX55uLq9rPyYAwPEI3QEA4AUC+CqsolpkVvuBqEHUzfygYggAODahOwAAvEMAX7xlhO/z2g8EAACHE7oDAMAOBPBFe4zw/aH2AwEAwP6E7gAAsKdeAN9t1Pij41iMx9hkUw0JAAA7E7oDAMAAYqPGcYTwAvgyfI3Jd5utAgCwNaE7AAAMLAL4aQTw/3B8s9Zttjp7urm8rv1AAACwHaE7AAAcUTNpRxG+f3Scs9Zttjp9urm8q/1AAADwNqE7AACcQDNpf+htwPqrY56txwjf/6z9QAAA8DKhOwAAnFhswDqOL/3vedL3DgDAi4TuAABwRvrfs7aK4H1W+4EAAODfhO4AQFK6CeCnm8u/vCvUqJm0Y/UzWVpE5cxD7QcCAAChOwCQmGbSTiN07PqSuwDrQQhPbdTPZOs2wneVMwAAFRO6AwDJicCxq2v4EL/bch3AC+GpTTNpryJ8/+jNz4LKGQCAygndAYBkNZO267iev9BzvdgI4U2VUrxm0v7Qm37/2TuePJUzAACVEroDAEmLoHHem3p/yaIXwN+98HMois1Xs6JyBgCgMkJ3ACALMfU+27Lf+rEXwpsypVjxUGoUAbzp93StInif134gAABqIHQHALIRAeP1xcXFpx1+59VGFc2fz/4LKEBv+l33e7q6B4Jj+1IAAJRN6A4AZCc2lpxvOfW+yaasFK3X/T7d8zPC8X15urm8dpwBAMokdAcAsrTn1PtL9MFTrHhANX1nTwTOYxlT7yqwAAAKI3QHALIWlRrzAfusu/qHO1U0lKSZtD/1pt9tvJqWr90DRButAgCUQ+gOABShmbTd1PvngV/Lah3Aq6KhFM2kHdt4NTmrmHq32gYAoABCdwCgGEeYet+0rqK5UwlB7qJ6Zmzj1aTcR/hu6h0AIGNCdwCgOM2knUbf+7FrNO57IbwpeLKkeiY5pt4BADIndAcAihRBYjf1/uuJXt+y1wUvLCM7sTnxKB5Y/egdPLvHCN890AMAyIzQHQAo2gmn3jeZgidbzaQdxeT7qR5a8bJVbLI6e/GnAAAkSegOABTvDFPvm0zBk6XYJ2Gq9/3sTL0DAGRE6A4AVCOmd+cJ9Fbf90J4IRrJiwdX0+h+1/t+HrreAQAyIXQHAKoSvdVd8P4hkde9iBqa+dPN5Z/PfgoJic/P1KarZ3Uf4fu/Kj4GAABJE7oDAFVKaOq9bxUT8OspeKEayWom7dimq2dj6h0AIGFCdwCgWjG124WGnxI9BjZjJXkRvneT7z97t07utjv2HtABAKRF6A4AVK+ZtFcx9Z7yxO5iPQWvhoYUxefo+owbFtdqGVPvD7UfCACAVAjdAQDymHrvW/Ym4NVLkBTh+9l8ebq5vK70tQMAJEXoDgDQE4HhLKOqjHUP/DqEVzNBEoTvZ7GIqXerYQAAzkjoDgDwgmbSdmHh5+c/Sd59r4ZGAM/ZCd9PrnsQd/10czmr7HUDACRD6A4A8Ipm0v4SXe+5bhC5iN/fRqycnfD95O5j6t3DNwCAExO6AwC8I6bepxcXF/94+79MmgCeJAjfT6qbeh/ZZBUA4LSE7gAAW2gm7U8RWpcQFK4D+Afdz5yL8P2kbLIKAHBCQncAgB00k3YaQWHOU+99y+iAnwvgOQfh+8k8Rt2MlS4AAEcmdAcA2FFhU+99AnjORvh+EqsI3u8qeK0AAGcjdAcA2FMzaUcRvpcy9d63jNc2NxnLKcXnanZxcfGjA380X59uLqeFvjYAgLMTugMAHKCZtD9EOP2h4ONoE1ZOrpm045h8F74Pz8Q7AMARCd0BAAZQ+NR7nwCekypwH4Vz0+0OAHBkQncAgIHE1HsXDn6q5JjeRwd8F8D/69lPYSDx2ZrGl/B9P910+/XTzeUsx18eACAnQncAgIHFhpDzymox7iN8nz/7CQwkNjHuHmx9dEx3YrodAOCEhO4AAEdQ4dT7/2/vjm7i1rYwAG+dBsLzvMCtACQXAB2EDsItwMp0AOmAaBogHUAHUMBI0AHz4udMB1c7WrmX3IEAg+2xvb9POtLRcaQz3p68/P5nrd/W0X7PC1hvN65CC6q6OYplq8fO86/MbgcA2AGhOwBAh6L1nsPBwwLPeRUB/KWGLV0o9Fclb3UTgbvRTwAAPRO6AwD0oKqb3Ho/L/isfy9gvRIC0raqbs7i5ZZ579rtAAA7J3QHAOhJjMS4KrT1/tRNhO9CQVrzZNlqyS+3vseyVC+2AAB2SOgOANCzaL3PtXJ/NXJ/t9/vN67CFmLZ6lVh895X0W63RwEAYACE7gAAO1BoMPg3xs/QqoLmvWu3AwAMjNAdAGCHqrrJjfcLrfc/GD9Dayb8y5L8omqu3Q4AMDxCdwCAHdN6f9HqSfv98aU/BK+Jee950eqXV/7oWHxbLmYXHjwAwDAJ3QEABqKqm9MImbXeN91F+H61cQXeKEbOXI54mfFDzG63AwEAYMCE7gAAAxKN3Bwsf/ZcnvV7+eql9jvbGuFYp3V857XbAQBGQOgOADBAWu9vov3O1mKs0+UIXnDdRbvdSyYAgJEQugMADFS03nOz9atn9Ffa72wtRs7k78/+wE4xf68vlovZ5cYVAAAGTegOADBwAw4Fh+guwvfr0g+Ct4sXXHnkzPlAjk27HQBgxITuAAAjoPX+bqsn7fefI/vs7EhVN0cxcuZ4Rx9hHWG7l0YAACMmdAcAGJFovedQ8NBze7MfMfv9diSflx3b0aLVmwjcvSQCABg5oTsAwAhVdXMxoFEYY/EQzXeLV3lV/LrkqodFq9rtAAATI3QHABipGIVxpfX+buv4tcCVmdm8pqqb0/h71kXr/XssS9VuBwCYEKE7AMDIRet93vMojKkweoZXddB6X0W73fcOAGCChO4AABNQ1c1BhIK7WgA5dkbP8KrYqZC/I/sfOC3tdgCAiRO6AwBMyI4WQE7JKkLVS6Eoz4nWe/479vWZy3+TX+zMtdsBAKZP6A4AMDFa763Ic9+vo5Fs7jsb3tl6/7ZczC42/isAAJMkdAcAmKiOF0CW5Caa7xrK/CFa73kp75cXTuYhZrffb1wBAGCyhO4AABPWwQLIkt1F+H5d+kHwp2decK3ju6LdDgBQIKE7AEABngkF2d4qxs5Yusp/PXnBtRftdmOJAAAKJXQHACjEBxZA8jxLVwEAgA1CdwCAwrxzASSvW8dcb+E7AAAgdAcAKJHWeydy+H4do2eMFgEAgEIJ3QEAChat99zSPvQ9aNUP4TsAAJRJ6A4AQA7fc+v93Em0TvgOAACFEboDAPBLVTdHMetd6719wncAACiE0B0AgD9E632eUvrkZFp3F+H77cTuCwAACEJ3AAA2VHVzEK33442LtEH4DgAAEyV0BwDgRVXd5Mb7hdZ7Z3L4fmbsDAAATIfQHQCAv9J674WZ7wAAMBFCdwAA3qSqm9MI37XeuyN8BwCAkRO6AwDwZlXd7EXw/tmpdUr4DgAAIyV0BwDg3bTee/M9wvefhdwvAACMntAdAICtROs9L1n96gQ7tU4pXeZ/hO8AADB8QncAAD6kqpuTaL3vO8lOrSN4v5jwPQIAwOgJ3QEA+DCt916tYuTMVUH3DAAAoyF0BwCgNVrvvXpIKc2Xi9ltQfcMAACDJ3QHAKB1Vd3k1vu5k+3FXYTv9wXcKwAADJ7QHQCATlR1cxSt90Mn3IsfMXbmsYB7BQCAwRK6AwDQKa33Xv1athoLV38WdN8AADAYQncAADpX1c1BtN6PnXYvLFsFAIAdEboDANCbqm7mOQxOKX1y6r2wbBUAAHomdAcAoFda7ztxE+G7ee8AANAxoTsAADtR1c1ZzB/Xeu+Hee8AANADoTsAADtT1c1etN4/ewq9WUXr/bqQ+wUAgF4J3QEA2Lmqbk4jfNd6789dhO/3pdwwAAD0QegOAMAgROs9jz/54on06ntebmvkDAAAtEPoDgDAoFR1cxKt931PpjfraL1fFXK/AADQGaE7AACDE633i5TSV0+nV0bOAADABwndAQAYLK33nfmWR/0YOQMAAO8ndAcAYPCqusmt93NPqleraL1fF3TPAADwYUJ3AABGoaqbo2i9H3pivbqJ8P2xoHsGAICtCd0BABgVrfedyItWL5aL2WWB9w4AAO8idAcAYHSqujmI1vuxp9erh5TSmUWrAADwMqE7AACjVdXNPDewU0qfPMVeWbQKAAAvELoDADBqWu87s4rW+22h9w8AAM8SugMAMAlV3Zzl9rXWe+++x7x3rXcAAIqXhO4AAExJVTd70Xr/7MH2Krfe58vF7LqgewYAgGcJ3QEAmJyqbk4jfNd679dNjJzRegcAoFj/ePQAAExNNK7zrPcfHm6v8i8MHuOlBwAAFEnTHQCASavq5iRa7/uedG/ulovZSSH3CgAAf9B0BwBg0paL2W1K6SgWftKtdUrp3wJ3AABKpukOAEAxtN47ZZ47AADFS0J3AABKVNXNRUrp3MNvxTrC9usJ3AsAAHyY0B0AgCJVdXMUrfdD34Ct5UW1c+12AAD4H6E7AABF03rfyira7bcj/OwAANApi1QBACjacjHLofu/Ukp3pZ/FG+WFtEcCdwAAeJ6mOwAAhKpuzlJKFxatPku7HQAA3kDoDgAA/6eqm5MI3483LpbpW/wiAAAAeIXQHQAAXiDx40LfAAACBUlEQVR8Tw/Rbr/fuAIAADxL6A4AAK8oNHzXbgcAgC0I3QEA4I0KCd/vot3+uHEFAAB4ldAdAADeaaILV9f5npaL2eXGFQAA4M2E7gAAsKUJhe/a7QAA0BKhOwAAfNCIw/fcbp8vF7OrjSsAAMBWhO4AANCSqm5y8D5PKX0awZneRLv958YVAABga0J3AABoUVU3exG8DzV8X0XYfrtxBQAA+DChOwAAdCDC97yU9MtAzteiVAAA6IHQHQAAOlTVzUGE7593dM6rmDd/bZQMAAB0T+gOAAA9qOrmJMLv457OO89sv1ouZtcbVwAAgM4I3QEAoEdV3ZxG832/5f9rHh+T57Rfa7UDAMDuCN0BAGAHqrrJi1Zz+z2Pnznc4hM8pJQeI2i/txgVAACGQegOAAADELPfD558kpMn//40UH9cLmaPnhkAAAyT0B0AAAAAAFryj4MEAAAAAIB2CN0BAAAAAKAlQncAAAAAAGiJ0B0AAAAAAFoidAcAAAAAgJYI3QEAAAAAoCVCdwAAAAAAaInQHQAAAAAAWiJ0BwAAAACAlgjdAQAAAACgJUJ3AAAAAABoidAdAAAAAABaInQHAAAAAICWCN0BAAAAAKAlQncAAAAAAGiJ0B0AAAAAAFoidAcAAAAAgJYI3QEAAAAAoCVCdwAAAAAAaInQHQAAAAAA2pBS+g/oLKgTsbUgIgAAAABJRU5ErkJggg== + mediatype: image/png + customresourcedefinitions: + owned: + - name: fluxinstances.fluxcd.controlplane.io + displayName: FluxInstance + kind: FluxInstance + version: v1 + description: Flux Instance + - name: fluxreports.fluxcd.controlplane.io + displayName: FluxReport + kind: FluxReport + version: v1 + description: Flux Report (Autogenerated) + install: + strategy: deployment + spec: + clusterPermissions: + - serviceAccountName: flux-operator + rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" + services: + - name: flux-operator + spec: + ports: + - name: http-metrics + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/name: flux-operator + deployments: + - name: flux-operator + spec: + selector: + matchLabels: + app.kubernetes.io/name: flux-operator + replicas: 1 + template: + metadata: + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + prometheus.io/path: /metrics + labels: + app.kubernetes.io/name: flux-operator + spec: + serviceAccountName: flux-operator + terminationGracePeriodSeconds: 10 + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - name: manager + image: ghcr.io/controlplaneio-fluxcd/flux-operator:v0.9.0 + imagePullPolicy: IfNotPresent + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + ports: + - containerPort: 8080 + name: http-metrics + protocol: TCP + - containerPort: 8081 + name: http + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 10m + memory: 64Mi + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: temp + mountPath: /tmp + volumes: + - name: temp + emptyDir: {} + installModes: + - type: OwnNamespace + supported: true + - type: SingleNamespace + supported: false + - type: MultiNamespace + supported: false + - type: AllNamespaces + supported: true diff --git a/operators/flux-operator/0.9.0/manifests/fluxinstances.fluxcd.controlplane.io.crd.yaml b/operators/flux-operator/0.9.0/manifests/fluxinstances.fluxcd.controlplane.io.crd.yaml new file mode 100644 index 00000000000..85d5412590f --- /dev/null +++ b/operators/flux-operator/0.9.0/manifests/fluxinstances.fluxcd.controlplane.io.crd.yaml @@ -0,0 +1,434 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: fluxinstances.fluxcd.controlplane.io +spec: + group: fluxcd.controlplane.io + names: + kind: FluxInstance + listKind: FluxInstanceList + plural: fluxinstances + singular: fluxinstance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .status.lastAttemptedRevision + name: Revision + type: string + name: v1 + schema: + openAPIV3Schema: + description: FluxInstance is the Schema for the fluxinstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FluxInstanceSpec defines the desired state of FluxInstance + properties: + cluster: + description: Cluster holds the specification of the Kubernetes cluster. + properties: + domain: + default: cluster.local + description: |- + Domain is the cluster domain used for generating the FQDN of services. + Defaults to 'cluster.local'. + type: string + multitenant: + description: Multitenant enables the multitenancy lockdown. + type: boolean + networkPolicy: + default: true + description: |- + NetworkPolicy restricts network access to the current namespace. + Defaults to true. + type: boolean + tenantDefaultServiceAccount: + description: |- + TenantDefaultServiceAccount is the name of the service account + to use as default when the multitenant lockdown is enabled. + Defaults to the 'default' service account from the tenant namespace. + type: string + type: + default: kubernetes + description: |- + Type specifies the distro of the Kubernetes cluster. + Defaults to 'kubernetes'. + enum: + - kubernetes + - openshift + - aws + - azure + - gcp + type: string + required: + - domain + - networkPolicy + type: object + components: + description: |- + Components is the list of controllers to install. + Defaults to all controllers. + items: + description: Component is the name of a controller to install. + enum: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + - image-reflector-controller + - image-automation-controller + type: string + type: array + distribution: + description: Distribution specifies the version and container registry + to pull images from. + properties: + artifact: + description: |- + Artifact is the URL to the OCI artifact containing + the latest Kubernetes manifests for the distribution, + e.g. 'oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest'. + pattern: ^oci://.*$ + type: string + imagePullSecret: + description: |- + ImagePullSecret is the name of the Kubernetes secret + to use for pulling images. + type: string + registry: + description: |- + Registry address to pull the distribution images from + e.g. 'ghcr.io/fluxcd'. + type: string + version: + description: Version semver expression e.g. '2.x', '2.3.x'. + type: string + required: + - registry + - version + type: object + kustomize: + description: |- + Kustomize holds a set of patches that can be applied to the + Flux installation, to customize the way Flux operates. + properties: + patches: + description: |- + Strategic merge and JSON patches, defined as inline YAML objects, + capable of targeting objects based on kind, label and annotation selectors. + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + type: string + target: + description: Target points to the resources that the patch + document should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + type: object + migrateResources: + default: true + description: |- + MigrateResources instructs the controller to migrate the Flux custom resources + from the previous version to the latest API version specified in the CRD. + Defaults to true. + type: boolean + sharding: + description: Sharding holds the specification of the sharding configuration. + properties: + key: + default: sharding.fluxcd.io/key + description: Key is the label key used to shard the resources. + type: string + shards: + description: Shards is the list of shard names. + items: + type: string + minItems: 1 + type: array + required: + - shards + type: object + storage: + description: |- + Storage holds the specification of the source-controller + persistent volume claim. + properties: + class: + description: Class is the storage class to use for the PVC. + type: string + size: + description: Size is the size of the PVC. + type: string + required: + - class + - size + type: object + sync: + description: |- + Sync specifies the source for the cluster sync operation. + When set, a Flux source (GitRepository, OCIRepository or Bucket) + and Flux Kustomization are created to sync the cluster state + with the source repository. + properties: + interval: + default: 1m + description: Interval is the time between syncs. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kind: + description: Kind is the kind of the source. + enum: + - OCIRepository + - GitRepository + - Bucket + type: string + path: + description: |- + Path is the path to the source directory containing + the kustomize overlay or plain Kubernetes manifests. + type: string + pullSecret: + description: |- + PullSecret specifies the Kubernetes Secret containing the + authentication credentials for the source. + For Git over HTTP/S sources, the secret must contain username and password fields. + For Git over SSH sources, the secret must contain known_hosts and identity fields. + For OCI sources, the secret must be of type kubernetes.io/dockerconfigjson. + For Bucket sources, the secret must contain accesskey and secretkey fields. + type: string + ref: + description: |- + Ref is the source reference, can be a Git ref name e.g. 'refs/heads/main', + an OCI tag e.g. 'latest' or a bucket name e.g. 'flux'. + type: string + url: + description: |- + URL is the source URL, can be a Git repository HTTP/S or SSH address, + an OCI repository address or a Bucket endpoint. + type: string + required: + - kind + - path + - ref + - url + type: object + wait: + default: true + description: |- + Wait instructs the controller to check the health of all the reconciled + resources. Defaults to true. + type: boolean + required: + - distribution + type: object + status: + description: FluxInstanceStatus defines the observed state of FluxInstance + properties: + components: + description: Components contains the container images used by the + components. + items: + description: ComponentImage represents a container image used by + a component. + properties: + digest: + description: Digest of the container image. + type: string + name: + description: Name of the component. + type: string + repository: + description: Repository address of the container image. + type: string + tag: + description: Tag of the container image. + type: string + required: + - name + - repository + - tag + type: object + type: array + conditions: + description: Conditions contains the readiness conditions of the object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + inventory: + description: |- + Inventory contains a list of Kubernetes resource object references + last applied on the cluster. + properties: + entries: + description: Entries of Kubernetes resource object references. + items: + description: ResourceRef contains the information necessary + to locate a resource within a cluster. + properties: + id: + description: |- + ID is the string representation of the Kubernetes resource object's metadata, + in the format '___'. + type: string + v: + description: Version is the API version of the Kubernetes + resource object's kind. + type: string + required: + - id + - v + type: object + type: array + required: + - entries + type: object + lastAppliedRevision: + description: |- + LastAppliedRevision is the version and digest of the + distribution config that was last reconcile. + type: string + lastAttemptedRevision: + description: |- + LastAttemptedRevision is the version and digest of the + distribution config that was last attempted to reconcile. + type: string + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/flux-operator/0.9.0/manifests/fluxreports.fluxcd.controlplane.io.crd.yaml b/operators/flux-operator/0.9.0/manifests/fluxreports.fluxcd.controlplane.io.crd.yaml new file mode 100644 index 00000000000..794836b421b --- /dev/null +++ b/operators/flux-operator/0.9.0/manifests/fluxreports.fluxcd.controlplane.io.crd.yaml @@ -0,0 +1,257 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: fluxreports.fluxcd.controlplane.io +spec: + group: fluxcd.controlplane.io + names: + kind: FluxReport + listKind: FluxReportList + plural: fluxreports + singular: fluxreport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.distribution.entitlement + name: Entitlement + priority: 10 + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].lastTransitionTime + name: LastUpdated + type: string + name: v1 + schema: + openAPIV3Schema: + description: FluxReport is the Schema for the fluxreports API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FluxReportSpec defines the observed state of a Flux installation. + properties: + components: + description: ComponentsStatus is the status of the Flux controller + deployments. + items: + description: FluxComponentStatus defines the observed state of a + Flux component. + properties: + image: + description: Image is the container image of the Flux component. + type: string + name: + description: Name is the name of the Flux component. + type: string + ready: + description: Ready is the readiness status of the Flux component. + type: boolean + status: + description: |- + Status is a human-readable message indicating details + about the Flux component observed state. + type: string + required: + - image + - name + - ready + - status + type: object + type: array + distribution: + description: Distribution is the version information of the Flux installation. + properties: + entitlement: + description: Entitlement is the entitlement verification status. + type: string + managedBy: + description: ManagedBy is the name of the operator managing the + Flux instance. + type: string + status: + description: |- + Status is a human-readable message indicating details + about the distribution observed state. + type: string + version: + description: Version is the version of the Flux instance. + type: string + required: + - entitlement + - status + type: object + reconcilers: + description: |- + ReconcilersStatus is the list of Flux reconcilers and + their statistics grouped by API kind. + items: + description: FluxReconcilerStatus defines the observed state of + a Flux reconciler. + properties: + apiVersion: + description: APIVersion is the API version of the Flux resource. + type: string + kind: + description: Kind is the kind of the Flux resource. + type: string + stats: + description: Stats is the reconcile statics of the Flux resource + kind. + properties: + failing: + description: |- + Failing is the number of reconciled + resources in the Failing state. + type: integer + running: + description: |- + Running is the number of reconciled + resources in the Running state. + type: integer + suspended: + description: |- + Suspended is the number of reconciled + resources in the Suspended state. + type: integer + totalSize: + description: TotalSize is the total size of the artifacts + in storage. + type: string + required: + - failing + - running + - suspended + type: object + required: + - apiVersion + - kind + type: object + type: array + sync: + description: |- + SyncStatus is the status of the cluster sync + Source and Kustomization resources. + properties: + id: + description: ID is the identifier of the sync. + type: string + path: + description: Path is the kustomize path of the sync. + type: string + ready: + description: Ready is the readiness status of the sync. + type: boolean + source: + description: Source is the URL of the source repository. + type: string + status: + description: |- + Status is a human-readable message indicating details + about the sync observed state. + type: string + required: + - id + - ready + - status + type: object + required: + - distribution + type: object + status: + description: FluxReportStatus defines the readiness of a FluxReport. + properties: + conditions: + description: Conditions contains the readiness conditions of the object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: |- + LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value + can be detected. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/flux-operator/0.9.0/metadata/annotations.yaml b/operators/flux-operator/0.9.0/metadata/annotations.yaml new file mode 100644 index 00000000000..91ddbb715d2 --- /dev/null +++ b/operators/flux-operator/0.9.0/metadata/annotations.yaml @@ -0,0 +1,18 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: flux-operator + operators.operatorframework.io.metrics.builder: operator-sdk-v1.29.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + # OpenShift specific annotations + com.redhat.openshift.versions: "v4.12-v4.15" diff --git a/operators/flux-operator/0.9.0/tests/scorecard/config.yaml b/operators/flux-operator/0.9.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..feda39c3457 --- /dev/null +++ b/operators/flux-operator/0.9.0/tests/scorecard/config.yaml @@ -0,0 +1,51 @@ +# see https://sdk.operatorframework.io/docs/testing-operators/scorecard/ for more information +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: + - parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/gitlab-operator-kubernetes/1.3.2/manifests/apps.gitlab.com_gitlabs.yaml b/operators/gitlab-operator-kubernetes/1.3.2/manifests/apps.gitlab.com_gitlabs.yaml new file mode 100644 index 00000000000..431b36386e6 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/manifests/apps.gitlab.com_gitlabs.yaml @@ -0,0 +1,150 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: gitlabs.apps.gitlab.com +spec: + group: apps.gitlab.com + names: + kind: GitLab + listKind: GitLabList + plural: gitlabs + shortNames: + - gl + singular: gitlab + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: STATUS + type: string + - jsonPath: .status.version + name: VERSION + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: GitLab is a complete DevOps platform, delivered in a single application. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of the desired behavior of a GitLab instance. + properties: + chart: + description: The specification of GitLab Chart that is used to deploy + the instance. + properties: + values: + description: ChartValues is the set of Helm values that is used + to render the GitLab Chart. + type: object + x-kubernetes-preserve-unknown-fields: true + version: + description: ChartVersion is the semantic version of the GitLab + Chart. + pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + type: string + type: object + type: object + status: + description: Most recently observed status of the GitLab instance. It + is read-only to the user. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + phase: + type: string + version: + type: string + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-controller-manager-metrics-service_v1_service.yaml b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..99004c8226f --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: gitlab-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..06320d36225 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: gitlab-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml new file mode 100644 index 00000000000..472ce55760e --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-operator-kubernetes.clusterserviceversion.yaml @@ -0,0 +1,604 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[]' + capabilities: Seamless Upgrades + categories: Integration & Delivery, Developer Tools + certified: "true" + containerImage: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator:1.3.2 + createdAt: "2024-09-12T07:52:49Z" + description: The GitLab operator is responsible for managing the full lifecycle of GitLab instances in your Kubernetes or Openshift container platforms. + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + features.operators.openshift.io/disconnected: "false" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operatorframework.io/suggested-namespace: gitlab-system + operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/project_layout: unknown + repository: https://gitlab.com/gitlab-org/cloud-native/gitlab-operator + name: gitlab-operator-kubernetes.v1.3.2 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: GitLab is a complete DevOps platform, delivered in a single application + displayName: GitLab + kind: GitLab + name: gitlabs.apps.gitlab.com + resources: + - kind: ServiceAccount + name: gitlab-app-nonroot + version: v1 + - kind: ServiceAccount + name: gitlab-manager + version: v1 + - kind: ServiceAccount + name: gitlab-nginx-ingress + version: v1 + - kind: Service + name: gitlab-controller-manager-metrics-service + version: v1 + - kind: Service + name: gitlab-webhook-service + version: v1 + - kind: Deployment + name: gitlab-controller-manager + version: apps/v1 + - kind: IngressClass + name: gitlab-nginx + version: v1 + version: v1beta1 + description: | + # Overview + + **Installation using OLM is considered experimental.** GitLab does not support any issues related to instances deployed using OLM. + For more information on potential issues with OLM, see [issue 241](https://gitlab.com/gitlab-org/cloud-native/gitlab-operator/-/issues/241). + + The GitLab operator is responsible for managing the full lifecycle of GitLab instances in your Kubernetes or Openshift container platforms. + + [Documentation](https://docs.gitlab.com/operator/) + + The operator, while new and still actively being developed, aims to: + - ease installation and configuration of GitLab instances + - offer seamless upgrades from version to version + + ## GitLab + + GitLab is a complete open-source DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development process costs and decrease time to market while increasing developer productivity. + + Built on Open Source, GitLab delivers new innovations and features on the same day of every month by leveraging contributions from a passionate, global community of thousands of developers and millions of users. Over 100,000 of the world’s most demanding organizations trust GitLab to deliver great software at new speeds. + + If you would like to enable advanced DevOps capabilities and activate enterprise features such as security, risk, and compliance capabilities, please contact our sales team to purchase an enterprise license. + + # Prerequisites + + Please visit [Prerequisites](https://docs.gitlab.com/operator/installation.html#prerequisites) section of GitLab Operator Documentation. + + ## IngressClass + + Cluster-wide `IngressClass` should be created prior to Operator setup, as OLM does not currently support this object type: + + ```yaml + apiVersion: networking.k8s.io/v1 + kind: IngressClass + metadata: + # Ensure this value matches `spec.chart.values.global.ingress.class` + # in the GitLab CR on the next step. + name: gitlab-nginx + spec: + controller: k8s.io/ingress-nginx + ``` + displayName: GitLab + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAABJQAAAReCAMAAAC2B5qlAAABDlBMVEVHcEzwWSfsUijpTSjnSyjiQynlSCnpTijtVSjxWyfvVyjvVyjvWCjsUyjkRSntUyjrUCjqTyjqUCjwWCfuVijmSSnlRyn1YSfwWCjrUSjuVCjqTijuVifrUijpTijsUijnSyjuVif0cifwWCj8oyb8oyb8jyb8bSb8iSb8jib8gSb0Xyf8lSb8oCb8dyb7ayb6aSb8nCb8cCb8jSb8kib8lib8iCb8fib8dCb8mSb8jCb8lCb8nSb8jCbuVSj8kib4ZSf8iyb8iyb8hSb8kSb8iibrUSj2Yyf8myb8iib8kCb8eyb8mib8kib8kCb8mCb8gCb8jib8lib8lyb8kCb8lCb8kSb8iSb8kCb8kCYx+jFhAAAAWnRSTlMALq/o////8cJKulc8pv+cz9zWZJL4+xAfkoficUrCuPB87f8Q////H5L//9////////+H////////cNb7ZP/P//9X/8BK///3PK//8y6m7y6c5+t8yLh8yN3b2h1aAAAhEElEQVR4AezdB24ryRWF4VI4yiKVKenl9/a/RyMZhZ6RQLftUddtfd8WiPSDXec2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT+vg8Og4ycnp2XkbFudnpydJjo8uDtqawcFRuqPLNiQuJz/TVVstuN5k4qwNiLNMbLZtpeAmf3XbhsNt/uqsrRIc5u/u2mC4y98dthWC+7zloQ2Fbd5y39YHHvOWp10bCLunvOWxrQ5s87brNhAO87ZtWxs4zdse20B4zNuO2srAQd5z3obBed7z3NYFrvOeszYMzvKebVsXOMp79FuBetNvrM5z3nfVGL7e9Bur/e/Nl3k1602/scp6028F6k2/od4S6xgF6i3ZtfVDvfl+sky9JS9t3VBv3Wkbjw9c1zzpALtEvxX9wLXbtNWAh0S/Vf3AtXttawFfEv1Wp97W32+wSVfgwzz1tvJ+g9d0VT7MU2/r7zeMPvswr0C96TfU2zj9pt70G+qtUr+pt+RrWzfUW/eljUa9rfb4DDxlv82usajdJvs9tRWAr9lj9FNLPnDtLlt9cJfU7jcfuHY3bR1Qb1X+2FFv6+83uEznw7wC9bb2foObdD7MK1Bv+g31Nka/qTf9hnor12/qLfnWykO91e839dZ9b+XhPsbw/cbuJNFvuI9R7GGVD1zdDmUNfqSr87DKB65uh6LehEGBv0jr3w6Fq8xx34am3ur3GxymK/BhnnrTb6i3MfpNvek31Nu4D6vUm9uhqLc6/abe3A6l/sJq/X5TbxM/W124jzF+v3GfuZ5bTXCduc4aH+4sc21bTXCUzh871f8irX87FJ4z33kblOeJ9fsNtpnvR2OBetNvqLcC/abe9BvqrcbDKvWW7Fp5qLf6D6vUW/fSikO91e839Vb/dijuY5ToN/Wm33AfY5x+4yIzlL49A7f575y2AXmeWP/2DPR6qz+M4Xli/dsz8JquwDCG54n6DfVW4cM89abfUG8eVg1Vb/oN9eZhVYl6S341qF9v+q1IvbkdioVV/TZSvek33Mco02+eJ3ZfG9Rxk9TvN88T3Z5BvVXoN88T3Z6hnsv8bx7aojxPdHsG9WYYYwFfEv2GevPHTrl602+oNw+rhqo3/YZ687CqRL0l3xvUX1jVb1XqTb9hYVW/Fau35FuDCn4klfrN80T9hnrTbwM4yXxuz1DSVbL2fvM80e0ZKjlMZxhjWHeZcnsG9eaPnQofuOo31JsP8xaoN/2GevOwqkC96TcsrOq3YvWW/GxQf2FVv9WoN7dDcR9Dvw1Qb26HYmFVvy3gOPPZLqak50S/VR6XsV2M+xj6bQFnmXJ7BvWm36p94KrfUG/JeWOAcRn9hnrzYd4C9abfsLDqYVWBenN7BgurHlZVq7dk16D+wqp+K19v3UuD+gur+q1+vek3Ctgkn6bfjMt0DQb1mhTrN88TbRej3vRbgXEZt2dQb/qtwLiM2zOoN8MYQ9SbfsNGj4dVA9WbfsPCqodVBepNv1HAfToPqz5VvSVfG4znJtFvxevN7VDUm34rMC6j37Cwqt+KjMt09w0q1Jt+KzAuY7sY9abfCozL2C5Gvem3AcZl3J7BRo9hjAL1pt+w0TPVWLre9BsWVj2sKlZvybcGIzlM52HVJ6y35HuDAvXmw7wC9abfsLCq3wqMy+g31Jt+G2Aa1HYx6m2AfvOBq+1i1NsS/cbXTNguRr0V6TfToPoNGz31+029JT9bfVhYrT+Mod66g1YANnqqPaxSb/Vvz8BRugIf5qk3/YaF1QLDGOpNv6Heluk306D6DfWm3wZwnAnbxai3Av1mXMZ2MeqtQL+ZBrVdjI0e/TbA80T9ho2e6sMY6i3ZtfKw0VN/2FC9dS+tAGz01BnGUG/1b89Ar7cCwxjqTb+h3goMY6g3/YZ6K9BvxmX0G+qtQL8Zl7F9hXr7n/uN60zYLsZGT4F+U2+2i7HRU2AYQ73V6je4z4RhDPWWfG0wzEaPYUP1ltw1GKDe9Jt6028M4DJdpWEM9abfUG+GMQaoN/2GejNsOIDnTTrbV6i3pfuNh0zYLsYrzwL9ZhrUdjE2egr0m2lQ/YaNnqrDGOpNvzGAw3SGMdSb7WKGqjfDhupt6X6Dq0S/qbcCt2dQb+WGMdSbfkO91X9Ypd70G+rNsOF8vzJhuxivPAv0m2lQ28V45Vm53zxPtF2MjZ6JX+0/xtfkk/QbbNMZxlBvtosXx1Gi39Sb7WKG8ZwJw4bqzXYxA9SbflNv+g31Nr/f1Jt+Q70ZxhjCfaLf8MqzwLChaVDbxXjlWeBhleeJhbeLYRP9ZhrUdjHjeE1nGEO92b5aHLeJflNvtotRb4YNx6k328Wot/n9pt70G+qtYL+pN/2Geqvfb+pNv2FhdeJHY4+LRL/hladhQ9OgtosZ4JWnYUPToAu+nYbLTBimd9hh2dszcJPOMIZ6s32FejOMMaPe9BvqzbCherNdvDD1pt/Um35Dvem3ffWm31Bv+k29LdxveOVp2FC92S7GK0/DhvvtNulW/XYarjJhmN5hB9vFy+Iw0W8OO9i+Qr0Zxphfb/oN9WYYQ73ZvmKQejNsqN70G+pNv+2vN/2GetNv6k2/seB3wvpNvek3fCes3/Y4yQyVt4vhOVOGDYf0NTOU3i6GbSYM0zvsYLt4WRylM4xhXMb2FerNMMbMerN9hXozbKjebF8tSb3pN/Wm31Bv+m1Pvek3fCes39SbfsN3wm/2G8fJJ+k32ES/Oexgu5hxvCb6zWEH28WM4zb7GMYwLmO7GPVmmH7iPP/m7TTqzTCGerN9hXrTb3vqzfYV6s2woXr7gH6DX4l+U2/6Dd8Jz+839abf8MpTvznssF8aLPCdsH5zlu9DtovhJtFvDjvYLka9Gaaf4yCdt9OoN8P0zvJ5O416M4wxYL15O41668OG6k2/4Tthw4bqTb/hO2H9tq/e9Bu+E9Zv6k2/4Tth/dZtM777Bh/5nbB+c5Zvj5v2SaDeot92m3S+vUe96Tdn+bydRr0Zxhj1LJ+306i3ZKfe9Bv+aTZsqN70G74T1m976k2/4Z9m/abePqzf4DlVvDjLp9/wnbB+c5Zvph8NFq83/WZcpntssP56029f0/n2HvWm35zl8+096q3r1Fu8nWbtdqnkq3rTb/hO2LCheptJv/G/+P2nlJ+f1J9Sfjf4F3v3ldW4/2xRvB5oHnn9DYA+FhjLgAAbB3LOnXv+M7m3w/pXJ5IsyyV/92cOhL10pCrtrVpZkyy8SdJC1iQtrRhQ1qrUzhpk7U2S1rIGaUurBpTVkfJu1hzrb5K0kTVHV1LHUBZySZsF/RbbYtYcxaakvOz2HtjSN9v0W2zLWXPs6JstKw3U2zc9+q0a1FtPEv2GCeT6oU+/VYF66+uH3MoD9fZNvps1xTL1FtduLol+w8T19s2gyBpig3oLqxhIqqLfQL1JDdpQLlJvUbUk0W+YxFBObfqNeptMW65UvwEj/apLv1Fvk+jK0W+YuN7Cbijpt6WsGYpcvxob8Gp7+t0O/RbRfqNWk25owGsd6A89+i2gw6wRjvSHkQGvNdaf+vRbOdRbX45+KwnHchNtKOk36q2b6y/HVhqot4ZtKA+pt7irSXdgpYF6a9qGcol6C7uapN+qQb25k6wB9qm3UE7k6LfScKp/69Jv1Fv51ST9VhXqzeUF/Ua9lV1N0m/l4UyP2aHf4jjP4hvI0W8Vot7cEf0WxkUDV5Pu1F4OuNTj+vRbFOtZdG097tJeDLjSE/Iu/Ua9lV9NujN7KeBarokbygvqLe5q0l1bCaDemrmhpN5C2Jaj3ypCvTV0Q3lOvcVdTborKwHUW7kNJf1Gvd3I0W+Twa1cQzeU1Fu41ST9Vh7u9LwB/Ua9lVhN0m+l4F4u7IaSfluLv5qk32pAvbk2/Ua9lVtNugcDStRbyA0l/bbQ4NWke2fA897LldlQ0m/UW7Gpl7k34Hkf9ELbWWDr1Fvc1aT7aMCzVuSavKFcoN5mpqcXW7HJgXpzN1lca9Rb3NWke29ARfX2yIaSfqPednO93AcDnvFWrzGg36g356tJ+g3VWdWrHNFvv6PeWnL0GyrQkQu7oaTfNuKvJuk3VF5vcTeU9Nti41eT7j8Dqqg3t1nQb7Vbbvxq0q0aUEW9Od9Q0m/U245erWPAU3K9Xi8LapF6C7uadDn9hqdsyTV/Q7lMvdWrrzK2DKim3ly+m4W0Qb0FWE3W12+g3twgo9+ot2KgUnIDHvVJJbXoN+qtJUe/oSIjldVOvd+ot7Yc/Ybq6y3uhpJ+W8oi6srRb6jKUC7shpJ+2w+7mgzQb6De3Db9VpPDOVlNupEB1dWb66Xbb9RbT5MYG/BPx5pMP9V+o976mszQAOcO5OZlQ3lIvdWgm2syBwY4N1Z5YY8uLVFv9awmY/QbqLf4G8p96i3uatIdG/C3z5pcO71+o95O5IL0G6g3102t36i3rhz9hiqdyYXdUNJv51kwRS5Hv6FKp6rEDv02VRcRV5MB+w3Um+ul1G8coTySC9VvoN5cP51+o976qsqZ/Q74IjdfG8oL6i3uatKd2u+AS7k521BSb3FXk+7SfgNcyc3bhvKcepuSbVXoyoBfXatKJ/RbCvV2oipd26+AW1WqS7/Nf73dyNFvqNqdqpUX9FuAeguymqTfUMK9XNgNJf22lgUykKPfwqLe3BH9Nt/1diRHvwVGvbk+/Va1hfgHlei3cKg3l3fpt4qtxV9N0m8hUG/xN5Tr1Fvc1aR7sJ+AFbn53FAuUG9xV5Punf0AvJebzw3lGvVWpZ6m495+AD5oSrr02zzW242m5IN9B7zVtOQF/TZ/9baba1pW7BtgVVMzoN/mr94Gmpr39g3QkQu7oaTfNuIfVKLf4qLeXJt+q8Zi/NUk/VY96i3uhpJ+W46/mqTfIqPe3KCg3+an3opNOfqtUag3t52FsEi9hV1Nuvw/A1bl5nlDuUy9xV1NulUDOpq6myyADeot7mrSdQzI5aJuKOm3xfleTbrckodPqsGAfpuDeisGqsGWpQ4j1eGIfmt+vbVUB/oNuVzUDSX9tjTnq0lHv2EoF3ZDSb/tB1hNytFvzUW9uc2CfivvMMhqkn5rPurNbdNvTa63HTn6rdGoN9ej35pbbz3V56s5UG/zvaE8pN5K6qtGI0sZxqpRvpvN2BL1FnY16caWMBzLpbCh3Kfe4q4m3dDShQPVq0W/NbHeWqrXgYF6q02bfmtevZ2oLvQbzuTCbijpt/NEVpPu2FKFU7mwG0r67SKbpSJX7Q4M1Jvibijpt/V4q0n6rfmoN9ej35pUb0eqGf1GvdWvn83QBfUWdzVJv2Esl8yGknqLc1DpcZcG6q16QY8unVNvcVeT7sxShGvNSot+a0a9tTQrp5YiXMoltKGk3oKuJuk33GmGuvH7jXq70QxdWXpwLxd2Q0m/rSW1mnTXlh7capZ2ovcb9TbQrNBv1FvcDSX9tpDYapJ+o95mqB+536i3tmpGv+GjXFobynXqLe5q0j1YaiCX2oZygXqLu5p0lhjsyaW2oVyj3p6zrbrxUVy8VwAnMfuNejtRAPcGvhAQbUNJvy2ks5rkTRMcKIK8iNdv1FuRK4KOgYdv0TaU9NtGOqtJHr/hQTEc0W+PW0zo0wD8UsJHBdGn3x61nNBqkl9KGCmIvBup36i3bq4gOgaeviW0oVyk3v6t2FQUpwZefUtoQ7lMvQVbTfLyG4ZyCW4oN6i3f+ppVlh0460C6cboN+rtRoFYanCrOPIiQr9Rb7u54ri11OCLAhlE6DfqbaBAri01uFIkR/Tbn5aSXU3y5Un6LYQ2/faH/dRWk0wnsSoXb0NJvx1m9eoqlC1LEMZyCW4oF6m3YKtJjpngk0LZnmW/UW87CuWTgZdyk9tQHlJv0VaT7qOlCXe5QrnJarVEvf1PX6Hkd5YobMmlt6Hcp958NUm8ObCgdIOZ9Bv1VgwUBbtJdBRxQ0m/LSW8mtTIwG+laBtK+u083dWkDgyJuw+4oaTfLtJdTd4bkjfMFchmQb/9v/W0Diq5fM8AW/mY6oZyn3oLtpr8sGLfANcKpJfV5oJ6y45CphtwfJnmhpJ66yuOy2MDPOH+j737Sk7j+eIo3g8Uj7x6AXg0GNQDjIgSJigQnbP3v5B/Dj9ZqRl6boc5n118q07de554Q09SKeuqr7dMJ964eq0qD/dc6Ao2lJv411so1aS+UMAfdtsKPl2Kf70FUk2+e68eAm6r11CuK73ebng8CZIl+YYywP3WCaSaFIiTgNaXqjWU4a83kWqSOAkkS4Pq7rdatapJTZwUCJKlkdv9Fv96WxEnIRStq8QL41RCt6rrrZ14YUGcJIBkKayGslbN9ZZp4iSEZPeuOk+XOuGvt2CryY/icRJIlgJoKLuVXG+DxAM/FBBastSu4H6rVaWanBEnIcRkKYt/v7lYb4fEvfOWAgJMlvp55fZbz+dqkjgJJEvDqu23elq+qfs46U4BoSZLo4rtt6bn1SRxEkiWxtXab734q0n9TQHyyVJQDWW9Sust08RJIFnyvaFsVmi95X3iJJAsed9Q9iq03gbESacDydKN/H6Ldb2NiJNsAMlSVpX91oy6mtSfFSJBsqRz+f0W43qbaOIkxKO1cN9QRr/fGjFXkwuFmJAsrSqx3+YhP1QiTpKH3Uf3DWXc+20ZbTX5saUQGZIlncW/3xqhV5PESfJwOYu0oWzGu97cV5OzayUMJEvhN5TL6NfbgDgJsdrrKBvKRuTrbUScBJKlsBrKedzrbUychJi9XkTYUC7DX2/i1SRxEkiWpjHvt0Y8D5WIk+ThvaNkaRXxflsHWE0SJ4FkqR3vfttEVU0SJ8nD21lkDWUj1ieUGXESSJaCbCjnka63vE+chMr4oBN5g7Qkm0jX2zCRp9+o2IFkSaChjHO9jVzESTsFVClZOqTlWMe43lxUk98VUK1kSecR7rdNNKcB9KUCqpYsTSPcb91YqsmvLQVUL1laRbff1rFUk3sFVDJZase23zppGW6Ik0CyFHZDGdl6y4iTxIBkqZ9Htd9qaQlyTZwEkqXAG8pNVOttSJwkCSRLo9S+bkzrbUWcBJIlHXxDWYtnvY2JkwDVEk2W9CS1rhPNess0cRIgnSxNo9lv3bKqSeIk4HoW9tOlWiTrbUCcBLhIltpx7LdOmdUkcRLwWcs3lGHvt15q2SERoy8UQLJUZkPpYL/Vy64miZOAhXxDGfB+a6aWTRMptwoIxDcdakPZC3+9rYiTAJfJ0ji1qx76emsnQr60FBCSH4E2lM3A11umiZMAt8nSNA97v/WCrCa3xEkIUOs8yIayHvR6E6omr5huIFkSayib8utNqpokTgLuZJKlLOD91guvmnxHnASSJamGUn6/NVKLJtqPOAkgWRoGu9/m0tUkcRIgkiyNQt1vS/mHSsRJwI/AGspGmOut7VGcBJAs6UmQ+20eVDVJnASSJTcN5TLE9Zb3k7ItmG4gWXLUUDYCXG8D3+IkgGTpJrVlHt56GyUl+0icBJIldw3lMrj1dvAwTgJIlnQe2H5rhFJNzgrFSQDJ0jCw/bZ2fRqAOAnYJ6VahbXfNkFUk5o4CSRL7hvKRkhPKNvexkkAyZLO3O836fWWScdJAMmSfEO5cbbe5KtJ4iRgt/W/oQxnvQ2Jk4DTLbxvKNehrLcRcZINwKX2vKHcBLLexsRJdgCtr543lGGst4n2P04CSJamQey3tVA16T5OAkiWViHst45UNek+TgJIltoB7Leuxw+VFq9UNQFvtKOG0v1+q/lZTRIngWTJ24Zy4/t6y3VJcVJLVRnwPSnFID1V1/f1NpSMkwCSJfcNZc3v9bYqJ066VkA5SJYO6Yk6Xq+3MXESEFiypHOf91vXx4dK+rMCUF6yNPV4v9XEq0n3cRJAsrTyd791PKwmFwpAyclS29v91pOvJt3HSQDJks483W91F9Wk+zgJIFnq537ut6ZANSkQJwEkS8INZc/P9TYlTgLCTZZG6SnqPq63lWCcBGDvVUPZ9HC9tYmTgKCTJT3xb7/1PKomt3cKgGiyNPVuv9VPqibF4yQAF9qbp0tN39bbILFJ/1QA5JOlttB+E1hvN27iJAC38g2l2H5rpIUdEpt+KDcAkqV+7tN+m59eTcrHSQBaX+QbSpn9tvSimjw/droB2HvRUDb8WW9nbuMkANfbxJqx8H4rYb21XcdJAFpX7hvKpS/rLdMexkkAyZL806WGH+st7/sQJwHYvXPdUM79WG8DT+IkALeOG8qlF+ttlFiyV74ASJYyD/ZbQ6iaJE4CAkiW+rn7/bZOi5joGOMkgGRp6H6/bRxWk/qN8gtAsjRyvt+67qrJ7U75BiBZGjveb2t31eQvBUAgWZJoKDdu11uWWKAvFQCBZEmmoSxhvQlXk19byj4At44ayrXL9TaMO04CSJZuHO63jZNqcisQJwEkS6INpbv1No4+TgJIlnTuar+t5atJ4iQggGRp6Gq/deQfKhEnASEkSytH+60rXk0SJwFhJEtjJ/utJlNNysdJAHYfhZ8ubVyst4w4CQjHrWxD2XWw3vI+cRIQkMuZaENZk19vQ+IkILBkSbKh7Iivt1VyiiumGyBvr+Uayq70ehtXLE4CSJZ0LrvfanIPld45ipMAvF4kxU1l91tHrJokTgICTZZWovutJ1RNzpzGSQDen5AstQX3Wz09wk0l4ySAZElncvutKVJN6r1yDsDbmURD2RNbb7muapwEkCwNUnN1qfU2JE4CgvdBl99QNgXW2ynVpL5QAMJPlg6l7LcT1lu70nESQLKkc4n9Vi+9mrxVcQBIlqYS+61pXk0SJwFVT5ZW5vut/PU2SIr40lLxAEiW2qXvt4Z5NUmcBJAs6azs/TZPzRyIk/4BIFnq5yXvt2WJ1eTVKwUgtmTJtKFslLvepsRJAMnSv41K3W/z0qrJd58UgCiTJbOGclnmemsTJwEkS/+jJ+Xtt0ZJ1eTsrQIQbbJk1lDOLaw3k2qSOAkgWTorbb8ty6gm9QcFICjXxyZL7bL2W2pgRJwEkCyZNJQW9tvavJokTgLi9llbbygL7LdN+qKJJk4CSJaKNZSNMp5QTomTgKpY2G4o5yWstzPiJKA6vh21jMbpSzb211ubOAmoktZHuw2l9fWWaeIkoFp+WH26tLa83vI+cdLTAJKlM8v7bWOxmtzeqSgAaJ1bbCjtrrcRcdLzAJKlzOZ+q6XPG5tPt58qIgDutuYNpcX91rFVTX4kTqoskCwNLe63rqXTAD9UdQEkSyNr+61moZokTgJIlsa29lvHSjV53lJxAvDDxsGArqX1lhEnAbieWWgoa8XXm3k1SZwEkCyZNpQdK+ttmJhYECf9E0CydGNjv3WLV5PESQDJknlDWTt9vY2Jk44CkCzp3GC/FV5vmSZOOg5AsjQ8eb/1DKtJ4iQAJsnS6sT9VjevJomTAPwwbCiL77dm+pSbl8fjZwWAZMm4oeydtN4y4iQA5smSUUNZP2G95Tp5wS/iJIBk6biGsnnCehsSJz0BwG5bsKHsFV9vq+R5X5+OkwCQLB2K7rd6kWqSOAnApS7UUDYN1luBanL7fJwEgGRpWnC/Lc2ryXtxEgDsjRtK8/3WMKkmiZMAFEiW2kX229ygmjSIkwCQLBk2lL0C6+1gGCcBwBt9bEPZOHq95dpGnASAZGmQPmJ+9HqbHhEnAcD34xrK5bHrbWUrTgJAsnQ4br81jnqotL1WjwCA1leDhtJkv82PqSZ/txQAHJksTY/ab0vzalK/UQBwfLJ0dsx+Sx8YJI97R5wEoFiy1Dbfb2vjavKXAoBiyZLOjPfbxrCanBEnASieLPVz0/3WTe+b6MfjpJYCgOLJ0sBwv62NqklNnATgxGRplN63MVtvZxbiJAAkSwYNpdF6a5cUJwEgWdKT9J61wXrLdFlxEgCSpanBfru/3vK+xTgJAMnS8w3ly+ttYC1OAoAL/VhD+fx+q6V/NSo1TgJAsqSzF/Zb5141aTdOAoDb5xvK59fbRJcdJwEgWRo+t9/urbd8aj1OAoDWl2cays1z6+3szzjplQIA+8nSOP2f7jPrrV1OnAQA19snG8rak+st+yNO2ilLAKB19dTTpc5T6y3vlxknASBZeryh7D613ob34qRLZRUA7N493lDWHl9vI8k4CQDJUvbnfru/3sbJ/+m9AoCSk6V+/th+692rJuXiJAAkS8NH9lv9kWrySiROAkCyNHq435p/qSb/3t492AgQBGAYnejiLeJs27b7L+ZujQKW70WLCv7ky0y7cRIgWcobyu36eqtVk+/fAaClZCk/MGCmsd42u4iTAMlS3lDO1dfbbv77/CK0CZAsLdb323ZeTXYTJwGSpbtyv+Xr7Sbbdp8BoPVkabOy3+Yq1eTzQwBoP1na2C3323V+oVJncRIgWToo9ltUVJMbewGgo2TpJt9vl3k1KU4COkyW4oZyO1tvd/H7fQDoMFmKG8ooWW+bHcdJAC9fSUN5Ga+3uJr8FScBnSdLi0vX8Xo76UGcBHB6/t9QRtHSjTgJ6Euy9HZ5udqXOAngdWd7d6c3cRLA7eKNOAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/gAkfH+FBWMSNQAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - security.openshift.io + resourceNames: + - nonroot-v2 + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: gitlab-app-nonroot + - rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs/finalizers + verbs: + - update + - apiGroups: + - apps.gitlab.com + resources: + - gitlabs/status + verbs: + - get + - patch + - update + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - namespaces + - persistentvolumeclaims + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + serviceAccountName: gitlab-manager + - rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + serviceAccountName: gitlab-nginx-ingress + deployments: + - label: + control-plane: controller-manager + name: gitlab-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=127.0.0.1:8080 + - --enable-leader-election + - --zap-devel=false + - --zap-log-level=info + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: GITLAB_MANAGER_SERVICE_ACCOUNT + value: gitlab-manager + - name: GITLAB_APP_NONROOT_SERVICE_ACCOUNT + value: gitlab-app-nonroot + - name: NGINX_SERVICE_ACCOUNT + value: gitlab-nginx-ingress + - name: PROMETHEUS_SERVICE_ACCOUNT + value: gitlab-prometheus-server + image: registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator:1.3.2 + livenessProbe: + httpGet: + path: /liveness + port: health-port + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 6060 + name: health-port + readinessProbe: + httpGet: + path: /readiness + port: health-port + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 200m + memory: 100Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + serviceAccountName: gitlab-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + permissions: + - rules: + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: gitlab-manager + - rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - security.openshift.io + resourceNames: + - gitlab-nginx-ingress-scc + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: gitlab-nginx-ingress + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - GitLab + - DevOps + - CI/CD + - DAST + - SAST + links: + - name: GitLab Docs + url: https://docs.gitlab.com/ + - name: GitLab Operator Documentation + url: https://docs.gitlab.com/operator/ + - name: GitLab and Kubernetes + url: https://about.gitlab.com/solutions/kubernetes/ + - name: Gitlab Reference Architecture + url: https://docs.gitlab.com/ee/administration/reference_architectures/ + - name: GitLab Contact Sales + url: https://about.gitlab.com/sales/ + maintainers: + - email: distribution@gitlab.com + name: GitLab Distribution Team + maturity: alpha + minKubeVersion: 1.19.0 + provider: + name: GitLab Inc + url: https://about.gitlab.com/ + version: 1.3.2 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: gitlab-controller-manager + failurePolicy: Fail + generateName: vgitlab.kb.io + rules: + - apiGroups: + - apps.gitlab.com + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - gitlabs + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-apps-gitlab-com-v1beta1-gitlab diff --git a/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..0ccd7e7e04e --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: gitlab-prometheus-server +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 00000000000..06afc70ad0c --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: gitlab-prometheus-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitlab-prometheus-server +subjects: +- kind: ServiceAccount + name: gitlab-prometheus-server + namespace: gitlab-system diff --git a/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_v1_serviceaccount.yaml b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_v1_serviceaccount.yaml new file mode 100644 index 00000000000..957b7c001ec --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-prometheus-server_v1_serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: gitlab-prometheus-server diff --git a/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-webhook-service_v1_service.yaml b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..ce808476786 --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/manifests/gitlab-webhook-service_v1_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: gitlab-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/gitlab-operator-kubernetes/1.3.2/metadata/annotations.yaml b/operators/gitlab-operator-kubernetes/1.3.2/metadata/annotations.yaml new file mode 100644 index 00000000000..6ca454abc8e --- /dev/null +++ b/operators/gitlab-operator-kubernetes/1.3.2/metadata/annotations.yaml @@ -0,0 +1,11 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: gitlab-operator-kubernetes + operators.operatorframework.io.bundle.channels.v1: stable,unstable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: unknown diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive-operator.v1.2.4605-b41ca3f.clusterserviceversion.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive-operator.v1.2.4605-b41ca3f.clusterserviceversion.yaml new file mode 100644 index 00000000000..ad4b9cc21be --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive-operator.v1.2.4605-b41ca3f.clusterserviceversion.yaml @@ -0,0 +1,490 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"hive.openshift.io/v1","kind":"HiveConfig","metadata":{"name":"hive"},"spec":{"managedDomains":[{"aws":{"credentialsSecretRef":{"name":"my-route53-creds"}},"domains":["my-base-domain.example.com"]}]}}]' + capabilities: Seamless Upgrades + categories: OpenShift Optional + certified: 'false' + containerImage: quay.io/app-sre/hive:b41ca3f36e + createdAt: '2024-09-16T10:14:51Z' + description: OpenShift cluster provisioning and management at scale. + operators.operatorframework.io/internal-objects: '["checkpoints.hive.openshift.io","clusterdeprovisions.hive.openshift.io","clusterprovisions.hive.openshift.io","clusterstates.hive.openshift.io","machinepoolnameleases.hive.openshift.io","clustersyncleases.hiveinternal.openshift.io","clustersyncs.hiveinternal.openshift.io","fakeclusterinstalls.hiveinternal.openshift.io"]' + repository: https://github.com/openshift/hive + support: Hive Team + name: hive-operator.v1.2.4605-b41ca3f + namespace: placeholder +spec: + customresourcedefinitions: + owned: + - description: Checkpoint is the Schema for the backup of Hive objects. + displayName: Checkpoint + kind: Checkpoint + name: checkpoints.hive.openshift.io + version: v1 + - description: ClusterClaim represents a claim to a cluster from a cluster pool. + displayName: ClusterClaim + kind: ClusterClaim + name: clusterclaims.hive.openshift.io + version: v1 + - description: ClusterDeploymentCustomization is the Schema for clusterdeploymentcustomizations + API. + displayName: ClusterDeploymentCustomization + kind: ClusterDeploymentCustomization + name: clusterdeploymentcustomizations.hive.openshift.io + version: v1 + - description: ClusterDeployment is the Schema for the clusterdeployments API + displayName: ClusterDeployment + kind: ClusterDeployment + name: clusterdeployments.hive.openshift.io + version: v1 + - description: ClusterDeprovision is the Schema for the clusterdeprovisions API + displayName: ClusterDeprovision + kind: ClusterDeprovision + name: clusterdeprovisions.hive.openshift.io + version: v1 + - description: ClusterImageSet is the Schema for the clusterimagesets API + displayName: ClusterImageSet + kind: ClusterImageSet + name: clusterimagesets.hive.openshift.io + version: v1 + - description: ClusterPool represents a pool of clusters that should be kept ready + to be given out to users. Clusters are removed from the pool once claimed + and then automatically replaced with a new one. + displayName: ClusterPool + kind: ClusterPool + name: clusterpools.hive.openshift.io + version: v1 + - description: ClusterProvision is the Schema for the clusterprovisions API + displayName: ClusterProvision + kind: ClusterProvision + name: clusterprovisions.hive.openshift.io + version: v1 + - description: ClusterRelocate is the Schema for the ClusterRelocates API + displayName: ClusterRelocate + kind: ClusterRelocate + name: clusterrelocates.hive.openshift.io + version: v1 + - description: ClusterState is the Schema for the clusterstates API + displayName: ClusterState + kind: ClusterState + name: clusterstates.hive.openshift.io + version: v1 + - description: DNSZone is the Schema for the dnszones API + displayName: DNSZone + kind: DNSZone + name: dnszones.hive.openshift.io + version: v1 + - description: HiveConfig is the Schema for the hives API + displayName: HiveConfig + kind: HiveConfig + name: hiveconfigs.hive.openshift.io + version: v1 + - description: MachinePoolNameLease is the Schema for the MachinePoolNameLeases + API. This resource is mostly empty as we're primarily relying on the name + to determine if a lease is available. Note that not all cloud providers require + the use of a lease for naming, at present this is only required for GCP where + we're extremely restricted on name lengths. + displayName: MachinePoolNameLease + kind: MachinePoolNameLease + name: machinepoolnameleases.hive.openshift.io + version: v1 + - description: MachinePool is the Schema for the machinepools API + displayName: MachinePool + kind: MachinePool + name: machinepools.hive.openshift.io + version: v1 + - description: SelectorSyncIdentityProvider is the Schema for the SelectorSyncSet + API + displayName: SelectorSyncIdentityProvider + kind: SelectorSyncIdentityProvider + name: selectorsyncidentityproviders.hive.openshift.io + version: v1 + - description: SelectorSyncSet is the Schema for the SelectorSyncSet API + displayName: SelectorSyncSet + kind: SelectorSyncSet + name: selectorsyncsets.hive.openshift.io + version: v1 + - description: SyncIdentityProvider is the Schema for the SyncIdentityProvider + API + displayName: SyncIdentityProvider + kind: SyncIdentityProvider + name: syncidentityproviders.hive.openshift.io + version: v1 + - description: SyncSet is the Schema for the SyncSet API + displayName: SyncSet + kind: SyncSet + name: syncsets.hive.openshift.io + version: v1 + - description: ClusterSyncLease is a record of the last time that SyncSets and + SelectorSyncSets were applied to a cluster. + displayName: ClusterSyncLease + kind: ClusterSyncLease + name: clustersyncleases.hiveinternal.openshift.io + version: v1alpha1 + - description: ClusterSync is the status of all of the SelectorSyncSets and SyncSets + that apply to a ClusterDeployment. + displayName: ClusterSync + kind: ClusterSync + name: clustersyncs.hiveinternal.openshift.io + version: v1alpha1 + - description: FakeClusterInstall represents a fake request to provision an agent + based cluster. + displayName: FakeClusterInstall + kind: FakeClusterInstall + name: fakeclusterinstalls.hiveinternal.openshift.io + version: v1alpha1 + description: "Hive for Red Hat OpenShift is an operator that runs on top of Kubernetes/OpenShift.\ + \ Hive can be used to provision\nand perform initial configuration of OpenShift\ + \ clusters.\n\nFor provisioning OpenShift, Hive uses the [OpenShift installer](https://github.com/openshift/installer).\n\ + \n### Supported cloud providers\n* AWS\n* Azure\n* Google Cloud Platform\n* IBM\ + \ Cloud\n* Red Hat OpenStack\n* oVirt\n* vSphere\n\nIn the future Hive will support\ + \ more cloud providers.\n\n## Documentation\n\n* [Quick Start Guide](https://github.com/openshift/hive/blob/master/docs/quick_start.md)\n\ + * [Using Hive](https://github.com/openshift/hive/blob/master/docs/using-hive.md)\n\ + * [Hiveutil CLI](https://github.com/openshift/hive/blob/master/docs/hiveutil.md)\n\ + * [Frequently Asked Questions](https://github.com/openshift/hive/blob/master/docs/FAQs.md)\n\ + * [Troubleshooting](https://github.com/openshift/hive/blob/master/docs/troubleshooting.md)\n\ + * [Architecture](https://github.com/openshift/hive/blob/master/docs/architecture.md)\n\ + \nSee the [project README](https://github.com/openshift/hive#documentation) for\ + \ more documentation.\n\n## Post Install Configuration\n\nAfter installing the\ + \ Hive for Red Hat OpenShift operator, create a cluster-scoped `HiveConfig` CR\ + \ to configure Hive.\nUpon creation of `HiveConfig`, the operator will create\ + \ the necessary Kubernetes resources to launch Hive.\n\nExample `HiveConfig`:\n\ + ```yaml\n---\n apiVersion: hive.openshift.io/v1\n kind: HiveConfig\n metadata:\n\ + \ name: hive\n spec:\n managedDomains:\n - aws:\n credentialsSecretRef:\n\ + \ name: my-route53-creds\n domains:\n - my-base-domain.example.com\n\ + \ logLevel: debug\n targetNamespace: hive\n```\n\n## Create a cluster\n\n\ + To create a cluster with Hive, create a `ClusterDeployment` CR. You can also use\ + \ the\n[`hiveutil` tool](https://github.com/openshift/hive/blob/master/docs/hiveutil.md)'s\ + \ `create-cluster` command\nto create clusters." + displayName: Hive for Red Hat OpenShift + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAYAAACOEfKtAAAmB3pUWHRSYXcgcHJvZmlsZSB0eXBlIGV4aWYAAHjarZxpshw3kq3/YxVvCZjhWA5Gs95BL/99B5mkRIlSV5s1b4l5mRkZgQDcz+DwKHf++7+u+3/8sd6yy6VZ7bV6/uSeexz8Yv7zp7+/g8/v7/enfD/i37+8735+EHkr8Zo+/2zje/zg/fLHF35cI8xf33f2/STa90Th54nfn6Qr6/f950Hyfvy8H/L3RP18fqnd2p+HOr8nWt8D31C+/+Wfw/q86N/ulzcas7QLF0oxnhSS5++YviNI+i+kwav+5t9RvyV+T6k6XnL6cTIm5Jfb+/Hq/Z8n6JdJ/vGb++vs//ztL5Mfx/f99Je5rN854pfffhDKX95PPy8T/3zh9HNE8dcPdovhb7fz/e/ebfeez92NXJnR+o2oN9nhx2k4cDLl6X2t8tP4r/B7ez+dH/PDL5Z8++UnPyv0EFmV60IOO4xww3mvKyyGmOOJjdcYFwul9yy12ON6K5b1E25sqaedjPVb8TiWLqf4cyzhXbe/661gXHkHDo2BkwW+8o8/7t8+/N/8uHuXpih4+zlXjCsqrhmGVk5/cxQLEu533cqb4B8/3+X3f4ofQpUVLG+ajRscfn5OMUv4I7bSW+fEcYXXTwoF1/b3BEwR1y4MJiRWwNeQSqjBtxhbCMyjsUCDkceU42QFQilxM8iYyZDoWrSoa/OdFt6xscQa9TbYxEKUVFNjbXoaLFbOhfhp2YihUVLJpZRaWjFXehk11VxLrbVVgdxoqeVWWm2tWettWLJsxao1M+s2euwJDCy99tat9z5GdIMLDc41OH7wzowzzTzLrLNNm32ORfisvMqqqy1bfY0dd9rAxK67bdt9jxPcASlOPuXU046dfsYl1m66+ZZbb7t2+x0/V+27qn/7+V+sWviuWnwrpePaz1XjXdfaj1MEwUnRmrFiMQdWvGkFCOioNfMWco5aOa2Z75GkKJFBFq2N20ErxhLmE2K54efa/bFy/9G6uWL/0brF/2nlnJbu/2LlHEv393X7zapt8dx6K/bJQs2pT2Qfx4xojv+856/fv9Y8E+g0Ani4PLmyyY5ZNJc5MB/nMjPMlnlHVg1OulpLZaU6y0ncSl2r+bXjMH/8TSG2UWqLY3tj3CTZYq3GmnuV2/re+7pmfebLbJTGgk4rUOiqPuW67cybx2nj3BP9AOt6abOBjHZY03GTTQPj72hhurxOHj0s1mXeE7S0/eQ+72bkjTOFskpahWkPZ5ewRg2BiSv3zO3PqkRsI6Dc2TuuteKecfTZTrG9PEPgp/TUGIvNMUc45Xa4YDHhFkOxcPotjHLE6Xup3c1N0l2/YglWl83d0hjrtuwNfgD5azrFt7uqzbrLaLNkP/gMNcFH9X00bDsyYa1zW6q3NnJq7BGaJjT1cxhiGswYOuASkvcQ/5aKgqt9TkcYbBjlBjdGyN9z+e+pFlqiFsJrztmYx5FmQ0BkzrXfDRED8fKdF7CxLAt1u9l3qp1REgGKv0qAVhvEyqhzdFvXN7KHs21TeLfJUSV0TjyJhf2wIaTLqpV6dyeDIMNzYkmnceFM/vtcw76nlyN6Ix+YjzHbnouQ8KkQWow7zjtzvY6VNA0dFs8kG8se54iBSdj5pjErSNTGSqTJInArtzMtXjAkljnPBZZqTwZBduLgTPCAJCbV2wIDAvNR+qiEctTQbKfLzd0V5yTewQXjG4jZGpmgCV5EYMQHAivNMM6yUpiUmljQbXnM3Fin2rfWoyAMln7JRcrxr6/u7x8QyZfsKJ2oCTOXWa6/exvAcnPfeSEmgBtCHNzMnfUMsy/HVHLQBQZBQ1ZrMokpAzMdNBPkKHBs17PJOyNTFsDQCLZeSg8mUtRyL1c1daCznUGSMRWsMPFUSRlPHpVK9uf0MmaRXvNEEmazXn6fli75NC+3PxCjYASpn3bMduPs4EmvAj9Ioqw828iZ+PKtg8YenB718G5ojVBkUdFOCnzH7ZhgbPYwZz8r4iIYzD9C3T+9SrBzgkjgHQ9c1NSRocx8bGg/FFnoZMUJB0k3wDFoinhFkUtgh1qLdWIKnHZpk4LjHDKsgPg7VwRhJZeAT+Nre2SYj/CwcTt4xuKEhoybNVjLia8CjChH1wpJzryT13d6KdoIYrTRgZJx9uCSdeYeyEDiecKIfAY6zLIDgFXbYfXzPG7yN0ma+krzML8o3mQ+kxGzCH9brMxcs0DMDH9Ykk/MiRM0PUN+6LHI5xe4YeU9jDNUBhvWrjeGTB6Bh/wSDmwv4kE8nTVOydEf1i2UDSWigR3EstIAJ9J4jMlZ95V7AWQVaUOkAO6AW2Qx+FFBKD9mKCwt6o3BBFBquzGJsgYsJ+F0FZr52LVuTKXCASyfaw4QfIHKMC3RiBAhzHMVGr4AmJ5V+7cgGcARfL7AITCKePdK6HNwaDUDC8fDND6BWW6zaP3yTttdYQ+dZEGUwnKBVDdsa1VwkivhD6ONa2sUdEmfgixubhINrsDuLe+wQRo8ctwjLaQZzNrSkhhQ/uBwDVyBgcvhqA6qJYUE4CadBKHAtAQtiofVgIxJPFgMamfIgPa7ey7pf1noP70iRlACRHjTqiXOUohnQg/IbBBPJ57nLm0lbrVMuZkYBXCsOfLMm23Wpk3BOb4HFFjFlTvDrpAaMEgGIQPAtwR+8msjugkUZmdMiYeOEMIqwS4bCXesa7naiq3dhtBCEqEuSLnkobOQmHM5spMqedJUAehjI5oyTHfQFAsW8ehEkGR/b7Jm/6CWrwF4Y9fZicCc/Z2ncMqDvYO/baF9MnkLgpcDysEJAF8hqA/3sjeJs5x0AGpkawyQaGf9N4l8mZrQb2sgGWZpQCFIxwGEbeEBuqNBvZI2E1PSV3cXBUlyRW4e7JscBfrNl5e42zP9d8j/9BrIaFzudqzdutl6vusis9YMKlsQXOheZHZZo6HaoE0hM7Yjp4tuRJJOL8gK4rpCGDj0Ux4baliiRgbWIRC0CZrrNFRGiivDBgVtmJNkyhzicsDmnKTrwd6KWMVRPOCiMUtRR6IXwFkA/XOgWICkTgATYldCLqLf1ycd0b/Ey0vOX1QtvgCZF/pM8nLcSN7YwPn5GIQBjNETWwWnMhgYiiMMVCGo0B2cGGQ1SO3BHTAXJIvgO9iR5CSmboLLo3grPY1x8A9EQcggUT6ecREwzmMSlngR5aC30AjcHAof5IJxlwHV4HchJQtjacznPAca7VLQbR0tNHHuuOd3t+dKGIkgL9JvBpIGLJ9vCTtfJKoLgYhqH1nrxizz/f7EHffSXICZIy6F0R+ABL4uTKFd+Iab3hvcGFfCNOOZoG4WfC/EGTFOCIQEoOKc93C7FEzJyZE0QtnA6WfJ4cElXwoGgM5pCPO/czCciRyG6O7B1HSyEJholvE/yi3GQHItL5FRAX2P6SJwWkEw1S4kJ/js+mppYB9iwJohRpus2CJKh8QbVItHG7ncIv6d3VL1C00zz9BcASQNJzGBVQgRzQ2QYLA2puaAkTUFwjgkWP82K1cWwvBoTHeYiHJmhQid9aPrmqWdMugC1IJqJL+U/92tIyR2LuSc2QXd9sutzbcbCQZZXBQVdqV/4ygAc6PgWRuOE+XOUEZH+aNvmKMXA+TzTId1aQPElHbly8UMU0mogz+4wsnhoASqFW0nYU5c54KqZdqavCcumqg/YOwmDiDXDQcEBsWtKOXBAQIImaO4BIFwqJhdmORUsDy4s3CZEpwKMsxfI3ck2wciAZuAXQo9ixRxuvI4JDXUJdiHnRYIjFlk+bHrrDiLGZEFYDvefonMwSbQCHaU0UoX8mPBOuPKIDmGD7VD2GhYDAq2a9nhc7HYIxIkXxoH48pHoYx6fb9Y9IO5yVJrcBdjTAgfom2SiD6B3VImDpFijHAjgQkoroF6rkhh5CiS2M9F1k3cNQeRuQjbWMXRO3A1nBGgogNCc58jYOf0ibUNtbck1Z8RJS/WWF8Z02+osRb3E2one6lyX5GxzaGdOOlmBjlPlZPJWydGFq3NzNb+Iu0yUYGAPhHFgZcm+Vf3KNjJeUKswYWO0a3fUPPMUP0RagPUwu4PKYP0ZZMSC34F0sHioCU4crYOnseI0OKIzYF95F24NL7JAInRExOQap4gLsYNpSIVB7xbIPeDAOHMSsjhBogKx2LiLKouCfv4RQgLxTYZAdgT4hdOOgP4QSN1cRI41OVnLloOuzl1AUQEatWIdpxDDKwqevceU0FCAcEiNU6CPEF/cN4I4RGXE/t2gKzBVbaqg92qk3vJAnMmgYso8NqrSsAgTZMh76j1QELwdrGL3DVNA0AN3KmYvD50NOX1fmonD37hjogBMC6tuGvOKBQup6GSKzeIIzYHIAWW1BL/YtViTx5XfC9emhuEL4CYC0kNrHvMQ7BTyUv5IpOZvBfYgTefOhiV63XM7nIZ+eUlHdDlMJPJRm4Rqu6jNMTsvAN4J/ZJrsAMQQJ8ktF7VeWkCfJPqREs2QmEXcZ7nrzx5KjsTciQ9ta9yjWTiRFrIIw+8PHkdkBDoXSa8KMnJ/tyZH07IUa8JsXhfCI3DpYDpU3m4p+foCa0kBioaVUIyWn8Ge4fOdgdBJeJp8aUgb2GU1kiCdIEassq3cU3TQokYRaSEGBZkbnCkXxWYMx23fWEJMLlEmzaGXjqB6uXymSMyOwq5Y2cFPaysEW7VGQQpILmnYMV4B59d2X3I32YPCL59CZgbAkWMJjkqqw63quUul5x8MpnlgHahxtJhV1H8Y5vefQm2JRPUY3Eg/BbNSbGx5wxrIuYE5dzGu7kMX/gqkg28OscNBqE5tLTWIwNAfqhJgwpAULmbyaV6MDVrlzAp/yxFl0nOJ9KGRHIKsn0OBY8qf7C1KKAEB8m/iJUZJZRr8wlzAINIZUrE/QmHPgc3AFJZzLOetcxtVJ8dlBrPfcnNUENFMVcCYGG4uX+8H4S4ntsDFPU/hXYldGuYAMSkfyU8cPHZEI3KQGYG/TWiOQNJrxGSepnQRHflbjlUoh0dFGfVeEJsZGyqHKnEfSO/3q5Q5L7gNhbGfZMvMv0dNw+6OOJny1j6gEppBr00DZRwAwAorAICqx7GeCeG+IILpKaExShdlZmCOQoWI7tJXEjDMi3P067Sjd+hbsLQ1t1ZlGVW24GGsBVqZrT75QVQC6Szcj6PUD/wsxFVSDw2B7v3bki6pk5QqJMIqewkqQ5QNRZeyInHXxAHwIcr+JuZC1IiE1iTAkemPvkWmcmFU9FsU3NGPo8IPUxj6ZtLJU/kVVg/Wb5IPcqBYZhJaXx1g2HRYCFZeEw5gD1jOFUNCNKKpOk5f9qxF8NKPAjqgdgpR7Re5w5XMRqRQTAGxgDZA1z0QGsp0ZIQd0WedohZo6vFmUgEWIXLeIPslXxvBUnQDvJ1IBhRmGOiWSCyGTWnABMBN2KCLiAa5RDJ5RgSeU1owBwD/E8D/qRqUU7bygTjszTcXnu52MRcEChINzhXb5LPOAPJPgP1wDRYBO0KjAgiU1a4YDQRB0FQbg7yOektJfm0hNloF7NRK7dNQcARJIlnCZZvAG5S3AzLBtC7BLB0dNUrjveoc9Bb9IopYXYy4BcV9rUiQruQfUuxBHuDAv8/UQ1QhTrTnhQu/JNpw4HRYwfp/B8QCZJTM6wfIANWayAZob0VRoB1iyhNABp3O3pEkQQhdLHRWQ56yXQQIlxlGr6QAy3XzvhRkpPrSEWjJQizGdjTYgzLDMqJeHITDUdx6kXHgq85PgwVFKGk2GQMxZxnUgEZgveZAUIdHCLGOzEJdoW3wOXd1MwO6Kdae9pGgZB5B1U6EYGKX2HLD4UxALENifB7FUZK9Lb6MW6Vf1kgjvymJjdyMj7My6Jyiojwf1rsX1cm7kbKmYg9lTinih64ENGD3avotoDsKEqy0gN1fJBBMTW/nt1uOyKbm/wzGVZjbxlDlSPAVMbiwPUamcCRw5kYX6h+jAsYNAAMQKUw4PC2iPPgshulITQnxkERcanOPQvMA3FJlWHWucT9Gi62pkspaosh3xrUJX4R6I9lYLx62/LJ8FU31oEaa3cdr+prYHqnD2iqJlApDR2TdQPzCCpTwhA7YmqwMu3LNtdRtwV4JKpbwD+9YqdiNmq2tupIPZFzQsXEMHCX8Q1OJSyCHVU7zdeDGWFsM5uE1qcZBJq+LMD4FuFLMozyQS/dk+0/89cm347xIAqjVd6YaF9eFMfOgmHH5+pT+OJCCksxHs/kdy4BIypYF4uEaUSB96wRBw4fMvyK7+OSmP2xFxs/9mV/+nC7l+uTIRlI/OJPzzHowWJI87WkyAIrgJqtT2nbfonVep+M3HRe14ri14hB0nNV3cdKv8U6RoVLKfkriosEDVpjiLIJ4/rQM3vHZNsLDF48u5W/HuyJJGJ3e4Dzj9Oyz3Bv12m9nlqiQjorP+4U6RMD290TcuWlo6ZHIHWH2M1JTjZpeFhL3UceEgezOXAHthggXd7lVGJL4ABoQA71fw2cLTVgLKEkgR54NIF6mAIsHFzEsTR3ufg15SA3D4Tu2sUxyP1yV+TDPfiF5zWUJWdEAvrVeHQm9zXZycI7SoB4P6hpIdgQnGdWo4k6qg1MzvwJuBzOvieQyMPhuraNUFxeJEBzOLtsu4s5ztMNTt4H0i8lpgaspiFZ8Qqn0axOjgMCxKIcViXv+Aq6mR5mIMEUsoyB10keoAV+An9ApazHggcFcL806lYT8IaGayaP5m1oWMsBNQIchooQq7yMnE0SRtW3qL0flfd/6UctwWel6zQDE+4YZiFdraHawdnoT1nzJFqYRXEiaoSZwQ81MtZylbFN1kxzCDzTJQn1dy11wJmSJBd71gnGUgGhcvzeepUJkd1atYWUJP9BhU5aGqm+WRqdwU2fwAz4KCNKnCqP7dytTnTWGd0kgT24ms5srATcNRmBGMt26MbZlQP16zbVGjd2KZ9xfgOjab9R9Ue0PjE3mUmsURBkCCkxucj3ltl0Dm11kSWfFi5lvXCuFRnnMElOYreakMaRBYUsb60o471UwHtTAQbNjIkKWU1sSXoRsXyz8Y+xITArTs6Sd5qnJc86pkgDEEhxkBJbsyECkDwaTIEmhYkIrPIM6ZOqny9fENTHrfjgzFV1iQ1ARec+HiGpnMNGRo/H4hNQuyb3Amrne/sqrSIZUgXB2b5rEoFUmKM0ArkZpJ3QaeXvtMuYbiB2dduF4gzn+pABHxwqpCTGfBX1bVbJTxU/gIuRNrtaPtb2wO5ASskVVWhPGhI2Cvo5WKj2hshx6aHR6aCPv4YvbMfwizOCoTtL4ShFks6LCMUBZ5xG292qqANkZbm1e63O3+dGQWUYA939JeZwaAR2M2T2EJLJOY4tyLdtNPlCIjhxYpHHSFXtuCqpcJrX9YHNZEUbv+q+fKSe5gHxWUwyVyVUbUDU7HrJ2nDn3OXALDOSZJBwdGmNkMvU6895K6yYFbfDNIzWGyn+sfQyjiUDmLBHWh1kCNe1RPuxutkGPykPT3ip6rBTU13JFVSUhnDIND4HahhKRmOxxm6iCS5MLaWB0s0tVYFkmsdB73BJ0BJmId3kac9M2grX5UJv43ow1npjrpTpHDaMGes+ClymFXLr2A1kGbadJly/2NBmruplvPycGkzwO944JqI1XDaALnam0Ngb5kZtJEPKhjwNuPGwWYgGfxUnUG7g6Di2R1UfSu2wR5kW3Ov+FizEQbcg6DKb8EymqRp6/Tg+Qf+i8Xx2mbA3atIWWCCSvbzR0K5SozOhmiyh4UNYUY2YxwiOvtiLhtnyPJYTQ0OAvfcWSVS7Ziw3aqqOjGoi3VieMb4ENAq8SDCoCDQXbutRD25WcIsAaN0YOcQyAlErhyrqZoUtR9QnWpvLElQqqMxiRN8Fs4LDyrFHWWON1CIDKgD86m7YcGviqIJX/1RkHE4jxmfkn0VYmmAGGr1RsLH160qLqx6YnntQ3Wo5weu2DVHgYv2kYBP4h8vEmDIPLFWHX1dlfY4R2YMOyRq1R7ulVkgoczkJhIplLT7jF9KKgFpH8BIEewXt1TD05tApVrBkEsgE9F/VAqrmRmabSfON1OP2hj1Zakx5hVQnghyZASYjdRCnGhdOFUexWN8d0LVR/VyAc6wsuFtakDFy/F1lRN2rCBz6FLRjsgCfVTHwXJgDgTJGavXEDqQ8VSXF/pGojJp+9YEipPgyJxfzo10Rsxg/JBsUbtLzF5F2Fzcymhxa9cKjWdcuJPwC+Z4VY+Gm6iwnWoBHNXHQStoMxOeBjbRBZ3bwJvtoyTnUybraEPgzsC3YKm5MdMkQ9ImrAEAcFdXj4pQFQ3ZR3x7jej8+uqmiBqkVAK0SV1Q6VUh2uMAJmkj+70GRqziIRnLI8brph9tG/riansXyE2oMsHxfESgLoqHxs/beDU5fXfX+vhobCQlmDzdte815RswXCB0hTyIDmkphnE/BcYnn1V5+DAHt/BO2B9xlFMd7+seofsnfr+3Sb6ErFBjtEl7WEbiEUe/H40Go1rtU+v/elXCfSQQqhjGLr29jWTq2tqoehW8a3TQCqGhdc+vFQHMxa2pzlBBH1ybqtkogq1WBKQGJ1CVB4280T2lPpJWqycTwRxiqYkgqcubOInq1xcNQowv9UM21hrzsEpXUaJl8+oEOQVrgPlXRdLcZ4/rPtGm5rOq6mzLZPshZtSxGT1KOH+AD7vge0kMkG9pG+c1pkxvwanpTJ0GkKf1xRxkoChP9RyKAiSOvAquTBPic3bTph6+Gfekjs6pqqp2G13Q2D3utGubZCYi74YA/fQU/Ktk1tvxCwsTjIhRhqFV0HpDzQGqfcaeZsyudXRmPiRnx4zjBeQTNnqkJsIQUPTyT6/zC9KNN8g065ZR0tGjon0T2k6nFExD+TkjrMtUE5thdFUz+zMln6LC1FZxOEGDRJwh6wDSzdiPmmM3yl+BiRRsUryiVVT7UbqlnNNtGV5UtwKqwasokxk5SUuEWFeHEfGiDYBKijATGTxhxeNn47Xi+7tqTAn40OZUGo/G82PIkhfK7AalKtxF7llG+6oOCdaoieZTN07hbfagQ3GACOLlq2em5+vy16MW8CJWC/Wp/V3d9BqvS8t9VNT5VB9/2bOJHb5kavsvXTA5tpAxUAus2GCOVIRVVK18X2AQjaknsjo8C2/VzKG4NugoKqTaa5LBEPMZpIhIQgLq1urbt8stsfyvGQH9tZLKM5wf6RDfjeCSXkfmLWR5FY9oIMzxxuZW8yp0AWxE7U5ueHxcUGFWHWeExkALyOA+BZnO2zwjOzBUC4BDo3rQAXYCU8qMvKBgl2Wnbrf81Kxp0d7XJfr0oT6DZIhTwhMIJbonGklVhIzJAG0AIPXepjzg/sEtecJLQPctqeBN5lsFRfftIDjYyxR0kZsqwFWDRusTdUs9o7G5ghrXNGXSKD77erR/xeKj8oiwKl951Feup2MiwbQxgdoD0Fb+xJ/YVb+eg2NqhFdIXuXVrih5JkI7laQWVGkJvkZAR68bDKrDYJQyyyG/xf/Qvyz4q40Ej5RGm8FCVZ3kiDlCLKMP1JKrPM3SC+r+AosgWu1LaFZr6v0TgQudjb76EW2FVM6Ikt92o8U6i11Y3HD1WhVZ8qhtpTFWcOpm2kgegHOqb/NTvdEu/B1Z/X/wpGwBf49XnrIct8bJNIyFnbpqBzA9C4HFExDC/QDoIUZUSd3cHiYVvAbq6uo4UNSB2uG1MRu1weARKacUTNKOJaoh7iBmiCHmEDMnA9QiE30gC5THkSMA8oly/Ks2uFUmrhE3qacCXq8tWjyrWhMBK2P+jypMU10YAkqkJ3J67CoDXNR8oh4MDUVbwYSpVBVa7Tu/7n9Ka4CcX360km/VIpNygZkH26q2XJDyITgjlZE19in5y3MP9dXhDvA+q8hIpcb0Yf/GQkEjr7f2j1eHk0hJFYf1JZU04FVCnePkHs5SHEErSJTX7M06HDT6Bf4/u4yJPGa+ZQ7ebhucmtJ0GJkRA8SqVmCo8OgRBGxKAGobwflpycDUIgg3EnIA8gvvlkmX0jDJBR2zIEisLoNSQuhBGVB/rXkiBgEWgd6L2sMqbKSWobC+KMXwsS7auKjaHZ8st0NcEA8JKdtRGmudTxNXEvf/iOmkTXSxNLJBpl07KgNKI04wwYVvG/KYc48wlFVc5Oat2hfCiMXAyEPjm/sybhLQRYNeuSyFP0wV1QGT6zR1qLh1OuRuoE1T+eoBRCPWtJuAwkEJjK6mvEXARjxHMzhB/yZKGebQRshCQrk81xQScRK19Zhq+8neLhEuPOfqCUM0+NTeVaqq1sHLBJkPzJ5PYCC4mPqTNQu5Ci57vzEOMBXCO+FfPBBlNrSBiO2WBeBYIlwbjJsEJMgt8TfmqleHJdXjGJ9mGMyh/a6tE0OLZ8DlgrHqkSRbSEsTSqitVz7TvdJsUzUVFYGiQ6ioIRGrlCd+920EzNfXqB1b7e8iifbNGSjkiJaCRAV2HSR8u7HevwrENrGYOroqE3IyuA3rMaXtx14gH9mNFd2JmLu6V+6tENk4AVw1ZHO1XTyw8UPP9xxt+WoD8PXVZNHj6/DlKLDC/NDc6Yk1r7g6yQGFRV2ZXnGAaiDFUIMVxNJulgqU/tuImbJaqUBK+USIU22JSbsbqNNXq32NmBA1csEEIK/7cDGRwe/vdu7q6gc/qgLIXSRRRUPB4/nsw4Te5VfRWE01BO12vIqLWm0SWCjxe6O6twhBnBjJ8L6mnRFJwVhe+yQqrDo/dodog57CAFi1MRgbgI0W2NhA7GgEhe/QmHBMWqSkKMFp2jYUgR2IY02nWgDrjhQhRkH3oD6uV/wGOFaE3FCq7aaCThkq+5SuB1MwwRdRASiXXUjJ5cqsohjWjvTnaGTOp+Ctgn8ZP7azmnZmtdW/iTEiIGCAkRJEQ9QTB3pazLgB9ADR1mE/9TKoMWPP98RtJHk/O5vAp0cLK8z0NFg0tWkRraYhYLgdMj/y9YEK8pW4DxH81hNFYIM2DioaQnobbcPyVya0N46ZoNdSU4y0B3oOMbrUrAg/BhhCe4IREPXasSbR1RbCPwAVPYcCM5lh+8WkEKaqYkOt0hsFMtx3QtRc87enQRL+BKvAwjGbGINjaPGl3rY91ZeiviHWHrcdpkPIqEaeDWU3rx476uq4VCsCuMNXiehIHrKQnXggiN+GJ2SDaGRGJF21veFUdlg4roM9Z4WP0uJ1rqhBIMEIc35bVkPD/3FFPbmRPgmMGoV+3+9OsuWo+s4SasP8RNDmbaEgKKfqav4VuNYyi8mPR7noZO2ihqaGEpY06TnI+rrTqroSBhSBrcGTgK1XjzeO9Zn9gTpiltWIjMQ5T2ZtdTORl1uSo2mbfoSqpwNhlqOOM2yoqVTF7b6nXYgI6TgEJOnWJCIg0CxDip3aKoypl8yNcfVoxzPlC0miffmoDXD8VlGbZXqFZFzXYIbTB4DX2j9VnkqVkLfDcIPC3Dx6HjJhbWAR7QfYLkzjKwjhB6OeM5zvwcdbIFrtKY+39ENBd7Lzn2ce0ArxkSxqYiOk09sVGNF+NJP+3FYCGlHacqtbT1Ql6MxbqU6FAAGndmVUqFF/Kyfly3qiA1bE64N3BQyercmUwd/MSheE+qlH58hoTA3aprz261RRgWhqibUf+0nhR8PLe/h/ST94dCLBk1+nNQoZhIh6rMCV9hoA1A437Nn5og03iTL/yq0YB+3rcjevb+/iu1WzR/Bq53TKf5WhDV89BQL7YvpJZxMeac97JGRL6UXl1r7jawRqXUUtm6gwU+EgEWzIjf00u0NdRESFjFzqqoKs/hPx//4ACWm4VKBWl3CzJpSVuwVtXB1qIAYOVsEhqKgW1PmF2oYSjlrIcK/veSICoKtUi3cHRIcKOOoN72pA2teptRwr2V+nAUi0X9sy4uQKd7FplvWYyYEonipJ49PKe/ZUOuoRJFVAyTX+nHXeU97SdFfDxlYNta9cKX9gE2Aur8/HE8pqZ36tTe+RFHSYtl6uA3YxgWQ81gahrWpxQh8NNfoRWjah8vCeQ5AiHdb/lBy/e+7I/uF1qN+HwA8KX20LcNvIXRWEd0xMgXmlbSVpVTlf4eqJIY+lVLOsnszQU6Zm6iVTcxkiSN1AgxiIwtzGmsOBKlfAiTjG7m6HK9erfquOqaZY6aeKjlc3nbAMMR20OHpcSx0wmVBUmyNyQ+01sqBjoyG5RtHGBFouAykxqjkZ81Yh53UgkOdTyU7Jkv2egjiqiW31wwPxeW8MgTu/f2brX15V4yTuMSdkBaJfj3Wd7d7/dUKY/VtE8wGdbL6BOxy+1Ma8Xn2fE9Vqd7+tRohrdz16pCZuFWmOav4dv6SKF1a96llhMDddgLEVda1wn60n5odJn59gxDR0PRfQ1et6AAAVE1yf6gmtXT1v2CBGAHLp2d/SVeXjRs6jk82ilV61gcFUaks32RIbdD27l4dj2qQcMaqsqL6s5tqiJ3rhQoTo6Aww4oanHpnTw+Cv6d/Qu2RQfHpJXa4OI6w9LMBEZpCjNB8SWQh9/9gGftY2EjoJKtqGrNPz3drkFu+WOQ2+ZI6qFFbWZrM9gajHcEkidVODT1CXuhX267qVSeAcTyl/M+hkgBjKNLdw0uk1Mey4KpIE3PdSeqriKHKlI7HNutHMWiCOJjmTkix1JZ/1ZH3p0+G39ZRq/rRwlrf5leSxtM0QQmoS9mQxi3y1rVgqGprZZXLUWUnU1KYARx9NNXkb5oolV8sXV9kYVbl7xDSRVStsgUZH7d7etdj5dWgHiLduSAbPwYkm3AUWYzeTaFztzMw98QDXrsUK+KjnAvUIWAAyq2Qyx6lhEXOxWPJJgqqe7etUizkMC/pgDW8BAKEocgh5ojZkVVa2JJWKOGo3UwAvPbqkvQzOh2lwepAD4EdKqJEGt8H44GumAh3LuMd78LvpGXPtAk1E87fP0yD6P7o7fm33wA7sjh34/4AgFoFFz53aAAABhWlDQ1BJQ0MgcHJvZmlsZQAAeJx9kT1Iw1AUhU9TpSIVQQuKOGSoThZFRRy1CkWoEGqFVh1MXvojNGlIUlwcBdeCgz+LVQcXZ10dXAVB8AfEzc1J0UVKvC8ptIjxwuN9nHfP4b37AKFWYprVNgZoum2mEnExk10RQ68IIIIe9GFUZpYxK0lJ+NbXPXVT3cV4ln/fn9Wl5iwGBETiGWaYNvE68dSmbXDeJ46woqwSnxOPmHRB4keuKx6/cS64LPDMiJlOzRFHiMVCCystzIqmRjxJHFU1nfKFjMcq5y3OWqnCGvfkLwzn9OUlrtMaRAILWIQEEQoq2EAJNmK066RYSNF53Mc/4Polcink2gAjxzzK0CC7fvA/+D1bKz8x7iWF40D7i+N8DAGhXaBedZzvY8epnwDBZ+BKb/rLNWD6k/RqU4seAd3bwMV1U1P2gMsdoP/JkE3ZlYK0hHweeD+jb8oCvbdA56o3t8Y5Th+ANM0qeQMcHALDBcpe83l3R+vc/u1pzO8HfNVyqx132SsAAAAGYktHRAD/AP8A/6C9p5MAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflARQSJCizuferAAARfElEQVR42u2daXgUVdbH/1VdvS/pLJ2drBBCAJFEBGRTQUQlgsArooMjcUMUEQeVcYRHYBREQVmEISo4qOgEFBUEDCgDBEElCUsIIUmbfU9636qru2o+BAORTtPd6TTB5z3P0x9IVdet++tzzz3n3HMvBK6ztBzaJ3I62Vhd3o+JPFXUTXRlmZKuuAhBanqMIDwyGSQJS1FhAYwakyhlIAhFSJVIJqkSxCWdlkRG6pXpw+3X8/2JQDfY8E2O1FTx2yh7c+MER1vLreBRI+wVJQLO6SDAcR6+NQlSJGb5fZI14NifqBDVCXF0TG7IrSOLlbeMtP3pANblbJfQBuNMc/HZBxxazXimVi3xe0d4PAgSB7TwI6P3S+ITP1ampBxT3naH44YGWLltc7L+l5+ynLq2LEdrY2TAtILiQ5A04De+Mnhj8KixH0fd+4D2hgJYs/OzDMPpU0ts5SWZTk0TeT1tFD+un0Xcb8CHoSNHr1aNm1DXqwHW5nwSrT9T+Ibt4rnZTn0bD71GOFCqmDZBbPwbsY9kfaAckmHqVQAb9+QQxnL1AsOJI686tc0q9FYhCAjiU4qlA2+a2++Fvx/rFQArP9oUY7xQ9Jm16NQ4OB24EYQUyxzitJvfi3rgweUhw0cbrxtA9Zb10/VHcjc5WurDcaMJQYAfGXcy5K77suJnP3EhoADrtm8mTC2aZYbD+17haKsAN7DwgsObQu6Z+nTinLnfBASg7lwhv2r9qjfttZWLOAeDP4OQ8mBGFBs3a9D6bV96/V1vbtYW/iJt3L/3e7qq/E8DDwBYo5ZvLSveod76r9cN5wq9UiqPXQ1LbbW4bvfOvcZDu+/An1A4luVpLhbfbueL+Zv3f/+jX4dw1eY1hP78uXdtpecWeByvdse+CyUInvoXSOITwDoc0J86CfPR/QB6pm0OgIXl4OAAgiDsgpCwh8fuzP3SbwBLVi5dYTxy4DUuAG4KPyEVya+9AVmf+Cu1A235v6Jq+d/A2W09Bq/DrokkTNjYu6YMWfz6/m7bwLK1b0435h16JRDwQPKQ+NLSTvDaky8kwoYNR+S8V3ocHgCwNgu/9cj3H5VkbxjQLYA1u3ak6vN+2MTZbfxA2CFx+igokvt1eV01cjQIvrBH4XVApG1RTT8e2Ko5/avcJ4BVW94lND8eyGaN2oA5yaLEfgDRtVXhBylBKoJ7HN7vYm9pGFHyr/WLfQJoaWh4kVYXjwnkTOjQuc86sbQNrNUSEHjtN3OwVqtfLly2eKRXAMvfWR5tVZeuAMsG1JUw5eWC1rR17cQXnwdnMQQGXoc9tFKmCvXm0/Nnkx4DpDXaTY7GanHAfTGrCVUffwAnffVMa2ttQW32uoDC62i7Rj2EDY1Z4JEbU/b28gzd0YM/czbzdcvniTPGIv6p5yBLSAIAtJzIQ132OjjqKwIOr8P+KkPrw9JvSRn02irzlX+nrrJ9pcVLugNPnD4ayjHjwROJYK2vhfbb/4DVt3r1DGv+UeiLxl4G+N1un+AJUoYgZMK9IOQKmJqb0LRnF5imGp/6xejaovXq8qcAvNslwN82rU3XHNid6Wt6KGr+a4ieNBkE7zL/qEmToV7zJqwFxwKqxarHX0TslOngCS+7PQn3ZuL8lo3Qfv+VbxBNppdKt6zbkvL0AotLG2guL32etZp9WsMInpGFmHvv7wQPAERhKiQvXAxSqggYPOnYexE346FO8ABAqAjCoGcWQBCT6BvAtqYofWXFQy4nkcoPNwTZaytn+Kp9ERMmdenDicIjEDRpesAARtw3BQTpWg8EMhmiHnjI52dbq3573CVAWqOZ49Q2S33ix+NDEBTk9h6JmwjDz6kICFUR7t8lMtrnpzOa5pGl27ZkXA2wutJnFeFYB5w07d5J1uu8fKj3U2b7bMuCuca7MGbfF+VYO01ozhRM6zSJNP1wILJu6/ujfX8qC+3pfIgnTe7ylqhJk2HXtEG7a2snOKRUAeV9D0IxJB18qbTDDAhDQjvuiXt8Hpx/aR85nNMJuq0VupPHYTy8B2CdHfBsQinin38Vivj4riE7nWg6fLBbOm7XaTIB/KPDDyx9e8UcXe7urd1KpMiU6Lt689XJAI67bBs5Ds0nj6N2zTKwRi3k46cgfs7TEKl8CLc5Dvqyi6h6bxVodRG4/kORsnAxlInJV7fb8RUOFfv3oGLtsu4ljcQSJD46t2/SzNlqHgA8Nbj/C47mupu7FUXYbdAeOQSnRAGeWAKOZWGqUKN6x7/hoGlI+8SBIElI+8QhaPR4cEoVkrKeBl8R5KOpIyAKDUPQ8FGwiRVIe/4lSMPbbZ/DasHFnM+hLSkGJZEC4GCorkR5zg7UbdvQ/YjJwQAC4ZnsYycLCUuVmlf29j9L6YtnkvwXk7HtH5LXEewopz6K+NlZ4Mtk/muG46DRaABwCA0NAwAY62pxfsMamE8dvayJrLP9XQj/FWIII2I2jv1873zKUFYmdTTXJ/h3IiTbP1cmAr7eDsu5AiQuWgJ5UrLf4Fks7ZGVXGZD088noF63Ek59WydNBY/y+1zP0rZhAEDa66uGOfVtASkAsquLUPr8o7A2NfoVHgCU/3AQpcsXdYbXk86SUDz04vrVIspcWxsfyLQV57CDZexwdMOV0Op0MJs6f99pD2yhKtNSzxcn9u1DOZsbEgPaMsehZN4jVw1xT8XCcmBc/OBcgOtyOI4jmg99l0A5GEdwoAFyNu+zyhwACwc43DrYRED7wcpDgylBqGpwoJQ/KPMRxEyfCYLkeQmPg6atFTba/Zs6rRY0blkHR91vAemPQCQYTDlaGwP2owVl3ApJVLS3QwUajQacXAGh/Nr3iwanwxQggNaKUpCs1YzeKq5m294kDqMB5P/D61biBxQp7l5kQErkkE+YAnFCEuiGOhj+ewDOls613IRIAtmYSZDExPQ4vLD0W4CWRpgKjrvM6ChGT4TypnSwjB2aE8dgKfrV575TMgUoShUJlBX59ADJbXch6bm/QXQpjAIAZuYjqNyWDVtFORQjxiBo8M2QxSeAkkoDonkxt41B0u3jQet00FWo0VqYD82Rg+DsNAYtW42Q/gNAXArp2OkzUZt3FOUrF4NzOr1uS5ycCuLMc1kb6Yunn/WafmQ8Bm7cBr5c4SIUZi9FdFdbCJZhwBj0XTvJeh0sZh/gEQQkIWFQRUSA94dlBZZhwJhNECpde2xlX+1E9aZVXjcpHzZuOsUTUD5tQgmd9rBLeH8Ex7EsbC3NMJSWwFB4Csa8Q+DMetd+HsuBYX1beyQIAlR4LLQTMxEycDCUiYkQBikBggDJ53cJDwDixt+Fmuw18KpolCDAZyxGigqP9mmxVZrgPnnDGPSo378XhhNHQV8sRKdw0UVWxMJyYLqxbstxHJj6CtR/vB71AAhKAPnw2xE6bATC04dBFt21+ySQySFMTIWt7JwX/EgufGJmJSWJiqwwEGR7+snLKdxtyNVQj5ata6+ODkgSKRs+hSBI2aF57U4y3a3JzHTxAlqz13SKuQ3Hc2E4ngvtnZOR8WrXSVTW4YBT510SQhARw1gry2soW031SV6wivV2S5bulxMIHzW2yxyb7uxp16GV0wlSIIBIFd4xYbBSGQTS7nkDnJuhb8w/AVqvax/SLkRfVQmmuc6rfCFLWwtT5i60kbGPPknzZIpib1/YkPslWn7+yfULlZagdfv7XdoOQ8kF//p5HAfL2YKuQzx9G0o//xSsCxtnNxpR+uEmr5OtpFD8a7sbF5fI8kLC8n156eoVL6H6qxxYGxvgMBlha21B/YHvoH51vttS3Oad29FSV+s3J9lSWwPrKfeVD827tuH0OyuhLSsFbdCDNujRfLoA+a8vhrkgz/s5oG9qYUf6ouzdlXO0+3Z2b1FJLAVrs1xzOfL32VY0aQaiZszqcgHcU3FaLaheuxJMeZHHPzzBF3TYSV8yODyJDElPLuibMGWGmgQAYUTEN1RkXLc6wlrNHsNzcIBp/y40/OczOLuhhXRzE2o2rPEc3iUTwjmYSy6Lb+kvKiyyMGHKDDVwaWE97uEsDRWqykMPiqsSM1PuV6C0WgQHB0MsFoPRakC3NLv9gKYhlUoRFqaCNf9X2C8UBDwEFqoi93XA7AhLEpK/tJ3PHx0oeAAgiE1C5JChoMRi8J1OnFuyEKzF/eZJxei7MWzpPwGCQNzESWjO+Sig8EiRhBNQ5LaOf3d0JjR0Gy80yhwoeAAQO2sOKHF7IWxd3jGwZkO7GXDzMeTlQlNe2g4zPhHBE6cFFKAgLPLE0JXr1FcBjJ/9pF4Yl7QrUPCo0CjEjGqvYWcsZtTu+NBThw/Ve77uCN/iMqeip3YwueqRtG//TirfaQqUp6atJ6UKtqfhETweoqbNgkDWnmJuKsgH01Tr8bM1B7+BqaEeABDSrz9k6aMDo30RfRpC+vb7okuA8VnPFAii4/f0FDxh0gCkrdyEUTm56Dt9ZkempDrnE++ez9CoOXigvQMUhYzlb2Hkjn1IWLAEpEjScwCVyrcTHp5j6RIgAEgHDl5BSuROv8NLHoiMVesQNWw4hEFKkBTVoY2ht43zLvPCFyBsaMZlcyASQxIegeTMqRj4xnoQFL8nbF99cOrA7KsmlT/+IfnZRfmS9JF7/T1s+819AeIrStauTH0l3z8NfC/80IgZj0E1eIjLa+FDhiJ82qP+pUeQkKakLUtdsNh8TYAAII6ImMePTbb6zebxBQhJSenaMZVIEDJuosdthaXf4v56xjC/8hP3TTstE1IuZzmXABPnLqyXpA5cAg/Xb6+5D4NHgScUuffuxZ7v6+EJ3B/TwJdK/QaPJ5E7lKkD56UueYv1GCAAyOL6rBWnDT3WbXgAONoGs7uCIo6DsazE406Z690fQGSqrfUbQEnf1LcGLVx8okvHuqsLMbMe58ImZj5BhUY2dwfe775bTe6+LmPltoslMJ70eJc9anbtAGNxXR7CmM2o2fWZf0K26PjjIrl8qdvIxN3FqHsyS4Nuv3seIRTbfYZ3SRp2ZEO9ZzecdrqT5mlKS3D+jde8WhWj1edRtHk96D8Urtt0Wpx7/13Q5UV+GLqyhpipM5+4ecUat36xR+mI0vdWLdd///WS9vRP9/aeCZMHImzcBPAkUhiKzkB3dD98La/jKcMQelcmxNF9YK2rQdvBb/1SH8iTKZjIyTOmpD01/5pb/j0C2PDFVqLl6OHVNvWFRRzLdnvjXm8WguTZxTF9Hh71790eHTrhUTYz6qEsjiLZl6WjJuZYnOyfFh4pkXPC2MS/egrPYw38XbTnz0rLc3Z8oTuWOzlwAXygNI+0S28a8dSINRu3EwTB9QhAAPgBIPj/N3G1XadZ5Es5RG8UnljGCJRBs0Z/trdnj34CgPEAFzbo5pdDxty9lKAo+w0/bIWihrA7Jk3xBZ5PGnilnPr7C3cbigq2Oc3GqBtw0EIQFnEy4s5JWalzFwT2+LsrpXj96piWvMObGE3L/Rx7YwxpUiB0iKLjVqc8/uwq1ahx1+8Axt9Fnf0e0Xru7GOWmsq3HAatqjfDE8YmFUvCw5+45Z3NJ/yjx36Usk8+jG7M3fsKYzQ+6zRoetUhtDyRtF6S3P+d1HkvfqAcMKh3HUJ7lUbmfJrRmv/LEmPhyQmcg5FeT3T8kPA2RfrIT4P69lue/OAjGv9b0h6U/EXPxFpaWp5xGnVZjK4tcAdx83iggkIKxbEJn/BZZkv6+m2WHmsrEB0q3fi22KzT32NtrH/MVlU+wmk2+t1OEiQJKii0QpI25DBhMW5OuG/KadWd99zYR8G7kjNLXxSy4N1mrqkax3HcHU6LOc2hbQ7lWNaL/4yAAMkXsLygkCpKpjhHUtR/lalpR0Ry+dmkJ+YHdM8Xgess5dnrBKLEfnEN3+5MhFIV72ioirfWVcFJ05Ddekck09psslcUmyiJFNJ+aXASvLOyyEitYuiIQsqs00dPefC6Hl79P/rx/H+/MUfaAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - hive.openshift.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - hiveinternal.openshift.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - extensions.hive.openshift.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - apiGroups: + - '' + resources: + - serviceaccounts + - serviceaccounts/finalizers + - secrets + - secrets/finalizers + - services + - services/finalizers + - endpoints + - events + - configmaps + - namespaces + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + - apiservices/finalizers + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - daemonsets + - daemonsets/finalizers + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - servicemonitors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - apiGroups: + - authorization.openshift.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - '' + resources: + - pods + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - admission.hive.openshift.io + resources: + - dnszones + verbs: + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - admission.hive.openshift.io + resources: + - clusterdeployments + - clusterimagesets + - clusterprovisions + - dnszones + - machinepools + - selectorsyncsets + - syncsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - flowcontrol.apiserver.k8s.io + resources: + - prioritylevelconfigurations + - flowschemas + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - proxies + verbs: + - get + - list + - watch + serviceAccountName: hive-operator + deployments: + - name: hive-operator + spec: + replicas: 1 + revisionHistoryLimit: 4 + selector: + matchLabels: + control-plane: hive-operator + controller-tools.k8s.io: '1.0' + strategy: + type: Recreate + template: + metadata: + labels: + control-plane: hive-operator + controller-tools.k8s.io: '1.0' + spec: + containers: + - command: + - /opt/services/hive-operator + - --log-level + - info + env: + - name: CLI_CACHE_DIR + value: /var/cache/kubectl + - name: HIVE_OPERATOR_NS + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TMPDIR + value: /tmp + image: quay.io/app-sre/hive:b41ca3f36e + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8080 + name: hive-operator + ports: + - containerPort: 2112 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8080 + resources: + requests: + cpu: 100m + memory: 256Mi + securityContext: + privileged: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /var/cache/kubectl + name: kubectl-cache + - mountPath: /tmp + name: tmp + serviceAccountName: hive-operator + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: kubectl-cache + - emptyDir: {} + name: tmp + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - kubernetes + - openshift + - multi-cluster + - cluster + links: + - name: Hive GitHub + url: https://github.com/openshift/hive + - name: 'Hive: Cluster-as-a-Service' + url: https://www.openshift.com/blog/openshift-hive-cluster-as-a-service + - name: OpenShift + url: https://www.openshift.com/ + maintainers: + - email: openshift-hive-team@redhat.com + name: Hive Team + maturity: alpha + provider: + name: Red Hat + replaces: hive-operator.v1.2.4584-95efcb7 + version: 1.2.4605-b41ca3f diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_checkpoints.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_checkpoints.yaml new file mode 100644 index 00000000000..03dfa7eecb1 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_checkpoints.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: checkpoints.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: Checkpoint + listKind: CheckpointList + plural: checkpoints + singular: checkpoint + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Checkpoint is the Schema for the backup of Hive objects. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CheckpointSpec defines the metadata around the Hive objects + state in the namespace at the time of the last backup. + properties: + lastBackupChecksum: + description: LastBackupChecksum is the checksum of all Hive objects + in the namespace at the time of the last backup. + type: string + lastBackupRef: + description: LastBackupRef is a reference to last backup object created + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + lastBackupTime: + description: LastBackupTime is the last time we performed a backup + of the namespace + format: date-time + type: string + required: + - lastBackupChecksum + - lastBackupRef + - lastBackupTime + type: object + status: + description: CheckpointStatus defines the observed state of Checkpoint + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterclaims.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterclaims.yaml new file mode 100644 index 00000000000..7ce082122cc --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterclaims.yaml @@ -0,0 +1,161 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterclaims.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterClaim + listKind: ClusterClaimList + plural: clusterclaims + singular: clusterclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterPoolName + name: Pool + type: string + - jsonPath: .status.conditions[?(@.type=='Pending')].reason + name: Pending + type: string + - jsonPath: .spec.namespace + name: ClusterNamespace + type: string + - jsonPath: .status.conditions[?(@.type=='ClusterRunning')].reason + name: ClusterRunning + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterClaim represents a claim to a cluster from a cluster pool. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClaimSpec defines the desired state of the ClusterClaim. + properties: + clusterPoolName: + description: ClusterPoolName is the name of the cluster pool from + which to claim a cluster. + type: string + lifetime: + description: 'Lifetime is the maximum lifetime of the claim after + it is assigned a cluster. If the claim still exists when the lifetime + has elapsed, the claim will be deleted by Hive. This is a Duration + value; see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use a Pattern + instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + namespace: + description: Namespace is the namespace containing the ClusterDeployment + (name will match the namespace) of the claimed cluster. This field + will be set as soon as a suitable cluster can be found, however + that cluster may still be resuming and not yet ready for use. Wait + for the ClusterRunning condition to be true to avoid this issue. + type: string + subjects: + description: Subjects hold references to which to authorize access + to the claimed cluster. + items: + description: Subject contains a reference to the object or user + identities a role binding applies to. This can either hold a + direct API object reference, or a value for non-objects such as + user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced + subject. Defaults to "" for ServiceAccount subjects. Defaults + to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined + by this API group are "User", "Group", and "ServiceAccount". + If the Authorizer does not recognized the kind value, the + Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object + kind is non-namespace, such as "User" or "Group", and this + value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + required: + - clusterPoolName + type: object + status: + description: ClusterClaimStatus defines the observed state of ClusterClaim. + properties: + conditions: + description: Conditions includes more detailed status for the cluster + pool. + items: + description: ClusterClaimCondition contains details for the current + condition of a cluster claim. + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + lifetime: + description: Lifetime is the maximum lifetime of the claim after it + is assigned a cluster. If the claim still exists when the lifetime + has elapsed, the claim will be deleted by Hive. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeploymentcustomizations.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeploymentcustomizations.yaml new file mode 100644 index 00000000000..1ca03dcc38d --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeploymentcustomizations.yaml @@ -0,0 +1,143 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterdeploymentcustomizations.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterDeploymentCustomization + listKind: ClusterDeploymentCustomizationList + plural: clusterdeploymentcustomizations + singular: clusterdeploymentcustomization + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterDeploymentCustomization is the Schema for clusterdeploymentcustomizations + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterDeploymentCustomizationSpec defines the desired state + of ClusterDeploymentCustomization. + properties: + installConfigPatches: + description: InstallConfigPatches is a list of patches to be applied + to the install-config. + items: + description: PatchEntity represent a json patch (RFC 6902) to be + applied to the install-config + properties: + from: + description: From is the json path to copy or move the value + from + type: string + op: + description: 'Op is the operation to perform: add, remove, replace, + move, copy, test' + type: string + path: + description: Path is the json path to the value to be modified + type: string + value: + description: Value is the value to be used in the operation + type: string + required: + - op + - path + - value + type: object + type: array + type: object + status: + description: ClusterDeploymentCustomizationStatus defines the observed + state of ClusterDeploymentCustomization. + properties: + clusterDeploymentRef: + description: ClusterDeploymentRef is a reference to the cluster deployment + that this customization is applied on. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + clusterPoolRef: + description: ClusterPoolRef is the name of the current cluster pool + the CDC used at. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: Conditions describes the state of the operator's reconciliation + functionality. + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + lastAppliedConfiguration: + description: LastAppliedConfiguration contains the last applied patches + to the install-config. The information will retain for reference + in case the customization is updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeployments.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeployments.yaml new file mode 100644 index 00000000000..afd63343736 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeployments.yaml @@ -0,0 +1,1431 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterdeployments.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterDeployment + listKind: ClusterDeploymentList + plural: clusterdeployments + shortNames: + - cd + singular: clusterdeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterMetadata.infraID + name: InfraID + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/cluster-platform + name: Platform + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/cluster-region + name: Region + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/version + name: Version + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/cluster-type + name: ClusterType + type: string + - jsonPath: .status.conditions[?(@.type=='Provisioned')].reason + name: ProvisionStatus + type: string + - jsonPath: .status.powerState + name: PowerState + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterDeployment is the Schema for the clusterdeployments API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterDeploymentSpec defines the desired state of ClusterDeployment + properties: + baseDomain: + description: BaseDomain is the base domain to which the cluster should + belong. + type: string + boundServiceAccountSigningKeySecretRef: + description: BoundServiceAccountSigningKeySecretRef refers to a Secret + that contains a 'bound-service-account-signing-key.key' data key + pointing to the private key that will be used to sign ServiceAccount + objects. Primarily used to provision AWS clusters to use Amazon's + Security Token Service. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + certificateBundles: + description: CertificateBundles is a list of certificate bundles associated + with this cluster + items: + description: CertificateBundleSpec specifies a certificate bundle + associated with a cluster deployment + properties: + certificateSecretRef: + description: CertificateSecretRef is the reference to the secret + that contains the certificate bundle. If the certificate bundle + is to be generated, it will be generated with the name in + this reference. Otherwise, it is expected that the secret + should exist in the same namespace as the ClusterDeployment + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + generate: + description: Generate indicates whether this bundle should have + real certificates generated for it. + type: boolean + name: + description: Name is an identifier that must be unique within + the bundle and must be referenced by an ingress or by the + control plane serving certs + type: string + required: + - certificateSecretRef + - name + type: object + type: array + clusterInstallRef: + description: ClusterInstallLocalReference provides reference to an + object that implements the hivecontract ClusterInstall. The namespace + of the object is same as the ClusterDeployment. This cannot be set + when Provisioning is also set. + properties: + group: + type: string + kind: + type: string + name: + type: string + version: + type: string + required: + - group + - kind + - name + - version + type: object + clusterMetadata: + description: ClusterMetadata contains metadata information about the + installed cluster. + properties: + adminKubeconfigSecretRef: + description: AdminKubeconfigSecretRef references the secret containing + the admin kubeconfig for this cluster. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + adminPasswordSecretRef: + description: AdminPasswordSecretRef references the secret containing + the admin username/password which can be used to login to this + cluster. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: ClusterID is a globally unique identifier for this + cluster generated during installation. Used for reporting metrics + among other places. + type: string + infraID: + description: InfraID is an identifier for this cluster generated + during installation and used for tagging/naming resources in + cloud providers. + type: string + platform: + description: Platform holds platform-specific cluster metadata + properties: + aws: + description: AWS holds AWS-specific cluster metadata + properties: + hostedZoneRole: + description: HostedZoneRole is the role to assume when + performing operations on a hosted zone owned by another + account. + type: string + type: object + azure: + description: Azure holds azure-specific cluster metadata + properties: + resourceGroupName: + description: ResourceGroupName is the name of the resource + group in which the cluster resources were created. + type: string + required: + - resourceGroupName + type: object + gcp: + description: GCP holds GCP-specific cluster metadata + properties: + networkProjectID: + description: NetworkProjectID is used for shared VPC setups + type: string + type: object + type: object + required: + - adminKubeconfigSecretRef + - clusterID + - infraID + type: object + clusterName: + description: ClusterName is the friendly name of the cluster. It is + used for subdomains, some resource tagging, and other instances + where a friendly name for the cluster is useful. + type: string + clusterPoolRef: + description: ClusterPoolRef is a reference to the ClusterPool that + this ClusterDeployment originated from. + properties: + claimName: + description: ClaimName is the name of the ClusterClaim that claimed + the cluster from the pool. + type: string + claimedTimestamp: + description: ClaimedTimestamp is the time this cluster was assigned + to a ClusterClaim. This is only used for ClusterDeployments + belonging to ClusterPools. + format: date-time + type: string + clusterDeploymentCustomization: + description: CustomizationRef is the ClusterPool Inventory claimed + customization for this ClusterDeployment. The Customization + exists in the ClusterPool namespace. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + namespace: + description: Namespace is the namespace where the ClusterPool + resides. + type: string + poolName: + description: PoolName is the name of the ClusterPool for which + the cluster was created. + type: string + required: + - namespace + - poolName + type: object + controlPlaneConfig: + description: ControlPlaneConfig contains additional configuration + for the target cluster's control plane + properties: + apiServerIPOverride: + description: APIServerIPOverride is the optional override of the + API server IP address. Hive will use this IP address for creating + TCP connections. Port from the original API server URL will + be used. This field can be used when repointing the APIServer's + DNS is not viable option. + type: string + apiURLOverride: + description: APIURLOverride is the optional URL override to which + Hive will transition for communication with the API server of + the remote cluster. When a remote cluster is created, Hive will + initially communicate using the API URL established during installation. + If an API URL Override is specified, Hive will periodically + attempt to connect to the remote cluster using the override + URL. Once Hive has determined that the override URL is active, + Hive will use the override URL for further communications with + the API server of the remote cluster. + type: string + servingCertificates: + description: ServingCertificates specifies serving certificates + for the control plane + properties: + additional: + description: Additional is a list of additional domains and + certificates that are also associated with the control plane's + api endpoint. + items: + description: ControlPlaneAdditionalCertificate defines an + additional serving certificate for a control plane + properties: + domain: + description: Domain is the domain of the additional + control plane certificate + type: string + name: + description: Name references a CertificateBundle in + the ClusterDeployment.Spec that should be used for + this additional certificate. + type: string + required: + - domain + - name + type: object + type: array + default: + description: Default references the name of a CertificateBundle + in the ClusterDeployment that should be used for the control + plane's default endpoint. + type: string + type: object + type: object + hibernateAfter: + description: 'HibernateAfter will transition a cluster to hibernating + power state after it has been running for the given duration. The + time that a cluster has been running is the time since the cluster + was installed or the time since the cluster last came out of hibernation. + This is a Duration value; see https://pkg.go.dev/time#ParseDuration + for accepted formats. Note: due to discrepancies in validation vs + parsing, we use a Pattern instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + ingress: + description: Ingress allows defining desired clusteringress/shards + to be configured on the cluster. + items: + description: ClusterIngress contains the configurable pieces for + any ClusterIngress objects that should exist on the cluster. + properties: + domain: + description: Domain (sometimes referred to as shard) is the + full DNS suffix that the resulting IngressController object + will service (eg abcd.mycluster.mydomain.com). + type: string + httpErrorCodePages: + description: HttpErrorCodePages allows configuring custom HTTP + error pages using the IngressController object + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + name: + description: Name of the ClusterIngress object to create. + type: string + namespaceSelector: + description: NamespaceSelector allows filtering the list of + namespaces serviced by the ingress controller. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + routeSelector: + description: RouteSelector allows filtering the set of Routes + serviced by the ingress controller + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + servingCertificate: + description: ServingCertificate references a CertificateBundle + in the ClusterDeployment.Spec that should be used for this + Ingress + type: string + required: + - domain + - name + type: object + type: array + installAttemptsLimit: + description: InstallAttemptsLimit is the maximum number of times Hive + will attempt to install the cluster. + format: int32 + type: integer + installed: + description: Installed is true if the cluster has been installed + type: boolean + manageDNS: + description: ManageDNS specifies whether a DNSZone should be created + and managed automatically for this ClusterDeployment + type: boolean + platform: + description: Platform is the configuration for the specific platform + upon which to perform the installation. + properties: + agentBareMetal: + description: AgentBareMetal is the configuration used when performing + an Assisted Agent based installation to bare metal. + properties: + agentSelector: + description: AgentSelector is a label selector used for associating + relevant custom resources with this cluster. (Agent, BareMetalHost, + etc) + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - agentSelector + type: object + aws: + description: AWS is the configuration used when installing on + AWS. + properties: + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role + that must be assumed to obtain AWS account access for the + cluster operations. + properties: + externalID: + description: 'ExternalID is random string generated by + platform so that assume role is protected from confused + deputy problem. more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the AWS account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + privateLink: + description: PrivateLink allows uses to enable access to the + cluster's API server using AWS PrivateLink. AWS PrivateLink + includes a pair of VPC Endpoint Service and VPC Endpoint + accross AWS accounts and allows clients to connect to services + using AWS's internal networking instead of the Internet. + properties: + additionalAllowedPrincipals: + description: AdditionalAllowedPrincipals is a list of + additional allowed principal ARNs to be configured for + the Private Link cluster's VPC Endpoint Service. ARNs + provided as AdditionalAllowedPrincipals will be configured + for the cluster's VPC Endpoint Service in addition to + the IAM entity used by Hive. + items: + type: string + type: array + enabled: + type: boolean + required: + - enabled + type: object + region: + description: Region specifies the AWS region where the cluster + will be created. + type: string + userTags: + additionalProperties: + type: string + description: UserTags specifies additional tags for AWS resources + created for the cluster. + type: object + required: + - region + type: object + azure: + description: Azure is the configuration used when installing on + Azure. + properties: + baseDomainResourceGroupName: + description: BaseDomainResourceGroupName specifies the resource + group where the azure DNS zone for the base domain is found + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the Azure account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the Azure region where the cluster + will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + baremetal: + description: BareMetal is the configuration used when installing + on bare metal. + properties: + libvirtSSHPrivateKeySecretRef: + description: LibvirtSSHPrivateKeySecretRef is the reference + to the secret that contains the private SSH key to use for + access to the libvirt provisioning host. The SSH private + key is expected to be in the secret data under the "ssh-privatekey" + key. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - libvirtSSHPrivateKeySecretRef + type: object + gcp: + description: GCP is the configuration used when installing on + Google Cloud Platform. + properties: + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the GCP account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + privateServiceConnect: + description: PrivateSericeConnect allows users to enable access + to the cluster's API server using GCP Private Service Connect. + It includes a forwarding rule paired with a Service Attachment + across GCP accounts and allows clients to connect to services + using GCP internal networking of using public load balancers. + properties: + enabled: + description: Enabled specifies if Private Service Connect + is to be enabled on the cluster. + type: boolean + serviceAttachment: + description: ServiceAttachment configures the service + attachment to be used by the cluster. + properties: + subnet: + description: Subnet configures the subnetwork that + contains the service attachment. + properties: + cidr: + description: Cidr configures the network cidr + of the subnetwork that contains the service + attachment. + type: string + type: object + type: object + required: + - enabled + type: object + region: + description: Region specifies the GCP region where the cluster + will be created. + type: string + required: + - region + type: object + ibmcloud: + description: IBMCloud is the configuration used when installing + on IBM Cloud + properties: + accountID: + description: AccountID is the IBM Cloud Account ID. AccountID + is DEPRECATED and is gathered via the IBM Cloud API for + the provided credentials. This field will be ignored. + type: string + cisInstanceCRN: + description: CISInstanceCRN is the IBM Cloud Internet Services + Instance CRN CISInstanceCRN is DEPRECATED and gathered via + the IBM Cloud API for the provided credentials and cluster + deployment base domain. This field will be ignored. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains IBM Cloud account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the IBM Cloud region where the + cluster will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + none: + description: None indicates platform-agnostic install. https://docs.openshift.com/container-platform/4.7/installing/installing_platform_agnostic/installing-platform-agnostic.html + type: object + openstack: + description: OpenStack is the configuration used when installing + on OpenStack + properties: + certificatesSecretRef: + description: "CertificatesSecretRef refers to a secret that + contains CA certificates necessary for communicating with + the OpenStack. There is additional configuration required + for the OpenShift cluster to trust the certificates provided + in this secret. The \"clouds.yaml\" file included in the + credentialsSecretRef Secret must also include a reference + to the certificate bundle file for the OpenShift cluster + being created to trust the OpenStack endpoints. The \"clouds.yaml\" + file must set the \"cacert\" field to either \"/etc/openstack-ca/\" or \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\". + \n For example, \"\"\"clouds.yaml clouds: shiftstack: auth: + ... cacert: \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\" + \"\"\"" + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + cloud: + description: Cloud will be used to indicate the OS_CLOUD value + to use the right section from the clouds.yaml in the CredentialsSecretRef. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the OpenStack account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + trunkSupport: + description: TrunkSupport indicates whether or not to use + trunk ports in your OpenShift cluster. + type: boolean + required: + - cloud + - credentialsSecretRef + type: object + ovirt: + description: Ovirt is the configuration used when installing on + oVirt + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the oVirt CA certificates necessary for communicating + with oVirt. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that + contains the oVirt account access credentials with fields: + ovirt_url, ovirt_username, ovirt_password, ovirt_ca_bundle' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + ovirt_cluster_id: + description: The target cluster under which all VMs will run + type: string + ovirt_network_name: + description: The target network of all the network interfaces + of the nodes. Omitting defaults to ovirtmgmt network which + is a default network for evert ovirt cluster. + type: string + storage_domain_id: + description: The target storage domain under which all VM + disk would be created. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - ovirt_cluster_id + - storage_domain_id + type: object + vsphere: + description: VSphere is the configuration used when installing + on vSphere + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the vSphere CA certificates necessary for communicating + with the VCenter. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + cluster: + description: Cluster is the name of the cluster virtual machines + will be cloned into. + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that + contains the vSphere account access credentials: GOVC_USERNAME, + GOVC_PASSWORD fields.' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + datacenter: + description: Datacenter is the name of the datacenter to use + in the vCenter. + type: string + defaultDatastore: + description: DefaultDatastore is the default datastore to + use for provisioning volumes. + type: string + folder: + description: Folder is the name of the folder that will be + used and/or created for virtual machines. + type: string + network: + description: Network specifies the name of the network to + be used by the cluster. + type: string + vCenter: + description: VCenter is the domain name or IP address of the + vCenter. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - datacenter + - defaultDatastore + - vCenter + type: object + type: object + powerState: + description: PowerState indicates whether a cluster should be running + or hibernating. When omitted, PowerState defaults to the Running + state. + enum: + - "" + - Running + - Hibernating + type: string + preserveOnDelete: + description: PreserveOnDelete allows the user to disconnect a cluster + from Hive without deprovisioning it. This can also be used to abandon + ongoing cluster deprovision. + type: boolean + provisioning: + description: Provisioning contains settings used only for initial + cluster provisioning. May be unset in the case of adopted clusters. + properties: + imageSetRef: + description: ImageSetRef is a reference to a ClusterImageSet. + If a value is specified for ReleaseImage, that will take precedence + over the one from the ClusterImageSet. + properties: + name: + description: Name is the name of the ClusterImageSet that + this refers to + type: string + required: + - name + type: object + installConfigSecretRef: + description: InstallConfigSecretRef is the reference to a secret + that contains an openshift-install InstallConfig. This file + will be passed through directly to the installer. Any version + of InstallConfig can be used, provided it can be parsed by the + openshift-install version for the release you are provisioning. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + installerEnv: + description: InstallerEnv are extra environment variables to pass + through to the installer. This may be used to enable additional + features of the installer. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. This field is + effectively required, but due to backwards compatibility + is allowed to be empty. Instances of this type + with an empty value here are almost certainly + wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: 'Name of the referent. This field is + effectively required, but due to backwards compatibility + is allowed to be empty. Instances of this type + with an empty value here are almost certainly + wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + installerImageOverride: + description: InstallerImageOverride allows specifying a URI for + the installer image, normally gleaned from the metadata within + the ReleaseImage. + type: string + manifestsConfigMapRef: + description: ManifestsConfigMapRef is a reference to user-provided + manifests to add to or replace manifests that are generated + by the installer. It serves the same purpose as, and is mutually + exclusive with, ManifestsSecretRef. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + manifestsSecretRef: + description: ManifestsSecretRef is a reference to user-provided + manifests to add to or replace manifests that are generated + by the installer. It serves the same purpose as, and is mutually + exclusive with, ManifestsConfigMapRef. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + releaseImage: + description: ReleaseImage is the image containing metadata for + all components that run in the cluster, and is the primary and + best way to specify what specific version of OpenShift you wish + to install. + type: string + sshKnownHosts: + description: SSHKnownHosts are known hosts to be configured in + the hive install manager pod to avoid ssh prompts. Use of ssh + in the install pod is somewhat limited today (failure log gathering + from cluster, some bare metal provisioning scenarios), so this + setting is often not needed. + items: + type: string + type: array + sshPrivateKeySecretRef: + description: SSHPrivateKeySecretRef is the reference to the secret + that contains the private SSH key to use for access to compute + instances. This private key should correspond to the public + key included in the InstallConfig. The private key is used by + Hive to gather logs on the target cluster if there are install + failures. The SSH private key is expected to be in the secret + data under the "ssh-privatekey" key. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: object + pullSecretRef: + description: PullSecretRef is the reference to the secret to use when + pulling images. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - baseDomain + - clusterName + - platform + type: object + status: + description: ClusterDeploymentStatus defines the observed state of ClusterDeployment + properties: + apiURL: + description: APIURL is the URL where the cluster's API can be accessed. + type: string + certificateBundles: + description: CertificateBundles contains of the status of the certificate + bundles associated with this cluster deployment. + items: + description: CertificateBundleStatus specifies whether a certificate + bundle was generated for this cluster deployment. + properties: + generated: + description: Generated indicates whether the certificate bundle + was generated + type: boolean + name: + description: Name of the certificate bundle + type: string + required: + - generated + - name + type: object + type: array + cliImage: + description: CLIImage is the name of the oc cli image to use when + installing the target cluster + type: string + conditions: + description: Conditions includes more detailed status for the cluster + deployment + items: + description: ClusterDeploymentCondition contains details for the + current condition of a cluster deployment + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + installRestarts: + description: InstallRestarts is the total count of container restarts + on the clusters install job. + type: integer + installStartedTimestamp: + description: InstallStartedTimestamp is the time when all pre-requisites + were met and cluster installation was launched. + format: date-time + type: string + installVersion: + description: InstallVersion is the version of OpenShift as reported + by the release image resolved for the installation. + type: string + installedTimestamp: + description: InstalledTimestamp is the time we first detected that + the cluster has been successfully installed. + format: date-time + type: string + installerImage: + description: InstallerImage is the name of the installer image to + use when installing the target cluster + type: string + platformStatus: + description: Platform contains the observed state for the specific + platform upon which to perform the installation. + properties: + aws: + description: AWS is the observed state on AWS. + properties: + privateLink: + description: PrivateLinkAccessStatus contains the observed + state for PrivateLinkAccess resources. + properties: + hostedZoneID: + type: string + vpcEndpointID: + type: string + vpcEndpointService: + properties: + additionalAllowedPrincipals: + description: AdditionalAllowedPrincipals is a list + of additional allowed principal ARNs that have been + configured for the Private Link cluster's VPC Endpoint + Service. This list in Status is used to determine + if a sync of Allowed Principals is needed outside + of the regular reconcile period of 2hrs. + items: + type: string + type: array + defaultAllowedPrincipal: + description: DefaultAllowedPrincipal is the ARN of + the IAM entity used by Hive as configured for the + Private Link cluster's VPC Endpoint Service. + type: string + id: + type: string + name: + type: string + type: object + type: object + type: object + gcp: + description: GCP is the observed state on GCP + properties: + privateServiceConnect: + description: PrivateServiceConnect contains the private service + connect resource references + properties: + endpoint: + description: Endpoint is the selfLink of the endpoint + created for the cluster. + type: string + endpointAddress: + description: EndpointAddress is the selfLink of the address + created for the cluster endpoint. + type: string + serviceAttachment: + description: ServiceAttachment is the selfLink of the + service attachment created for the clsuter. + type: string + serviceAttachmentFirewall: + description: ServiceAttachmentFirewall is the selfLink + of the firewall that allows traffic between the service + attachment and the cluster's internal api load balancer. + type: string + serviceAttachmentSubnet: + description: ServiceAttachmentSubnet is the selfLink of + the subnet that will contain the service attachment. + type: string + type: object + type: object + type: object + powerState: + description: PowerState indicates the powerstate of cluster + type: string + provisionRef: + description: ProvisionRef is a reference to the last ClusterProvision + created for the deployment + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + webConsoleURL: + description: WebConsoleURL is the URL for the cluster's web console + UI. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeprovisions.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeprovisions.yaml new file mode 100644 index 00000000000..1c9d0f40c66 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterdeprovisions.yaml @@ -0,0 +1,398 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterdeprovisions.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterDeprovision + listKind: ClusterDeprovisionList + plural: clusterdeprovisions + shortNames: + - cdr + singular: clusterdeprovision + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.infraID + name: InfraID + type: string + - jsonPath: .spec.clusterID + name: ClusterID + type: string + - jsonPath: .status.completed + name: Completed + type: boolean + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterDeprovision is the Schema for the clusterdeprovisions + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterDeprovisionSpec defines the desired state of ClusterDeprovision + properties: + baseDomain: + description: BaseDomain is the DNS base domain. + type: string + clusterID: + description: ClusterID is a globally unique identifier for the cluster + to deprovision. It will be used if specified. + type: string + clusterName: + description: ClusterName is the friendly name of the cluster. It is + used for subdomains, some resource tagging, and other instances + where a friendly name for the cluster is useful. + type: string + infraID: + description: InfraID is the identifier generated during installation + for a cluster. It is used for tagging/naming resources in cloud + providers. + type: string + platform: + description: Platform contains platform-specific configuration for + a ClusterDeprovision + properties: + aws: + description: AWS contains AWS-specific deprovision settings + properties: + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role + that must be assumed to obtain AWS account access for deprovisioning + the cluster. + properties: + externalID: + description: 'ExternalID is random string generated by + platform so that assume role is protected from confused + deputy problem. more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef is the AWS account credentials + to use for deprovisioning the cluster + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + hostedZoneRole: + description: HostedZoneRole is the role to assume when performing + operations on a hosted zone owned by another account. + type: string + region: + description: Region is the AWS region for this deprovisioning + type: string + required: + - region + type: object + azure: + description: Azure contains Azure-specific deprovision settings + properties: + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef is the Azure account credentials + to use for deprovisioning the cluster + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + resourceGroupName: + description: ResourceGroupName is the name of the resource + group where the cluster was installed. Required for new + deprovisions (schema notwithstanding). + type: string + type: object + gcp: + description: GCP contains GCP-specific deprovision settings + properties: + credentialsSecretRef: + description: CredentialsSecretRef is the GCP account credentials + to use for deprovisioning the cluster + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + networkProjectID: + description: NetworkProjectID is used for shared VPC setups + type: string + region: + description: Region is the GCP region for this deprovision + type: string + required: + - region + type: object + ibmcloud: + description: IBMCloud contains IBM Cloud specific deprovision + settings + properties: + baseDomain: + description: 'BaseDomain is the DNS base domain. TODO: Use + the non-platform-specific BaseDomain field.' + type: string + credentialsSecretRef: + description: CredentialsSecretRef is the IBM Cloud credentials + to use for deprovisioning the cluster + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the IBM Cloud region + type: string + required: + - baseDomain + - credentialsSecretRef + - region + type: object + openstack: + description: OpenStack contains OpenStack-specific deprovision + settings + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains CA certificates necessary for communicating with + the OpenStack. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + cloud: + description: Cloud is the secion in the clouds.yaml secret + below to use for auth/connectivity. + type: string + credentialsSecretRef: + description: CredentialsSecretRef is the OpenStack account + credentials to use for deprovisioning the cluster + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - cloud + type: object + ovirt: + description: Ovirt contains oVirt-specific deprovision settings + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the oVirt CA certificates necessary for communicating + with the oVirt. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: The oVirt cluster ID + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef is the oVirt account credentials + to use for deprovisioning the cluster secret fields: ovirt_url, + ovirt_username, ovirt_password, ovirt_ca_bundle' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - certificatesSecretRef + - clusterID + - credentialsSecretRef + type: object + vsphere: + description: VSphere contains VMWare vSphere-specific deprovision + settings + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the vSphere CA certificates necessary for communicating + with the VCenter. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + credentialsSecretRef: + description: CredentialsSecretRef is the vSphere account credentials + to use for deprovisioning the cluster + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + vCenter: + description: VCenter is the vSphere vCenter hostname. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - vCenter + type: object + type: object + required: + - infraID + type: object + status: + description: ClusterDeprovisionStatus defines the observed state of ClusterDeprovision + properties: + completed: + description: Completed is true when the uninstall has completed successfully + type: boolean + conditions: + description: Conditions includes more detailed status for the cluster + deprovision + items: + description: ClusterDeprovisionCondition contains details for the + current condition of a ClusterDeprovision + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterimagesets.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterimagesets.yaml new file mode 100644 index 00000000000..eec9f492c36 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterimagesets.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterimagesets.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterImageSet + listKind: ClusterImageSetList + plural: clusterimagesets + shortNames: + - imgset + singular: clusterimageset + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.releaseImage + name: Release + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterImageSet is the Schema for the clusterimagesets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterImageSetSpec defines the desired state of ClusterImageSet + properties: + releaseImage: + description: ReleaseImage is the image that contains the payload to + use when installing a cluster. + type: string + required: + - releaseImage + type: object + status: + description: ClusterImageSetStatus defines the observed state of ClusterImageSet + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterpools.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterpools.yaml new file mode 100644 index 00000000000..8774545381a --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterpools.yaml @@ -0,0 +1,913 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterpools.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterPool + listKind: ClusterPoolList + plural: clusterpools + shortNames: + - cp + singular: clusterpool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.size + name: Size + type: string + - jsonPath: .status.standby + name: Standby + type: string + - jsonPath: .status.ready + name: Ready + type: string + - jsonPath: .spec.baseDomain + name: BaseDomain + type: string + - jsonPath: .spec.imageSetRef.name + name: ImageSet + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterPool represents a pool of clusters that should be kept + ready to be given out to users. Clusters are removed from the pool once + claimed and then automatically replaced with a new one. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterPoolSpec defines the desired state of the ClusterPool. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be applied to new ClusterDeployments created + for the pool. ClusterDeployments that have already been claimed + will not be affected when this value is modified. + type: object + baseDomain: + description: BaseDomain is the base domain to use for all clusters + created in this pool. + type: string + claimLifetime: + description: ClaimLifetime defines the lifetimes for claims for the + cluster pool. + properties: + default: + description: 'Default is the default lifetime of the claim when + no lifetime is set on the claim itself. This is a Duration value; + see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use + a Pattern instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maximum: + description: 'Maximum is the maximum lifetime of the claim after + it is assigned a cluster. If the claim still exists when the + lifetime has elapsed, the claim will be deleted by Hive. The + lifetime of a claim is the mimimum of the lifetimes set by the + cluster pool and the claim itself. This is a Duration value; + see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use + a Pattern instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object + hibernateAfter: + description: 'HibernateAfter will be applied to new ClusterDeployments + created for the pool. HibernateAfter will transition clusters in + the clusterpool to hibernating power state after it has been running + for the given duration. The time that a cluster has been running + is the time since the cluster was installed or the time since the + cluster last came out of hibernation. This is a Duration value; + see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use a Pattern + instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + hibernationConfig: + description: HibernationConfig configures the hibernation/resume behavior + of ClusterDeployments owned by the ClusterPool. + properties: + resumeTimeout: + description: 'ResumeTimeout is the maximum amount of time we will + wait for an unclaimed ClusterDeployment to resume from hibernation + (e.g. at the behest of runningCount, or in preparation for being + claimed). If this time is exceeded, the ClusterDeployment will + be considered Broken and we will replace it. The default (unspecified + or zero) means no timeout -- we will allow the ClusterDeployment + to continue trying to resume "forever". This is a Duration value; + see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use + a Pattern instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object + imageSetRef: + description: ImageSetRef is a reference to a ClusterImageSet. The + release image specified in the ClusterImageSet will be used by clusters + created for this cluster pool. + properties: + name: + description: Name is the name of the ClusterImageSet that this + refers to + type: string + required: + - name + type: object + installAttemptsLimit: + description: InstallAttemptsLimit is the maximum number of times Hive + will attempt to install the cluster. + format: int32 + type: integer + installConfigSecretTemplateRef: + description: InstallConfigSecretTemplateRef is a secret with the key + install-config.yaml consisting of the content of the install-config.yaml + to be used as a template for all clusters in this pool. Cluster + specific settings (name, basedomain) will be injected dynamically + when the ClusterDeployment install-config Secret is generated. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + installerEnv: + description: InstallerEnv are extra environment variables to pass + through to the installer. This may be used to enable additional + features of the installer. + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using + the previously defined environment variables in the container + and any service environment variables. If a variable cannot + be resolved, the reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + inventory: + description: Inventory maintains a list of entries consumed by the + ClusterPool to customize the default ClusterDeployment. + items: + description: InventoryEntry maintains a reference to a custom resource + consumed by a clusterpool to customize the cluster deployment. + properties: + kind: + default: ClusterDeploymentCustomization + description: Kind denotes the kind of the referenced resource. + The default is ClusterDeploymentCustomization, which is also + currently the only supported value. + enum: + - "" + - ClusterDeploymentCustomization + type: string + name: + description: Name is the name of the referenced resource. + type: string + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels to be applied to new ClusterDeployments created + for the pool. ClusterDeployments that have already been claimed + will not be affected when this value is modified. + type: object + maxConcurrent: + description: MaxConcurrent is the maximum number of clusters that + will be provisioned or deprovisioned at an time. This includes the + claimed clusters being deprovisioned. By default there is no limit. + format: int32 + type: integer + maxSize: + description: MaxSize is the maximum number of clusters that will be + provisioned including clusters that have been claimed and ones waiting + to be used. By default there is no limit. + format: int32 + type: integer + platform: + description: Platform encompasses the desired platform for the cluster. + properties: + agentBareMetal: + description: AgentBareMetal is the configuration used when performing + an Assisted Agent based installation to bare metal. + properties: + agentSelector: + description: AgentSelector is a label selector used for associating + relevant custom resources with this cluster. (Agent, BareMetalHost, + etc) + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - agentSelector + type: object + aws: + description: AWS is the configuration used when installing on + AWS. + properties: + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role + that must be assumed to obtain AWS account access for the + cluster operations. + properties: + externalID: + description: 'ExternalID is random string generated by + platform so that assume role is protected from confused + deputy problem. more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the AWS account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + privateLink: + description: PrivateLink allows uses to enable access to the + cluster's API server using AWS PrivateLink. AWS PrivateLink + includes a pair of VPC Endpoint Service and VPC Endpoint + accross AWS accounts and allows clients to connect to services + using AWS's internal networking instead of the Internet. + properties: + additionalAllowedPrincipals: + description: AdditionalAllowedPrincipals is a list of + additional allowed principal ARNs to be configured for + the Private Link cluster's VPC Endpoint Service. ARNs + provided as AdditionalAllowedPrincipals will be configured + for the cluster's VPC Endpoint Service in addition to + the IAM entity used by Hive. + items: + type: string + type: array + enabled: + type: boolean + required: + - enabled + type: object + region: + description: Region specifies the AWS region where the cluster + will be created. + type: string + userTags: + additionalProperties: + type: string + description: UserTags specifies additional tags for AWS resources + created for the cluster. + type: object + required: + - region + type: object + azure: + description: Azure is the configuration used when installing on + Azure. + properties: + baseDomainResourceGroupName: + description: BaseDomainResourceGroupName specifies the resource + group where the azure DNS zone for the base domain is found + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the Azure account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the Azure region where the cluster + will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + baremetal: + description: BareMetal is the configuration used when installing + on bare metal. + properties: + libvirtSSHPrivateKeySecretRef: + description: LibvirtSSHPrivateKeySecretRef is the reference + to the secret that contains the private SSH key to use for + access to the libvirt provisioning host. The SSH private + key is expected to be in the secret data under the "ssh-privatekey" + key. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - libvirtSSHPrivateKeySecretRef + type: object + gcp: + description: GCP is the configuration used when installing on + Google Cloud Platform. + properties: + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the GCP account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + privateServiceConnect: + description: PrivateSericeConnect allows users to enable access + to the cluster's API server using GCP Private Service Connect. + It includes a forwarding rule paired with a Service Attachment + across GCP accounts and allows clients to connect to services + using GCP internal networking of using public load balancers. + properties: + enabled: + description: Enabled specifies if Private Service Connect + is to be enabled on the cluster. + type: boolean + serviceAttachment: + description: ServiceAttachment configures the service + attachment to be used by the cluster. + properties: + subnet: + description: Subnet configures the subnetwork that + contains the service attachment. + properties: + cidr: + description: Cidr configures the network cidr + of the subnetwork that contains the service + attachment. + type: string + type: object + type: object + required: + - enabled + type: object + region: + description: Region specifies the GCP region where the cluster + will be created. + type: string + required: + - region + type: object + ibmcloud: + description: IBMCloud is the configuration used when installing + on IBM Cloud + properties: + accountID: + description: AccountID is the IBM Cloud Account ID. AccountID + is DEPRECATED and is gathered via the IBM Cloud API for + the provided credentials. This field will be ignored. + type: string + cisInstanceCRN: + description: CISInstanceCRN is the IBM Cloud Internet Services + Instance CRN CISInstanceCRN is DEPRECATED and gathered via + the IBM Cloud API for the provided credentials and cluster + deployment base domain. This field will be ignored. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains IBM Cloud account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the IBM Cloud region where the + cluster will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + none: + description: None indicates platform-agnostic install. https://docs.openshift.com/container-platform/4.7/installing/installing_platform_agnostic/installing-platform-agnostic.html + type: object + openstack: + description: OpenStack is the configuration used when installing + on OpenStack + properties: + certificatesSecretRef: + description: "CertificatesSecretRef refers to a secret that + contains CA certificates necessary for communicating with + the OpenStack. There is additional configuration required + for the OpenShift cluster to trust the certificates provided + in this secret. The \"clouds.yaml\" file included in the + credentialsSecretRef Secret must also include a reference + to the certificate bundle file for the OpenShift cluster + being created to trust the OpenStack endpoints. The \"clouds.yaml\" + file must set the \"cacert\" field to either \"/etc/openstack-ca/\" or \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\". + \n For example, \"\"\"clouds.yaml clouds: shiftstack: auth: + ... cacert: \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\" + \"\"\"" + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + cloud: + description: Cloud will be used to indicate the OS_CLOUD value + to use the right section from the clouds.yaml in the CredentialsSecretRef. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the OpenStack account access credentials. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + trunkSupport: + description: TrunkSupport indicates whether or not to use + trunk ports in your OpenShift cluster. + type: boolean + required: + - cloud + - credentialsSecretRef + type: object + ovirt: + description: Ovirt is the configuration used when installing on + oVirt + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the oVirt CA certificates necessary for communicating + with oVirt. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that + contains the oVirt account access credentials with fields: + ovirt_url, ovirt_username, ovirt_password, ovirt_ca_bundle' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + ovirt_cluster_id: + description: The target cluster under which all VMs will run + type: string + ovirt_network_name: + description: The target network of all the network interfaces + of the nodes. Omitting defaults to ovirtmgmt network which + is a default network for evert ovirt cluster. + type: string + storage_domain_id: + description: The target storage domain under which all VM + disk would be created. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - ovirt_cluster_id + - storage_domain_id + type: object + vsphere: + description: VSphere is the configuration used when installing + on vSphere + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the vSphere CA certificates necessary for communicating + with the VCenter. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + cluster: + description: Cluster is the name of the cluster virtual machines + will be cloned into. + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that + contains the vSphere account access credentials: GOVC_USERNAME, + GOVC_PASSWORD fields.' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + datacenter: + description: Datacenter is the name of the datacenter to use + in the vCenter. + type: string + defaultDatastore: + description: DefaultDatastore is the default datastore to + use for provisioning volumes. + type: string + folder: + description: Folder is the name of the folder that will be + used and/or created for virtual machines. + type: string + network: + description: Network specifies the name of the network to + be used by the cluster. + type: string + vCenter: + description: VCenter is the domain name or IP address of the + vCenter. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - datacenter + - defaultDatastore + - vCenter + type: object + type: object + pullSecretRef: + description: PullSecretRef is the reference to the secret to use when + pulling images. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + runningCount: + description: RunningCount is the number of clusters we should keep + running. The remainder will be kept hibernated until claimed. By + default no clusters will be kept running (all will be hibernated). + format: int32 + minimum: 0 + type: integer + size: + description: Size is the default number of clusters that we should + keep provisioned and waiting for use. + format: int32 + minimum: 0 + type: integer + skipMachinePools: + description: SkipMachinePools allows creating clusterpools where the + machinepools are not managed by hive after cluster creation + type: boolean + required: + - baseDomain + - imageSetRef + - platform + - size + type: object + status: + description: ClusterPoolStatus defines the observed state of ClusterPool + properties: + conditions: + description: Conditions includes more detailed status for the cluster + pool + items: + description: ClusterPoolCondition contains details for the current + condition of a cluster pool + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + ready: + description: Ready is the number of unclaimed clusters that are installed + and are running and ready to be claimed. + format: int32 + type: integer + size: + description: Size is the number of unclaimed clusters that have been + created for the pool. + format: int32 + type: integer + standby: + description: Standby is the number of unclaimed clusters that are + installed, but not running. + format: int32 + type: integer + required: + - ready + - size + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.size + statusReplicasPath: .status.size + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterprovisions.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterprovisions.yaml new file mode 100644 index 00000000000..fcf6daf6cad --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterprovisions.yaml @@ -0,0 +1,210 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + labels: + contracts.hive.openshift.io/clusterinstall: "false" + name: clusterprovisions.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterProvision + listKind: ClusterProvisionList + plural: clusterprovisions + singular: clusterprovision + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterDeploymentRef.name + name: ClusterDeployment + type: string + - jsonPath: .spec.stage + name: Stage + type: string + - jsonPath: .spec.infraID + name: InfraID + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterProvision is the Schema for the clusterprovisions API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterProvisionSpec defines the results of provisioning + a cluster. + properties: + adminKubeconfigSecretRef: + description: AdminKubeconfigSecretRef references the secret containing + the admin kubeconfig for this cluster. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + adminPasswordSecretRef: + description: AdminPasswordSecretRef references the secret containing + the admin username/password which can be used to login to this cluster. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + attempt: + description: Attempt is which attempt number of the cluster deployment + that this ClusterProvision is + type: integer + clusterDeploymentRef: + description: ClusterDeploymentRef references the cluster deployment + provisioned. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: ClusterID is a globally unique identifier for this cluster + generated during installation. Used for reporting metrics among + other places. + type: string + infraID: + description: InfraID is an identifier for this cluster generated during + installation and used for tagging/naming resources in cloud providers. + type: string + installLog: + description: InstallLog is the log from the installer. + type: string + metadata: + description: 'Metadata is the metadata.json generated by the installer, + providing metadata information about the cluster created. NOTE: + This is not used because it didn''t work (it was always empty). + We think because the thing it''s storing (ClusterMetadata from installer) + is not a runtime.Object, so can''t be put in a RawExtension.' + type: object + metadataJSON: + description: MetadataJSON is a JSON representation of the ClusterMetadata + produced by the installer. We don't use a runtime.RawExtension because + ClusterMetadata isn't a runtime.Object. We don't use ClusterMetadata + itself because we don't want our API consumers to need to pull in + the installer code and its dependencies. + format: byte + type: string + prevClusterID: + description: PrevClusterID is the cluster ID of the previous failed + provision attempt. + type: string + prevInfraID: + description: PrevInfraID is the infra ID of the previous failed provision + attempt. + type: string + prevProvisionName: + description: PrevProvisionName is the name of the previous failed + provision attempt. + type: string + stage: + description: Stage is the stage of provisioning that the cluster deployment + has reached. + type: string + required: + - attempt + - clusterDeploymentRef + - podSpec + - stage + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: ClusterProvisionStatus defines the observed state of ClusterProvision. + properties: + conditions: + description: Conditions includes more detailed status for the cluster + provision + items: + description: ClusterProvisionCondition contains details for the + current condition of a cluster provision + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + jobRef: + description: JobRef is the reference to the job performing the provision. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterrelocates.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterrelocates.yaml new file mode 100644 index 00000000000..678eae97423 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterrelocates.yaml @@ -0,0 +1,116 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterrelocates.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterRelocate + listKind: ClusterRelocateList + plural: clusterrelocates + singular: clusterrelocate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterDeploymentSelector + name: Selector + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterRelocate is the Schema for the ClusterRelocates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterRelocateSpec defines the relocation of clusters from + one Hive instance to another. + properties: + clusterDeploymentSelector: + description: ClusterDeploymentSelector is a LabelSelector indicating + which clusters will be relocated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + kubeconfigSecretRef: + description: KubeconfigSecretRef is a reference to the secret containing + the kubeconfig for the destination Hive instance. The kubeconfig + must be in a data field where the key is "kubeconfig". + properties: + name: + description: Name is the name of the secret. + type: string + namespace: + description: Namespace is the namespace where the secret lives. + type: string + required: + - name + - namespace + type: object + required: + - clusterDeploymentSelector + - kubeconfigSecretRef + type: object + status: + description: ClusterRelocateStatus defines the observed state of ClusterRelocate. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterstates.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterstates.yaml new file mode 100644 index 00000000000..bc82a7bfeb3 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_clusterstates.yaml @@ -0,0 +1,100 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterstates.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterState + listKind: ClusterStateList + plural: clusterstates + singular: clusterstate + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterState is the Schema for the clusterstates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterStateSpec defines the desired state of ClusterState + type: object + status: + description: ClusterStateStatus defines the observed state of ClusterState + properties: + clusterOperators: + description: ClusterOperators contains the state for every cluster + operator in the target cluster + items: + description: ClusterOperatorState summarizes the status of a single + cluster operator + properties: + conditions: + description: Conditions is the set of conditions in the status + of the cluster operator on the target cluster + items: + description: ClusterOperatorStatusCondition represents the + state of the operator's managed and monitored components. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last + update to the current status property. + format: date-time + type: string + message: + description: message provides additional information about + the current condition. This is only to be consumed by + humans. It may contain Line Feed characters (U+000A), + which should be rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's + current status. + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: type specifies the aspect reported by this + condition. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + name: + description: Name is the name of the cluster operator + type: string + required: + - name + type: object + type: array + lastUpdated: + description: LastUpdated is the last time that operator state was + updated + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_dnszones.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_dnszones.yaml new file mode 100644 index 00000000000..02b4c004ccb --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_dnszones.yaml @@ -0,0 +1,256 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: dnszones.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: DNSZone + listKind: DNSZoneList + plural: dnszones + singular: dnszone + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: DNSZone is the Schema for the dnszones API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DNSZoneSpec defines the desired state of DNSZone + properties: + aws: + description: AWS specifies AWS-specific cloud configuration + properties: + additionalTags: + description: AdditionalTags is a set of additional tags to set + on the DNS hosted zone. In addition to these tags,the DNS Zone + controller will set a hive.openhsift.io/hostedzone tag identifying + the HostedZone record that it belongs to. + items: + description: AWSResourceTag represents a tag that is applied + to an AWS cloud resource + properties: + key: + description: Key is the key for the tag + type: string + value: + description: Value is the value for the tag + type: string + required: + - key + - value + type: object + type: array + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role that + must be assumed to obtain AWS account access for the DNS CRUD + operations. + properties: + externalID: + description: 'ExternalID is random string generated by platform + so that assume role is protected from confused deputy problem. + more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef contains a reference to a secret + that contains AWS credentials for CRUD operations + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region is the AWS region to use for route53 operations. + This defaults to us-east-1. For AWS China, use cn-northwest-1. + type: string + type: object + azure: + description: Azure specifes Azure-specific cloud configuration + properties: + cloudName: + description: CloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef references a secret that will + be used to authenticate with Azure CloudDNS. It will need permission + to create and manage CloudDNS Hosted Zones. Secret should have + a key named 'osServicePrincipal.json'. The credentials must + specify the project to use. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + resourceGroupName: + description: ResourceGroupName specifies the Azure resource group + in which the Hosted Zone should be created. + type: string + required: + - credentialsSecretRef + - resourceGroupName + type: object + gcp: + description: GCP specifies GCP-specific cloud configuration + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret that will + be used to authenticate with GCP CloudDNS. It will need permission + to create and manage CloudDNS Hosted Zones. Secret should have + a key named 'osServiceAccount.json'. The credentials must specify + the project to use. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - credentialsSecretRef + type: object + linkToParentDomain: + description: LinkToParentDomain specifies whether DNS records should + be automatically created to link this DNSZone with a parent domain. + type: boolean + preserveOnDelete: + description: PreserveOnDelete allows the user to disconnect a DNSZone + from Hive without deprovisioning it. This can also be used to abandon + ongoing DNSZone deprovision. Typically set automatically due to + PreserveOnDelete being set on a ClusterDeployment. + type: boolean + zone: + description: Zone is the DNS zone to host + type: string + required: + - zone + type: object + status: + description: DNSZoneStatus defines the observed state of DNSZone + properties: + aws: + description: AWSDNSZoneStatus contains status information specific + to AWS + properties: + zoneID: + description: ZoneID is the ID of the zone in AWS + type: string + type: object + azure: + description: AzureDNSZoneStatus contains status information specific + to Azure + type: object + conditions: + description: Conditions includes more detailed status for the DNSZone + items: + description: DNSZoneCondition contains details for the current condition + of a DNSZone + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + gcp: + description: GCPDNSZoneStatus contains status information specific + to GCP + properties: + zoneName: + description: ZoneName is the name of the zone in GCP Cloud DNS + type: string + type: object + lastSyncGeneration: + description: LastSyncGeneration is the generation of the zone resource + that was last sync'd. This is used to know if the Object has changed + and we should sync immediately. + format: int64 + type: integer + lastSyncTimestamp: + description: LastSyncTimestamp is the time that the zone was last + sync'd. + format: date-time + type: string + nameServers: + description: NameServers is a list of nameservers for this DNS zone + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_hiveconfigs.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_hiveconfigs.yaml new file mode 100644 index 00000000000..9da9f7dc4a7 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_hiveconfigs.yaml @@ -0,0 +1,1056 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: hiveconfigs.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: HiveConfig + listKind: HiveConfigList + plural: hiveconfigs + singular: hiveconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: HiveConfig is the Schema for the hives API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HiveConfigSpec defines the desired state of Hive + properties: + additionalCertificateAuthoritiesSecretRef: + description: AdditionalCertificateAuthoritiesSecretRef is a list of + references to secrets in the TargetNamespace that contain an additional + Certificate Authority to use when communicating with target clusters. + These certificate authorities will be used in addition to any self-signed + CA generated by each cluster on installation. The cert data should + be stored in the Secret key named 'ca.crt'. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to + be empty. Instances of this type with an empty value here + are almost certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + argoCDConfig: + description: ArgoCD specifies configuration for ArgoCD integration. + If enabled, Hive will automatically add provisioned clusters to + ArgoCD, and remove them when they are deprovisioned. + properties: + enabled: + description: Enabled dictates if ArgoCD gitops integration is + enabled. If not specified, the default is disabled. + type: boolean + namespace: + description: Namespace specifies the namespace where ArgoCD is + installed. Used for the location of cluster secrets. Defaults + to "argocd" + type: string + required: + - enabled + type: object + awsPrivateLink: + description: AWSPrivateLink defines the configuration for the aws-private-link + controller. It provides 3 major pieces of information required by + the controller, 1. The Credentials that should be used to create + AWS PrivateLink resources other than what exist in the customer's + account. 2. A list of VPCs that can be used by the controller to + choose one to create AWS VPC Endpoints for the AWS VPC Endpoint + Services created for ClusterDeployments in their corresponding regions. + 3. A list of VPCs that should be able to resolve the DNS addresses + setup for Private Link. + properties: + associatedVPCs: + description: "AssociatedVPCs is the list of VPCs that should be + able to resolve the DNS addresses setup for Private Link. This + allows clients in VPC to resolve the AWS PrivateLink address + using AWS's default DNS resolver for Private Route53 Hosted + Zones. \n This list should at minimum include the VPC where + the current Hive controller is running." + items: + description: AWSAssociatedVPC defines a VPC that should be able + to resolve the DNS addresses setup for Private Link. + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate + with AWS for associating the VPC with the Private HostedZone + created for PrivateLink. When not provided, the common + credentials for the controller should be used. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + type: string + vpcID: + type: string + required: + - region + - vpcID + type: object + type: array + credentialsSecretRef: + description: CredentialsSecretRef references a secret in the TargetNamespace + that will be used to authenticate with AWS for creating the + resources for AWS PrivateLink. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + dnsRecordType: + default: Alias + description: DNSRecordType defines what type of DNS record should + be created in Private Hosted Zone for the customer cluster's + API endpoint (which is the VPC Endpoint's regional DNS name). + enum: + - Alias + - ARecord + type: string + endpointVPCInventory: + description: EndpointVPCInventory is a list of VPCs and the corresponding + subnets in various AWS regions. The controller uses this list + to choose a VPC for creating AWS VPC Endpoints. Since the VPC + Endpoints must be in the same region as the ClusterDeployment, + we must have VPCs in that region to be able to setup Private + Link. + items: + description: AWSPrivateLinkInventory is a VPC and its corresponding + subnets in an AWS region. This VPC will be used to create + an AWS VPC Endpoint whenever there is a VPC Endpoint Service + created for a ClusterDeployment. + properties: + region: + type: string + subnets: + items: + description: AWSPrivateLinkSubnet defines a subnet in + the an AWS VPC. + properties: + availabilityZone: + type: string + subnetID: + type: string + required: + - availabilityZone + - subnetID + type: object + type: array + vpcID: + type: string + required: + - region + - subnets + - vpcID + type: object + type: array + required: + - credentialsSecretRef + type: object + backup: + description: Backup specifies configuration for backup integration. + If absent, backup integration will be disabled. + properties: + minBackupPeriodSeconds: + description: MinBackupPeriodSeconds specifies that a minimum of + MinBackupPeriodSeconds will occur in between each backup. This + is used to rate limit backups. This potentially batches together + multiple changes into 1 backup. No backups will be lost as changes + that happen during this interval are queued up and will result + in a backup happening once the interval has been completed. + type: integer + velero: + description: Velero specifies configuration for the Velero backup + integration. + properties: + enabled: + description: Enabled dictates if Velero backup integration + is enabled. If not specified, the default is disabled. + type: boolean + namespace: + description: Namespace specifies in which namespace velero + backup objects should be created. If not specified, the + default is a namespace named "velero". + type: string + type: object + type: object + controllersConfig: + description: ControllersConfig is used to configure different hive + controllers + properties: + controllers: + description: Controllers contains a list of configurations for + different controllers + items: + description: SpecificControllerConfig contains the configuration + for a specific controller + properties: + config: + description: ControllerConfig contains the configuration + for the controller specified by Name field + properties: + clientBurst: + description: ClientBurst specifies client rate limiter + burst for a controller + format: int32 + type: integer + clientQPS: + description: ClientQPS specifies client rate limiter + QPS for a controller + format: int32 + type: integer + concurrentReconciles: + description: ConcurrentReconciles specifies number of + concurrent reconciles for a controller + format: int32 + type: integer + queueBurst: + description: QueueBurst specifies workqueue rate limiter + burst for a controller + format: int32 + type: integer + queueQPS: + description: QueueQPS specifies workqueue rate limiter + QPS for a controller + format: int32 + type: integer + replicas: + description: Replicas specifies the number of replicas + the specific controller pod should use. This is ONLY + for controllers that have been split out into their + own pods. This is ignored for all others. + format: int32 + type: integer + resources: + description: Resources describes the compute resource + requirements of the controller container. This is + ONLY for controllers that have been split out into + their own pods. This is ignored for all others. + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field and + requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can + only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the + Pod where this field is used. It makes that + resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + name: + description: Name specifies the name of the controller + enum: + - clusterDeployment + - clusterrelocate + - clusterstate + - clusterversion + - controlPlaneCerts + - dnsendpoint + - dnszone + - remoteingress + - remotemachineset + - machinepool + - syncidentityprovider + - unreachable + - velerobackup + - clusterprovision + - clusterDeprovision + - clusterpool + - clusterpoolnamespace + - hibernation + - clusterclaim + - metrics + - clustersync + type: string + required: + - config + - name + type: object + type: array + default: + description: Default specifies default configuration for all the + controllers, can be used to override following coded defaults + default for concurrent reconciles is 5 default for client qps + is 5 default for client burst is 10 default for queue qps is + 10 default for queue burst is 100 + properties: + clientBurst: + description: ClientBurst specifies client rate limiter burst + for a controller + format: int32 + type: integer + clientQPS: + description: ClientQPS specifies client rate limiter QPS for + a controller + format: int32 + type: integer + concurrentReconciles: + description: ConcurrentReconciles specifies number of concurrent + reconciles for a controller + format: int32 + type: integer + queueBurst: + description: QueueBurst specifies workqueue rate limiter burst + for a controller + format: int32 + type: integer + queueQPS: + description: QueueQPS specifies workqueue rate limiter QPS + for a controller + format: int32 + type: integer + replicas: + description: Replicas specifies the number of replicas the + specific controller pod should use. This is ONLY for controllers + that have been split out into their own pods. This is ignored + for all others. + format: int32 + type: integer + resources: + description: Resources describes the compute resource requirements + of the controller container. This is ONLY for controllers + that have been split out into their own pods. This is ignored + for all others. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + type: object + deleteProtection: + description: DeleteProtection can be set to "enabled" to turn on automatic + delete protection for ClusterDeployments. When enabled, Hive will + add the "hive.openshift.io/protected-delete" annotation to new ClusterDeployments. + Once a ClusterDeployment has been installed, a user must remove + the annotation from a ClusterDeployment prior to deleting it. + enum: + - enabled + type: string + deploymentConfig: + description: DeploymentConfig is used to configure (pods/containers + of) the Deployments generated by hive-operator. + items: + properties: + deploymentName: + description: 'DeploymentName is the name of one of the Deployments/StatefulSets + managed by hive-operator. NOTE: At this time each deployment + has only one container. In the future, we may provide a way + to specify which container this DeploymentConfig will be applied + to.' + enum: + - hive-controllers + - hive-clustersync + - hiveadmission + type: string + resources: + description: Resources allows customization of the resource + (memory, CPU, etc.) limits and requests used by containers + in the Deployment/StatefulSet named by DeploymentName. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - deploymentName + type: object + type: array + deprovisionsDisabled: + description: DeprovisionsDisabled can be set to true to block deprovision + jobs from running. + type: boolean + disabledControllers: + description: DisabledControllers allows selectively disabling Hive + controllers by name. The name of an individual controller matches + the name of the controller as seen in the Hive logging output. + items: + type: string + type: array + exportMetrics: + description: 'ExportMetrics has been disabled and has no effect. If + upgrading from a version where it was active, please be aware of + the following in your HiveConfig.Spec.TargetNamespace (default `hive` + if unset): 1) ServiceMonitors named hive-controllers and hive-clustersync; + 2) Role and RoleBinding named prometheus-k8s; 3) The `openshift.io/cluster-monitoring` + metadata.label on the Namespace itself. You may wish to delete these + resources. Or you may wish to continue using them to enable monitoring + in your environment; but be aware that hive will no longer reconcile + them.' + type: boolean + failedProvisionConfig: + description: FailedProvisionConfig is used to configure settings related + to handling provision failures. + properties: + aws: + description: FailedProvisionAWSConfig contains AWS-specific info + to upload log files. + properties: + bucket: + description: Bucket is the S3 bucket to store the logs in. + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate with + AWS S3. It will need permission to upload logs to S3. Secret + should have keys named aws_access_key_id and aws_secret_access_key + that contain the AWS credentials. Example Secret: data: + aws_access_key_id: minio aws_secret_access_key: minio123' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region is the AWS region to use for S3 operations. + This defaults to us-east-1. For AWS China, use cn-northwest-1. + type: string + serviceEndpoint: + description: ServiceEndpoint is the url to connect to an S3 + compatible provider. + type: string + required: + - credentialsSecretRef + type: object + retryReasons: + description: RetryReasons is a list of installFailingReason strings + from the [additional-]install-log-regexes ConfigMaps. If specified, + Hive will only retry a failed installation if it results in + one of the listed reasons. If omitted (not the same thing as + empty!), Hive will retry regardless of the failure reason. (The + total number of install attempts is still constrained by ClusterDeployment.Spec.InstallAttemptsLimit.) + items: + type: string + type: array + skipGatherLogs: + description: 'DEPRECATED: This flag is no longer respected and + will be removed in the future.' + type: boolean + type: object + featureGates: + description: FeatureGateSelection allows selecting feature gates for + the controller. + properties: + custom: + description: custom allows the enabling or disabling of any feature. + Because of its nature, this setting cannot be validated. If + you have any typos or accidentally apply invalid combinations + might cause unknown behavior. featureSet must equal "Custom" + must be set to use this field. + nullable: true + properties: + enabled: + description: enabled is a list of all feature gates that you + want to force on + items: + type: string + type: array + type: object + featureSet: + description: featureSet changes the list of features in the cluster. The + default is empty. Be very careful adjusting this setting. + enum: + - "" + - Custom + type: string + type: object + globalPullSecretRef: + description: GlobalPullSecretRef is used to specify a pull secret + that will be used globally by all of the cluster deployments. For + each cluster deployment, the contents of GlobalPullSecret will be + merged with the specific pull secret for a cluster deployment(if + specified), with precedence given to the contents of the pull secret + for the cluster deployment. The global pull secret is assumed to + be in the TargetNamespace. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + logLevel: + description: LogLevel is the level of logging to use for the Hive + controllers. Acceptable levels, from coarsest to finest, are panic, + fatal, error, warn, info, debug, and trace. The default level is + info. + type: string + machinePoolPollInterval: + description: MachinePoolPollInterval is a string duration indicating + how much time must pass before checking whether remote resources + related to MachinePools need to be reapplied. Set to zero to disable + polling -- we'll only reconcile when hub objects change. The default + interval is 30m. + type: string + maintenanceMode: + description: MaintenanceMode can be set to true to disable the hive + controllers in situations where we need to ensure nothing is running + that will add or act upon finalizers on Hive types. This should + rarely be needed. Sets replicas to 0 for the hive-controllers deployment + to accomplish this. + type: boolean + managedDomains: + description: 'ManagedDomains is the list of DNS domains that are managed + by the Hive cluster When specifying ''manageDNS: true'' in a ClusterDeployment, + the ClusterDeployment''s baseDomain should be a direct child of + one of these domains, otherwise the ClusterDeployment creation will + result in a validation error.' + items: + description: ManageDNSConfig contains the domain being managed, + and the cloud-specific details for accessing/managing the domain. + properties: + aws: + description: AWS contains AWS-specific settings for external + DNS + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate + with AWS Route53. It will need permission to manage entries + for the domain listed in the parent ManageDNSConfig object. + Secret should have AWS keys named 'aws_access_key_id' + and 'aws_secret_access_key'. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region is the AWS region to use for route53 + operations. This defaults to us-east-1. For AWS China, + use cn-northwest-1. + type: string + required: + - credentialsSecretRef + type: object + azure: + description: Azure contains Azure-specific settings for external + DNS + properties: + cloudName: + description: CloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the + appropriate Azure API endpoints. If empty, the value is + equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate + with Azure DNS. It wil need permission to manage entries + in each of the managed domains listed in the parent ManageDNSConfig + object. Secret should have a key named 'osServicePrincipal.json' + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + resourceGroupName: + description: ResourceGroupName specifies the Azure resource + group containing the DNS zones for the domains being managed. + type: string + required: + - credentialsSecretRef + - resourceGroupName + type: object + domains: + description: Domains is the list of domains that hive will be + managing entries for with the provided credentials. + items: + type: string + type: array + gcp: + description: GCP contains GCP-specific settings for external + DNS + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate + with GCP DNS. It will need permission to manage entries + in each of the managed domains for this cluster. listed + in the parent ManageDNSConfig object. Secret should have + a key named 'osServiceAccount.json'. The credentials must + specify the project to use. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty + value here are almost certainly wrong. TODO: Add other + useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - credentialsSecretRef + type: object + required: + - domains + type: object + type: array + metricsConfig: + description: MetricsConfig encapsulates metrics specific configurations, + like opting in for certain metrics. + properties: + additionalClusterDeploymentLabels: + additionalProperties: + type: string + description: 'AdditionalClusterDeploymentLabels allows configuration + of additional labels to be applied to certain metrics. The keys + can be any string value suitable for a metric label (see https://prometheus.io/docs/concepts/data_model/#metric-names-and-labels). + The values can be any ClusterDeployment label key (from metadata.labels). + When observing an affected metric, hive will label it with the + specified metric key, and copy the value from the specified + ClusterDeployment label. For example, including {"ocp_major_version": + "hive.openshift.io/version-major"} will cause affected metrics + to include a label key ocp_major_version with the value from + the hive.openshift.io/version-major ClusterDeployment label + -- e.g. "4". NOTE: Avoid ClusterDeployment labels whose values + are unbounded, such as those representing cluster names or IDs, + as these will cause your prometheus database to grow indefinitely. + Affected metrics are those whose type implements the metricsWithDynamicLabels + interface found in pkg/controller/metrics/metrics_with_dynamic_labels.go' + type: object + metricsWithDuration: + description: Optional metrics and their configurations + items: + description: MetricsWithDuration represents metrics that report + time as values,like transition seconds. The purpose of these + metrics should be to track outliers - ensure their duration + is not set too low. + properties: + duration: + description: Duration is the minimum time taken - the relevant + metric will be logged only if the value reported by that + metric is more than the time mentioned here. For example, + if a user opts-in for current clusters stopping and mentions + 1 hour here, only the clusters stopping for more than + an hour will be reported. This is a Duration value; see + https://pkg.go.dev/time#ParseDuration for accepted formats. + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + name: + description: Name of the metric. It will correspond to an + optional relevant metric in hive + enum: + - currentStopping + - currentResuming + - currentWaitingForCO + - currentClusterSyncFailing + - cumulativeHibernated + - cumulativeResumed + type: string + required: + - duration + - name + type: object + type: array + type: object + privateLink: + description: PrivateLink is used to configure the privatelink controller. + properties: + gcp: + description: GCP is the configuration for GCP hub and link resources. + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in the + TargetNamespace that will be used to authenticate with GCP + for creating the resources for GCP Private Service Connect + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + endpointVPCInventory: + description: EndpointVPCInventory is a list of VPCs and the + corresponding subnets in various GCP regions. The controller + uses this list to choose a VPC for creating GCP Endpoints. + Since the VPC Endpoints must be in the same region as the + ClusterDeployment, we must have VPCs in that region to be + able to setup Private Service Connect. + items: + description: GCPPrivateServiceConnectInventory is a VPC + and its corresponding subnets. This VPC will be used to + create a GCP Endpoint whenever there is a Private Service + Connect service created for a ClusterDeployment. + properties: + network: + type: string + subnets: + items: + description: GCPPrivateServiceConnectSubnet defines + subnet and the corresponding GCP region. + properties: + region: + type: string + subnet: + type: string + required: + - region + - subnet + type: object + type: array + required: + - network + - subnets + type: object + type: array + required: + - credentialsSecretRef + type: object + type: object + releaseImageVerificationConfigMapRef: + description: "ReleaseImageVerificationConfigMapRef is a reference + to the ConfigMap that will be used to verify release images. \n + The config map structure is exactly the same as the config map used + for verification of release images for OpenShift 4 during upgrades. + Therefore you can usually set this to the config map shipped as + part of OpenShift (openshift-config-managed/release-verification). + \n See https://github.com/openshift/cluster-update-keys for more + details. The keys within the config map in the data field define + how verification is performed: \n verifier-public-key-*: One or + more GPG public keys in ASCII form that must have signed the release + image by digest. \n store-*: A URL (scheme file://, http://, or + https://) location that contains signatures. These signatures are + in the atomic container signature format. The URL will have the + digest of the image appended to it as \"/=/signature-\" + as described in the container image signing format. The docker-image-manifest + section of the signature must match the release image digest. Signatures + are searched starting at NUMBER 1 and incrementing if the signature + exists but is not valid. The signature is a GPG signed and encrypted + JSON message. The file store is provided for testing only at the + current time, although future versions of the CVO might allow host + mounting of signatures. \n See https://github.com/containers/image/blob/ab49b0a48428c623a8f03b41b9083d48966b34a9/docs/signature-protocols.md + for a description of the signature store \n The returned verifier + will require that any new release image will only be considered + verified if each provided public key has signed the release image + digest. The signature may be in any store and the lookup order is + internally defined. \n If not set, no verification will be performed." + properties: + name: + description: Name of the ConfigMap + type: string + namespace: + description: Namespace of the ConfigMap + type: string + required: + - name + - namespace + type: object + serviceProviderCredentialsConfig: + description: ServiceProviderCredentialsConfig is used to configure + credentials related to being a service provider on various cloud + platforms. + properties: + aws: + description: AWS is used to configure credentials related to being + a service provider on AWS. + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in the + TargetNamespace that will be used to authenticate with AWS + to become the Service Provider. Being a Service Provider + allows the controllers to assume the role in customer AWS + accounts to manager clusters. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen + doesn''t need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + syncSetReapplyInterval: + description: SyncSetReapplyInterval is a string duration indicating + how much time must pass before SyncSet resources will be reapplied. + The default reapply interval is two hours. + type: string + targetNamespace: + description: 'TargetNamespace is the namespace where the core Hive + components should be run. Defaults to "hive". Will be created if + it does not already exist. All resource references in HiveConfig + can be assumed to be in the TargetNamespace. NOTE: Whereas it is + possible to edit this value, causing hive to "move" its core components + to the new namespace, the old namespace is not deleted, as it will + still contain resources created by kubernetes and/or other OpenShift + controllers.' + type: string + type: object + status: + description: HiveConfigStatus defines the observed state of Hive + properties: + aggregatorClientCAHash: + description: AggregatorClientCAHash keeps an md5 hash of the aggregator + client CA configmap data from the openshift-config-managed namespace. + When the configmap changes, admission is redeployed. + type: string + conditions: + description: Conditions includes more detailed status for the HiveConfig + items: + description: HiveConfigCondition contains details for the current + condition of a HiveConfig + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + configApplied: + description: ConfigApplied will be set by the hive operator to indicate + whether or not the LastGenerationObserved was successfully reconciled. + type: boolean + observedGeneration: + description: ObservedGeneration will record the most recently processed + HiveConfig object's generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_machinepoolnameleases.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_machinepoolnameleases.yaml new file mode 100644 index 00000000000..6964ed2902e --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_machinepoolnameleases.yaml @@ -0,0 +1,59 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: machinepoolnameleases.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: MachinePoolNameLease + listKind: MachinePoolNameLeaseList + plural: machinepoolnameleases + singular: machinepoolnamelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.labels.hive\.openshift\.io/machine-pool-name + name: MachinePool + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/cluster-deployment-name + name: Cluster + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: MachinePoolNameLease is the Schema for the MachinePoolNameLeases + API. This resource is mostly empty as we're primarily relying on the name + to determine if a lease is available. Note that not all cloud providers + require the use of a lease for naming, at present this is only required + for GCP where we're extremely restricted on name lengths. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolNameLeaseSpec is a minimal resource for obtaining + unique machine pool names of a limited length. + type: object + status: + description: MachinePoolNameLeaseStatus defines the observed state of + MachinePoolNameLease. + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_machinepools.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_machinepools.yaml new file mode 100644 index 00000000000..2331176f6a8 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_machinepools.yaml @@ -0,0 +1,761 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: machinepools.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: MachinePool + listKind: MachinePoolList + plural: machinepools + singular: machinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: PoolName + type: string + - jsonPath: .spec.clusterDeploymentRef.name + name: ClusterDeployment + type: string + - jsonPath: .spec.replicas + name: Replicas + type: integer + name: v1 + schema: + openAPIV3Schema: + description: MachinePool is the Schema for the machinepools API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool + properties: + autoscaling: + description: Autoscaling is the details for auto-scaling the machine + pool. Replicas and autoscaling cannot be used together. + properties: + maxReplicas: + description: MaxReplicas is the maximum number of replicas for + the machine pool. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the minimum number of replicas for + the machine pool. + format: int32 + type: integer + required: + - maxReplicas + - minReplicas + type: object + clusterDeploymentRef: + description: ClusterDeploymentRef references the cluster deployment + to which this machine pool belongs. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + labels: + additionalProperties: + type: string + description: Map of label string keys and values that will be applied + to the created MachineSet's MachineSpec. This affects the labels + that will end up on the *Nodes* (in contrast with the MachineLabels + field). This list will overwrite any modifications made to Node + labels on an ongoing basis. + type: object + machineLabels: + additionalProperties: + type: string + description: 'Map of label string keys and values that will be applied + to the created MachineSet''s MachineTemplateSpec. This affects the + labels that will end up on the *Machines* (in contrast with the + Labels field). This list will overwrite any modifications made to + Machine labels on an ongoing basis. Note: We ignore entries that + conflict with generated labels.' + type: object + name: + description: Name is the name of the machine pool. + type: string + platform: + description: Platform is configuration for machine pool specific to + the platform. When using a MachinePool to control the default worker + machines created by installer, these must match the values provided + in the install-config. + properties: + aws: + description: AWS is the configuration used when installing on + AWS. + properties: + additionalSecurityGroupIDs: + description: AdditionalSecurityGroupIDs contains IDs of additional + security groups for machines, where each ID is presented + in the format sg-xxxx. + items: + type: string + type: array + metadataService: + description: EC2MetadataOptions defines metadata service interaction + options for EC2 instances in the machine pool. + properties: + authentication: + description: Authentication determines whether or not + the host requires the use of authentication when interacting + with the metadata service. When using authentication, + this enforces v2 interaction method (IMDSv2) with the + metadata service. When omitted, this means the user + has no opinion and the value is left to the platform + to choose a good default, which is subject to change + over time. The current default is optional. At this + point this field represents `HttpTokens` parameter from + `InstanceMetadataOptionsRequest` structure in AWS EC2 + API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html + type: string + type: object + rootVolume: + description: EC2RootVolume defines the storage for ec2 instance. + properties: + iops: + description: IOPS defines the iops for the storage. + type: integer + kmsKeyARN: + description: The KMS key that will be used to encrypt + the EBS volume. If no key is provided the default KMS + key for the account will be used. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetEbsDefaultKmsKeyId.html + type: string + size: + description: Size defines the size of the storage. + type: integer + type: + description: Type defines the type of the storage. + type: string + required: + - size + - type + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: 'The maximum price the user is willing to + pay for their instances Default: On-Demand price' + type: string + type: object + subnets: + description: Subnets is the list of IDs of subnets to which + to attach the machines. There must be exactly one subnet + for each availability zone used. These subnets may be public + or private. As a special case, for consistency with install-config, + you may specify exactly one private and one public subnet + for each availability zone. In this case, the public subnets + will be filtered out and only the private subnets will be + used. If empty/omitted, we will look for subnets in each + availability zone tagged with Name=-private- + (legacy terraform) or -subnet-private- (CAPA). + items: + type: string + type: array + type: + description: InstanceType defines the ec2 instance type. eg. + m4-large + type: string + userTags: + additionalProperties: + type: string + description: UserTags contains the user defined tags to be + supplied for the ec2 instance. Note that these will be merged + with ClusterDeployment.Spec.Platform.AWS.UserTags, with + this field taking precedence when keys collide. + type: object + zones: + description: Zones is list of availability zones that can + be used. + items: + type: string + type: array + required: + - rootVolume + - type + type: object + azure: + description: Azure is the configuration used when installing on + Azure. + properties: + computeSubnet: + description: ComputeSubnet specifies an existing subnet for + use by compute nodes. If omitted, the default (${infraID}-worker-subnet) + will be used. + type: string + networkResourceGroupName: + description: NetworkResourceGroupName specifies the network + resource group that contains an existing VNet. Ignored unless + VirtualNetwork is also specified. + type: string + osDisk: + description: OSDisk defines the storage for instance. + properties: + diskEncryptionSet: + description: DiskEncryptionSet defines a disk encryption + set. + properties: + name: + description: Name is the name of the disk encryption + set. + type: string + resourceGroup: + description: ResourceGroup defines the Azure resource + group used by the disk encryption set. + type: string + subscriptionId: + description: SubscriptionID defines the Azure subscription + the disk encryption set is in. + type: string + required: + - name + - resourceGroup + type: object + diskSizeGB: + description: DiskSizeGB defines the size of disk in GB. + format: int32 + minimum: 0 + type: integer + diskType: + description: DiskType defines the type of disk. For control + plane nodes, the valid values are Premium_LRS and StandardSSD_LRS. + Default is Premium_LRS. + enum: + - Standard_LRS + - Premium_LRS + - StandardSSD_LRS + type: string + required: + - diskSizeGB + type: object + osImage: + description: OSImage defines the image to use for the OS. + properties: + offer: + description: Offer is the offer of the image. + type: string + publisher: + description: Publisher is the publisher of the image. + type: string + sku: + description: SKU is the SKU of the image. + type: string + version: + description: Version is the version of the image. + type: string + required: + - offer + - publisher + - sku + - version + type: object + type: + description: InstanceType defines the azure instance type. + eg. Standard_DS_V2 + type: string + virtualNetwork: + description: VirtualNetwork specifies the name of an existing + VNet for the Machines to use If omitted, the default (${infraID}-vnet) + will be used. + type: string + vmNetworkingType: + description: 'VMNetworkingType specifies whether to enable + accelerated networking. Accelerated networking enables single + root I/O virtualization (SR-IOV) to a VM, greatly improving + its networking performance. eg. values: "Accelerated", "Basic"' + enum: + - Accelerated + - Basic + type: string + zones: + description: Zones is list of availability zones that can + be used. eg. ["1", "2", "3"] + items: + type: string + type: array + required: + - osDisk + - type + type: object + gcp: + description: GCP is the configuration used when installing on + GCP. + properties: + networkProjectID: + description: NetworkProjectID specifies which project the + network and subnets exist in when they are not in the main + ProjectID. + type: string + onHostMaintenance: + description: OnHostMaintenance determines the behavior when + a maintenance event occurs that might cause the instance + to reboot. This is required to be set to "Terminate" if + you want to provision machine with attached GPUs. Otherwise, + allowed values are "Migrate" and "Terminate". If omitted, + the platform chooses a default, which is subject to change + over time, currently that default is "Migrate". + enum: + - Migrate + - Terminate + type: string + osDisk: + description: OSDisk defines the storage for instances. + properties: + diskSizeGB: + description: DiskSizeGB defines the size of disk in GB. + Defaulted internally to 128. + format: int64 + maximum: 65536 + minimum: 16 + type: integer + diskType: + description: DiskType defines the type of disk. The valid + values are pd-standard and pd-ssd. Defaulted internally + to pd-ssd. + enum: + - pd-ssd + - pd-standard + type: string + encryptionKey: + description: EncryptionKey defines the KMS key to be used + to encrypt the disk. + properties: + kmsKey: + description: KMSKey is a reference to a KMS Key to + use for the encryption. + properties: + keyRing: + description: KeyRing is the name of the KMS Key + Ring which the KMS Key belongs to. + type: string + location: + description: Location is the GCP location in which + the Key Ring exists. + type: string + name: + description: Name is the name of the customer + managed encryption key to be used for the disk + encryption. + type: string + projectID: + description: ProjectID is the ID of the Project + in which the KMS Key Ring exists. Defaults to + the VM ProjectID if not set. + type: string + required: + - keyRing + - location + - name + type: object + kmsKeyServiceAccount: + description: KMSKeyServiceAccount is the service account + being used for the encryption request for the given + KMS key. If absent, the Compute Engine default service + account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account + for details on the default service account. + type: string + type: object + type: object + secureBoot: + description: SecureBoot Defines whether the instance should + have secure boot enabled. Verifies the digital signature + of all boot components, and halts the boot process if signature + verification fails. If omitted, the platform chooses a default, + which is subject to change over time. Currently that default + is "Disabled". + enum: + - Enabled + - Disabled + type: string + serviceAccount: + description: ServiceAccount is the email of a gcp service + account to be attached to worker nodes in order to provide + the permissions required by the cloud provider. For the + default worker MachinePool, it is the user's responsibility + to match this to the value provided in the install-config. + type: string + type: + description: InstanceType defines the GCP instance type. eg. + n1-standard-4 + type: string + zones: + description: Zones is list of availability zones that can + be used. + items: + type: string + type: array + required: + - type + type: object + ibmcloud: + description: IBMCloud is the configuration used when installing + on IBM Cloud. + properties: + bootVolume: + description: BootVolume is the configuration for the machine's + boot volume. + properties: + encryptionKey: + description: EncryptionKey is the CRN referencing a Key + Protect or Hyper Protect Crypto Services key to use + for volume encryption. If not specified, a provider + managed encryption key will be used. + type: string + type: object + dedicatedHosts: + description: DedicatedHosts is the configuration for the machine's + dedicated host and profile. + items: + description: DedicatedHost stores the configuration for + the machine's dedicated host platform. + properties: + name: + description: Name is the name of the dedicated host + to provision the machine on. If specified, machines + will be created on pre-existing dedicated host. + type: string + profile: + description: Profile is the profile ID for the dedicated + host. If specified, new dedicated host will be created + for machines. + type: string + type: object + type: array + type: + description: InstanceType is the VSI machine profile. + type: string + zones: + description: Zones is the list of availability zones used + for machines in the pool. + items: + type: string + type: array + type: object + openstack: + description: OpenStack is the configuration used when installing + on OpenStack. + properties: + flavor: + description: Flavor defines the OpenStack Nova flavor. eg. + m1.large The json key here differs from the installer which + uses both "computeFlavor" and type "type" depending on which + type you're looking at, and the resulting field on the MachineSet + is "flavor". We are opting to stay consistent with the end + result. + type: string + rootVolume: + description: RootVolume defines the root volume for instances + in the machine pool. The instances use ephemeral disks if + not set. + properties: + size: + description: Size defines the size of the volume in gibibytes + (GiB). Required + type: integer + type: + description: Type defines the type of the volume. Required + type: string + required: + - size + - type + type: object + required: + - flavor + type: object + ovirt: + description: Ovirt is the configuration used when installing on + oVirt. + properties: + cpu: + description: CPU defines the VM CPU. + properties: + cores: + description: Cores is the number of cores per socket. + Total CPUs is (Sockets * Cores) + format: int32 + type: integer + sockets: + description: Sockets is the number of sockets for a VM. + Total CPUs is (Sockets * Cores) + format: int32 + type: integer + required: + - cores + - sockets + type: object + memoryMB: + description: MemoryMB is the size of a VM's memory in MiBs. + format: int32 + type: integer + osDisk: + description: OSDisk is the the root disk of the node. + properties: + sizeGB: + description: SizeGB size of the bootable disk in GiB. + format: int64 + type: integer + required: + - sizeGB + type: object + vmType: + description: VMType defines the workload type of the VM. + enum: + - "" + - desktop + - server + - high_performance + type: string + type: object + vsphere: + description: VSphere is the configuration used when installing + on vSphere + properties: + coresPerSocket: + description: NumCoresPerSocket is the number of cores per + socket in a vm. The number of vCPUs on the vm will be NumCPUs/NumCoresPerSocket. + format: int32 + type: integer + cpus: + description: NumCPUs is the total number of virtual processor + cores to assign a vm. + format: int32 + type: integer + memoryMB: + description: Memory is the size of a VM's memory in MB. + format: int64 + type: integer + osDisk: + description: OSDisk defines the storage for instance. + properties: + diskSizeGB: + description: DiskSizeGB defines the size of disk in GB. + format: int32 + type: integer + required: + - diskSizeGB + type: object + resourcePool: + description: ResourcePool is the name of the resource pool + that will be used for virtual machines. If it is not present, + a default value will be used. + type: string + required: + - coresPerSocket + - cpus + - memoryMB + - osDisk + type: object + type: object + replicas: + description: Replicas is the count of machines for this machine pool. + Replicas and autoscaling cannot be used together. Default is 1, + if autoscaling is not used. + format: int64 + type: integer + taints: + description: List of taints that will be applied to the created MachineSet's + MachineSpec. This list will overwrite any modifications made to + Node taints on an ongoing basis. In case of duplicate entries, first + encountered taint Value will be preserved, and the rest collapsed + on the corresponding MachineSets. Note that taints are uniquely + identified based on key+effect, not just key. + items: + description: The node this Taint is attached to has the "effect" + on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods that + do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint + was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint key. + type: string + required: + - effect + - key + type: object + type: array + required: + - clusterDeploymentRef + - name + - platform + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool + properties: + conditions: + description: Conditions includes more detailed status for the cluster + deployment + items: + description: MachinePoolCondition contains details for the current + condition of a machine pool + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + controlledByReplica: + description: ControlledByReplica indicates which replica of the hive-machinepool + StatefulSet is responsible for this MachinePool. Note that this + value indicates the replica that most recently handled the MachinePool. + If the hive-machinepool statefulset is scaled up or down, the controlling + replica can change, potentially causing logs to be spread across + multiple pods. + format: int64 + type: integer + machineSets: + description: MachineSets is the status of the machine sets for the + machine pool on the remote cluster. + items: + description: MachineSetStatus is the status of a machineset in the + remote cluster. + properties: + errorMessage: + type: string + errorReason: + description: In the event that there is a terminal problem reconciling + the replicas, both ErrorReason and ErrorMessage will be set. + ErrorReason will be populated with a succinct value suitable + for machine interpretation, while ErrorMessage will contain + a more verbose string suitable for logging and human consumption. + type: string + maxReplicas: + description: MaxReplicas is the maximum number of replicas for + the machine set. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the minimum number of replicas for + the machine set. + format: int32 + type: integer + name: + description: Name is the name of the machine set. + type: string + readyReplicas: + description: The number of ready replicas for this MachineSet. + A machine is considered ready when the node has been created + and is "Ready". It is transferred as-is from the MachineSet + from remote cluster. + format: int32 + type: integer + replicas: + description: Replicas is the current number of replicas for + the machine set. + format: int32 + type: integer + required: + - maxReplicas + - minReplicas + - name + - replicas + type: object + type: array + ownedLabels: + description: OwnedLabels lists the keys of labels this MachinePool + created on the remote MachineSet's MachineSpec. (In contrast with + OwnedMachineLabels.) Used to identify labels to remove from the + remote MachineSet when they are absent from the MachinePool's spec.labels. + items: + type: string + type: array + ownedMachineLabels: + description: OwnedMachineLabels lists the keys of labels this MachinePool + created on the remote MachineSet's MachineTemplateSpec. (In contrast + with OwnedLabels.) Used to identify labels to remove from the remote + MachineSet when they are absent from the MachinePool's spec.machineLabels. + items: + type: string + type: array + ownedTaints: + description: OwnedTaints lists identifiers of taints this MachinePool + created on the remote MachineSet. Used to identify taints to remove + from the remote MachineSet when they are absent from the MachinePool's + spec.taints. + items: + description: TaintIdentifier uniquely identifies a Taint. (It turns + out taints are mutually exclusive by key+effect, not simply by + key.) + properties: + effect: + description: Effect matches corev1.Taint.Effect. + type: string + key: + description: Key matches corev1.Taint.Key. + type: string + type: object + type: array + replicas: + description: Replicas is the current number of replicas for the machine + pool. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_selectorsyncidentityproviders.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_selectorsyncidentityproviders.yaml new file mode 100644 index 00000000000..90e8cc75807 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_selectorsyncidentityproviders.yaml @@ -0,0 +1,655 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: selectorsyncidentityproviders.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: SelectorSyncIdentityProvider + listKind: SelectorSyncIdentityProviderList + plural: selectorsyncidentityproviders + singular: selectorsyncidentityprovider + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SelectorSyncIdentityProvider is the Schema for the SelectorSyncSet + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SelectorSyncIdentityProviderSpec defines the SyncIdentityProviderCommonSpec + to sync to ClusterDeploymentSelector indicating which clusters the SelectorSyncIdentityProvider + applies to in any namespace. + properties: + clusterDeploymentSelector: + description: ClusterDeploymentSelector is a LabelSelector indicating + which clusters the SelectorIdentityProvider applies to in any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + identityProviders: + description: IdentityProviders is an ordered list of ways for a user + to identify themselves + items: + description: IdentityProvider provides identities for users authenticating + using credentials + properties: + basicAuth: + description: basicAuth contains configuration options for the + BasicAuth IdP + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the remote URL to connect to + type: string + type: object + github: + description: github enables user authentication using GitHub + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. This can only be configured when hostname is set + to a non-empty value. The namespace for this config map + is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") + for use with a hosted instance of GitHub Enterprise. It + must match the GitHub Enterprise settings value configured + at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations + are allowed to log in + items: + type: string + type: array + teams: + description: teams optionally restricts which teams are + allowed to log in. Format is /. + items: + type: string + type: array + type: object + gitlab: + description: gitlab enables user authentication using GitLab + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the oauth server base URL + type: string + type: object + google: + description: google enables user authentication using Google + credentials + properties: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + hostedDomain: + description: hostedDomain is the optional Google App domain + (e.g. "mycompany.com") to restrict logins to + type: string + type: object + htpasswd: + description: htpasswd enables user authentication using an HTPasswd + file to validate credentials + properties: + fileData: + description: fileData is a required reference to a secret + by name containing the data to use as the htpasswd file. + The key "htpasswd" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. If the specified htpasswd data is not + valid, the identity provider is not honored. The namespace + for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + type: object + keystone: + description: keystone enables user authentication using keystone + password credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the remote URL to connect to + type: string + type: object + ldap: + description: ldap enables user authentication using LDAP credentials + properties: + attributes: + description: attributes maps LDAP attributes to identities + properties: + email: + description: email is the list of attributes whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + items: + type: string + type: array + id: + description: id is the list of attributes whose values + should be used as the user ID. Required. First non-empty + attribute is used. At least one attribute is required. + If none of the listed attribute have a value, authentication + fails. LDAP standard identity attribute is "dn" + items: + type: string + type: array + name: + description: name is the list of attributes whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity LDAP standard + display name attribute is "cn" + items: + type: string + type: array + preferredUsername: + description: preferredUsername is the list of attributes + whose values should be used as the preferred username. + LDAP standard login attribute is "uid" + items: + type: string + type: array + type: object + bindDN: + description: bindDN is an optional DN to bind with during + the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a + secret by name containing a password to bind with during + the search phase. The key "bindPassword" is used to locate + the data. If specified and the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + insecure: + description: 'insecure, if true, indicates the connection + should not use TLS WARNING: Should not be set to `true` + with the URL scheme "ldaps://" as "ldaps://" URLs always + attempt to connect using TLS, even when `insecure` is + set to `true` When `true`, "ldap://" URLS connect insecurely. + When `false`, "ldap://" URLs are upgraded to a TLS connection + using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the + LDAP search parameters to use. The syntax of the URL is: + ldap://host:port/basedn?attribute?scope?filter' + type: string + type: object + mappingMethod: + description: mappingMethod determines how identities from this + provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned + by this provider. - It MUST be unique and not shared by any + other identity provider used - It MUST be a valid path segment: + name cannot equal "." or ".." or contain "/" or "%" or ":" + Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + claims: + description: claims mappings + properties: + email: + description: email is the list of claims whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + items: + type: string + type: array + x-kubernetes-list-type: atomic + groups: + description: groups is the list of claims value of which + should be used to synchronize groups from the OIDC + provider to OpenShift for the user. If multiple claims + are specified, the first one with a non-empty value + is used. + items: + description: OpenIDClaim represents a claim retrieved + from an OpenID provider's tokens or userInfo responses + minLength: 1 + type: string + type: array + x-kubernetes-list-type: atomic + name: + description: name is the list of claims whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity + items: + type: string + type: array + x-kubernetes-list-type: atomic + preferredUsername: + description: preferredUsername is the list of claims + whose values should be used as the preferred username. + If unspecified, the preferred username is determined + from the value of the sub claim + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + extraAuthorizeParameters: + additionalProperties: + type: string + description: extraAuthorizeParameters are any custom parameters + to add to the authorize request. + type: object + extraScopes: + description: extraScopes are any scopes to request in addition + to the standard "openid" scope. + items: + type: string + type: array + issuer: + description: issuer is the URL that the OpenID Provider + asserts as its Issuer Identifier. It must use the https + scheme with no query or fragment component. + type: string + type: object + requestHeader: + description: requestHeader enables user authentication using + request header credentials + properties: + ca: + description: ca is a required reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. Specifically, it allows verification + of incoming requests to prevent header spoofing. The key + "ca.crt" is used to locate the data. If the config map + or expected key is not found, the identity provider is + not honored. If the specified ca data is not valid, the + identity provider is not honored. The namespace for this + config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + challengeURL: + description: challengeURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect WWW-Authenticate challenges will + be redirected here. ${url} is replaced with the current + URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when challenge is set to true. + type: string + clientCommonNames: + description: clientCommonNames is an optional list of common + names to require a match from. If empty, any client certificate + validated against the clientCA bundle is considered authoritative. + items: + type: string + type: array + emailHeaders: + description: emailHeaders is the set of headers to check + for the email address + items: + type: string + type: array + headers: + description: headers is the set of headers to check for + identity information + items: + type: string + type: array + loginURL: + description: loginURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect interactive logins will be redirected + here ${url} is replaced with the current URL, escaped + to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when login is set to true. + type: string + nameHeaders: + description: nameHeaders is the set of headers to check + for the display name + items: + type: string + type: array + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers + to check for the preferred username + items: + type: string + type: array + type: object + type: + description: type identifies the identity provider type for + this entry. + type: string + type: object + type: array + required: + - identityProviders + type: object + status: + description: IdentityProviderStatus defines the observed state of SyncSet + type: object + type: object + served: true + storage: true diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_selectorsyncsets.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_selectorsyncsets.yaml new file mode 100644 index 00000000000..acd200884cb --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_selectorsyncsets.yaml @@ -0,0 +1,218 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: selectorsyncsets.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: SelectorSyncSet + listKind: SelectorSyncSetList + plural: selectorsyncsets + shortNames: + - sss + singular: selectorsyncset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SelectorSyncSet is the Schema for the SelectorSyncSet API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SelectorSyncSetSpec defines the SyncSetCommonSpec resources + and patches to sync along with a ClusterDeploymentSelector indicating + which clusters the SelectorSyncSet applies to in any namespace. + properties: + applyBehavior: + description: ApplyBehavior indicates how resources in this syncset + will be applied to the target cluster. The default value of "Apply" + indicates that resources should be applied using the 'oc apply' + command. If no value is set, "Apply" is assumed. A value of "CreateOnly" + indicates that the resource will only be created if it does not + already exist in the target cluster. Otherwise, it will be left + alone. A value of "CreateOrUpdate" indicates that the resource will + be created/updated without the use of the 'oc apply' command, allowing + larger resources to be synced, but losing some functionality of + the 'oc apply' command such as the ability to remove annotations, + labels, and other map entries in general. + enum: + - "" + - Apply + - CreateOnly + - CreateOrUpdate + type: string + clusterDeploymentSelector: + description: ClusterDeploymentSelector is a LabelSelector indicating + which clusters the SelectorSyncSet applies to in any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + enableResourceTemplates: + description: 'EnableResourceTemplates, if True, causes hive to honor + golang text/templates in Resources. While the standard syntax is + supported, it won''t do you a whole lot of good as the parser does + not pass a data object (i.e. there is no "dot" for you to use). + This currently exists to expose a single function: {{ fromCDLabel + "some.label/key" }} will be substituted with the string value of + ClusterDeployment.Labels["some.label/key"]. The empty string is + interpolated if there are no labels, or if the indicated key does + not exist. Note that this only works in values (not e.g. map keys) + that are of type string.' + type: boolean + patches: + description: Patches is the list of patches to apply. + items: + description: SyncObjectPatch represents a patch to be applied to + a specific object + properties: + apiVersion: + description: APIVersion is the Group and Version of the object + to be patched. + type: string + kind: + description: Kind is the Kind of the object to be patched. + type: string + name: + description: Name is the name of the object to be patched. + type: string + namespace: + description: Namespace is the Namespace in which the object + to patch exists. Defaults to the SyncSet's Namespace. + type: string + patch: + description: Patch is the patch to apply. + type: string + patchType: + description: PatchType indicates the PatchType as "strategic" + (default), "json", or "merge". + type: string + required: + - apiVersion + - kind + - name + - patch + type: object + type: array + resourceApplyMode: + description: ResourceApplyMode indicates if the Resource apply mode + is "Upsert" (default) or "Sync". ApplyMode "Upsert" indicates create + and update. ApplyMode "Sync" indicates create, update and delete. + type: string + resources: + description: Resources is the list of objects to sync from RawExtension + definitions. + items: + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + type: array + secretMappings: + description: Secrets is the list of secrets to sync along with their + respective destinations. + items: + description: SecretMapping defines a source and destination for + a secret to be synced by a SyncSet + properties: + sourceRef: + description: SourceRef specifies the name and namespace of a + secret on the management cluster + properties: + name: + description: Name is the name of the secret + type: string + namespace: + description: Namespace is the namespace where the secret + lives. If not present for the source secret reference, + it is assumed to be the same namespace as the syncset + with the reference. + type: string + required: + - name + type: object + targetRef: + description: TargetRef specifies the target name and namespace + of the secret on the target cluster + properties: + name: + description: Name is the name of the secret + type: string + namespace: + description: Namespace is the namespace where the secret + lives. If not present for the source secret reference, + it is assumed to be the same namespace as the syncset + with the reference. + type: string + required: + - name + type: object + required: + - sourceRef + - targetRef + type: object + type: array + type: object + status: + description: SelectorSyncSetStatus defines the observed state of a SelectorSyncSet + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_syncidentityproviders.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_syncidentityproviders.yaml new file mode 100644 index 00000000000..155a281a5d1 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_syncidentityproviders.yaml @@ -0,0 +1,630 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: syncidentityproviders.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: SyncIdentityProvider + listKind: SyncIdentityProviderList + plural: syncidentityproviders + singular: syncidentityprovider + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SyncIdentityProvider is the Schema for the SyncIdentityProvider + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SyncIdentityProviderSpec defines the SyncIdentityProviderCommonSpec + identity providers to sync along with ClusterDeploymentRefs indicating + which clusters the SyncIdentityProvider applies to in the SyncIdentityProvider's + namespace. + properties: + clusterDeploymentRefs: + description: ClusterDeploymentRefs is the list of LocalObjectReference + indicating which clusters the SyncSet applies to in the SyncSet's + namespace. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to + be empty. Instances of this type with an empty value here + are almost certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + identityProviders: + description: IdentityProviders is an ordered list of ways for a user + to identify themselves + items: + description: IdentityProvider provides identities for users authenticating + using credentials + properties: + basicAuth: + description: basicAuth contains configuration options for the + BasicAuth IdP + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the remote URL to connect to + type: string + type: object + github: + description: github enables user authentication using GitHub + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. This can only be configured when hostname is set + to a non-empty value. The namespace for this config map + is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") + for use with a hosted instance of GitHub Enterprise. It + must match the GitHub Enterprise settings value configured + at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations + are allowed to log in + items: + type: string + type: array + teams: + description: teams optionally restricts which teams are + allowed to log in. Format is /. + items: + type: string + type: array + type: object + gitlab: + description: gitlab enables user authentication using GitLab + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the oauth server base URL + type: string + type: object + google: + description: google enables user authentication using Google + credentials + properties: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + hostedDomain: + description: hostedDomain is the optional Google App domain + (e.g. "mycompany.com") to restrict logins to + type: string + type: object + htpasswd: + description: htpasswd enables user authentication using an HTPasswd + file to validate credentials + properties: + fileData: + description: fileData is a required reference to a secret + by name containing the data to use as the htpasswd file. + The key "htpasswd" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. If the specified htpasswd data is not + valid, the identity provider is not honored. The namespace + for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + type: object + keystone: + description: keystone enables user authentication using keystone + password credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the remote URL to connect to + type: string + type: object + ldap: + description: ldap enables user authentication using LDAP credentials + properties: + attributes: + description: attributes maps LDAP attributes to identities + properties: + email: + description: email is the list of attributes whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + items: + type: string + type: array + id: + description: id is the list of attributes whose values + should be used as the user ID. Required. First non-empty + attribute is used. At least one attribute is required. + If none of the listed attribute have a value, authentication + fails. LDAP standard identity attribute is "dn" + items: + type: string + type: array + name: + description: name is the list of attributes whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity LDAP standard + display name attribute is "cn" + items: + type: string + type: array + preferredUsername: + description: preferredUsername is the list of attributes + whose values should be used as the preferred username. + LDAP standard login attribute is "uid" + items: + type: string + type: array + type: object + bindDN: + description: bindDN is an optional DN to bind with during + the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a + secret by name containing a password to bind with during + the search phase. The key "bindPassword" is used to locate + the data. If specified and the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + insecure: + description: 'insecure, if true, indicates the connection + should not use TLS WARNING: Should not be set to `true` + with the URL scheme "ldaps://" as "ldaps://" URLs always + attempt to connect using TLS, even when `insecure` is + set to `true` When `true`, "ldap://" URLS connect insecurely. + When `false`, "ldap://" URLs are upgraded to a TLS connection + using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the + LDAP search parameters to use. The syntax of the URL is: + ldap://host:port/basedn?attribute?scope?filter' + type: string + type: object + mappingMethod: + description: mappingMethod determines how identities from this + provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned + by this provider. - It MUST be unique and not shared by any + other identity provider used - It MUST be a valid path segment: + name cannot equal "." or ".." or contain "/" or "%" or ":" + Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + claims: + description: claims mappings + properties: + email: + description: email is the list of claims whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + items: + type: string + type: array + x-kubernetes-list-type: atomic + groups: + description: groups is the list of claims value of which + should be used to synchronize groups from the OIDC + provider to OpenShift for the user. If multiple claims + are specified, the first one with a non-empty value + is used. + items: + description: OpenIDClaim represents a claim retrieved + from an OpenID provider's tokens or userInfo responses + minLength: 1 + type: string + type: array + x-kubernetes-list-type: atomic + name: + description: name is the list of claims whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity + items: + type: string + type: array + x-kubernetes-list-type: atomic + preferredUsername: + description: preferredUsername is the list of claims + whose values should be used as the preferred username. + If unspecified, the preferred username is determined + from the value of the sub claim + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + extraAuthorizeParameters: + additionalProperties: + type: string + description: extraAuthorizeParameters are any custom parameters + to add to the authorize request. + type: object + extraScopes: + description: extraScopes are any scopes to request in addition + to the standard "openid" scope. + items: + type: string + type: array + issuer: + description: issuer is the URL that the OpenID Provider + asserts as its Issuer Identifier. It must use the https + scheme with no query or fragment component. + type: string + type: object + requestHeader: + description: requestHeader enables user authentication using + request header credentials + properties: + ca: + description: ca is a required reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. Specifically, it allows verification + of incoming requests to prevent header spoofing. The key + "ca.crt" is used to locate the data. If the config map + or expected key is not found, the identity provider is + not honored. If the specified ca data is not valid, the + identity provider is not honored. The namespace for this + config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + challengeURL: + description: challengeURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect WWW-Authenticate challenges will + be redirected here. ${url} is replaced with the current + URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when challenge is set to true. + type: string + clientCommonNames: + description: clientCommonNames is an optional list of common + names to require a match from. If empty, any client certificate + validated against the clientCA bundle is considered authoritative. + items: + type: string + type: array + emailHeaders: + description: emailHeaders is the set of headers to check + for the email address + items: + type: string + type: array + headers: + description: headers is the set of headers to check for + identity information + items: + type: string + type: array + loginURL: + description: loginURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect interactive logins will be redirected + here ${url} is replaced with the current URL, escaped + to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when login is set to true. + type: string + nameHeaders: + description: nameHeaders is the set of headers to check + for the display name + items: + type: string + type: array + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers + to check for the preferred username + items: + type: string + type: array + type: object + type: + description: type identifies the identity provider type for + this entry. + type: string + type: object + type: array + required: + - clusterDeploymentRefs + - identityProviders + type: object + status: + description: IdentityProviderStatus defines the observed state of SyncSet + type: object + type: object + served: true + storage: true diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_syncsets.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_syncsets.yaml new file mode 100644 index 00000000000..1192174d12e --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hive.openshift.io_syncsets.yaml @@ -0,0 +1,193 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: syncsets.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: SyncSet + listKind: SyncSetList + plural: syncsets + shortNames: + - ss + singular: syncset + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SyncSet is the Schema for the SyncSet API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SyncSetSpec defines the SyncSetCommonSpec resources and patches + to sync along with ClusterDeploymentRefs indicating which clusters the + SyncSet applies to in the SyncSet's namespace. + properties: + applyBehavior: + description: ApplyBehavior indicates how resources in this syncset + will be applied to the target cluster. The default value of "Apply" + indicates that resources should be applied using the 'oc apply' + command. If no value is set, "Apply" is assumed. A value of "CreateOnly" + indicates that the resource will only be created if it does not + already exist in the target cluster. Otherwise, it will be left + alone. A value of "CreateOrUpdate" indicates that the resource will + be created/updated without the use of the 'oc apply' command, allowing + larger resources to be synced, but losing some functionality of + the 'oc apply' command such as the ability to remove annotations, + labels, and other map entries in general. + enum: + - "" + - Apply + - CreateOnly + - CreateOrUpdate + type: string + clusterDeploymentRefs: + description: ClusterDeploymentRefs is the list of LocalObjectReference + indicating which clusters the SyncSet applies to in the SyncSet's + namespace. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to + be empty. Instances of this type with an empty value here + are almost certainly wrong. TODO: Add other useful fields. + apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + enableResourceTemplates: + description: 'EnableResourceTemplates, if True, causes hive to honor + golang text/templates in Resources. While the standard syntax is + supported, it won''t do you a whole lot of good as the parser does + not pass a data object (i.e. there is no "dot" for you to use). + This currently exists to expose a single function: {{ fromCDLabel + "some.label/key" }} will be substituted with the string value of + ClusterDeployment.Labels["some.label/key"]. The empty string is + interpolated if there are no labels, or if the indicated key does + not exist. Note that this only works in values (not e.g. map keys) + that are of type string.' + type: boolean + patches: + description: Patches is the list of patches to apply. + items: + description: SyncObjectPatch represents a patch to be applied to + a specific object + properties: + apiVersion: + description: APIVersion is the Group and Version of the object + to be patched. + type: string + kind: + description: Kind is the Kind of the object to be patched. + type: string + name: + description: Name is the name of the object to be patched. + type: string + namespace: + description: Namespace is the Namespace in which the object + to patch exists. Defaults to the SyncSet's Namespace. + type: string + patch: + description: Patch is the patch to apply. + type: string + patchType: + description: PatchType indicates the PatchType as "strategic" + (default), "json", or "merge". + type: string + required: + - apiVersion + - kind + - name + - patch + type: object + type: array + resourceApplyMode: + description: ResourceApplyMode indicates if the Resource apply mode + is "Upsert" (default) or "Sync". ApplyMode "Upsert" indicates create + and update. ApplyMode "Sync" indicates create, update and delete. + type: string + resources: + description: Resources is the list of objects to sync from RawExtension + definitions. + items: + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + type: array + secretMappings: + description: Secrets is the list of secrets to sync along with their + respective destinations. + items: + description: SecretMapping defines a source and destination for + a secret to be synced by a SyncSet + properties: + sourceRef: + description: SourceRef specifies the name and namespace of a + secret on the management cluster + properties: + name: + description: Name is the name of the secret + type: string + namespace: + description: Namespace is the namespace where the secret + lives. If not present for the source secret reference, + it is assumed to be the same namespace as the syncset + with the reference. + type: string + required: + - name + type: object + targetRef: + description: TargetRef specifies the target name and namespace + of the secret on the target cluster + properties: + name: + description: Name is the name of the secret + type: string + namespace: + description: Namespace is the namespace where the secret + lives. If not present for the source secret reference, + it is assumed to be the same namespace as the syncset + with the reference. + type: string + required: + - name + type: object + required: + - sourceRef + - targetRef + type: object + type: array + required: + - clusterDeploymentRefs + type: object + status: + description: SyncSetStatus defines the observed state of a SyncSet + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_clustersyncleases.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_clustersyncleases.yaml new file mode 100644 index 00000000000..06c1cf17b85 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_clustersyncleases.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clustersyncleases.hiveinternal.openshift.io +spec: + group: hiveinternal.openshift.io + names: + kind: ClusterSyncLease + listKind: ClusterSyncLeaseList + plural: clustersyncleases + shortNames: + - csl + singular: clustersynclease + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSyncLease is a record of the last time that SyncSets and + SelectorSyncSets were applied to a cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSyncLeaseSpec is the specification of a ClusterSyncLease. + properties: + renewTime: + description: RenewTime is the time when SyncSets and SelectorSyncSets + were last applied to the cluster. + format: date-time + type: string + required: + - renewTime + type: object + type: object + served: true + storage: true diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_clustersyncs.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_clustersyncs.yaml new file mode 100644 index 00000000000..edf3d275d59 --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_clustersyncs.yaml @@ -0,0 +1,248 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clustersyncs.hiveinternal.openshift.io +spec: + group: hiveinternal.openshift.io + names: + kind: ClusterSync + listKind: ClusterSyncList + plural: clustersyncs + shortNames: + - csync + singular: clustersync + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .status.controlledByReplica + name: ControllerReplica + type: string + - jsonPath: .status.conditions[?(@.type=="Failed")].message + name: Message + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSync is the status of all of the SelectorSyncSets and + SyncSets that apply to a ClusterDeployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSyncSpec defines the desired state of ClusterSync + type: object + status: + description: ClusterSyncStatus defines the observed state of ClusterSync + properties: + conditions: + description: Conditions is a list of conditions associated with syncing + to the cluster. + items: + description: ClusterSyncCondition contains details for the current + condition of a ClusterSync + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + controlledByReplica: + description: ControlledByReplica indicates which replica of the hive-clustersync + StatefulSet is responsible for (the CD related to) this clustersync. + Note that this value indicates the replica that most recently handled + the ClusterSync. If the hive-clustersync statefulset is scaled up + or down, the controlling replica can change, potentially causing + logs to be spread across multiple pods. + format: int64 + type: integer + firstSuccessTime: + description: FirstSuccessTime is the time we first successfully applied + all (selector)syncsets to a cluster. + format: date-time + type: string + selectorSyncSets: + description: SelectorSyncSets is the sync status of all of the SelectorSyncSets + for the cluster. + items: + description: SyncStatus is the status of applying a specific SyncSet + or SelectorSyncSet to the cluster. + properties: + failureMessage: + description: FailureMessage is a message describing why the + SyncSet or SelectorSyncSet could not be applied. This is only + set when Result is Failure. + type: string + firstSuccessTime: + description: FirstSuccessTime is the time when the SyncSet or + SelectorSyncSet was first successfully applied to the cluster. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the time when this status + last changed. + format: date-time + type: string + name: + description: Name is the name of the SyncSet or SelectorSyncSet. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the SyncSet + or SelectorSyncSet that was last observed. + format: int64 + type: integer + resourcesToDelete: + description: ResourcesToDelete is the list of resources in the + cluster that should be deleted when the SyncSet or SelectorSyncSet + is deleted or is no longer matched to the cluster. + items: + description: SyncResourceReference is a reference to a resource + that is synced to a cluster via a SyncSet or SelectorSyncSet. + properties: + apiVersion: + description: APIVersion is the Group and Version of the + resource. + type: string + kind: + description: Kind is the Kind of the resource. + type: string + name: + description: Name is the name of the resource. + type: string + namespace: + description: Namespace is the namespace of the resource. + type: string + required: + - apiVersion + - name + type: object + type: array + result: + description: Result is the result of the last attempt to apply + the SyncSet or SelectorSyncSet to the cluster. + enum: + - Success + - Failure + type: string + required: + - lastTransitionTime + - name + - observedGeneration + - result + type: object + type: array + syncSets: + description: SyncSets is the sync status of all of the SyncSets for + the cluster. + items: + description: SyncStatus is the status of applying a specific SyncSet + or SelectorSyncSet to the cluster. + properties: + failureMessage: + description: FailureMessage is a message describing why the + SyncSet or SelectorSyncSet could not be applied. This is only + set when Result is Failure. + type: string + firstSuccessTime: + description: FirstSuccessTime is the time when the SyncSet or + SelectorSyncSet was first successfully applied to the cluster. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the time when this status + last changed. + format: date-time + type: string + name: + description: Name is the name of the SyncSet or SelectorSyncSet. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the SyncSet + or SelectorSyncSet that was last observed. + format: int64 + type: integer + resourcesToDelete: + description: ResourcesToDelete is the list of resources in the + cluster that should be deleted when the SyncSet or SelectorSyncSet + is deleted or is no longer matched to the cluster. + items: + description: SyncResourceReference is a reference to a resource + that is synced to a cluster via a SyncSet or SelectorSyncSet. + properties: + apiVersion: + description: APIVersion is the Group and Version of the + resource. + type: string + kind: + description: Kind is the Kind of the resource. + type: string + name: + description: Name is the name of the resource. + type: string + namespace: + description: Namespace is the namespace of the resource. + type: string + required: + - apiVersion + - name + type: object + type: array + result: + description: Result is the result of the last attempt to apply + the SyncSet or SelectorSyncSet to the cluster. + enum: + - Success + - Failure + type: string + required: + - lastTransitionTime + - name + - observedGeneration + - result + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_fakeclusterinstalls.yaml b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_fakeclusterinstalls.yaml new file mode 100644 index 00000000000..2a078a32acc --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/manifests/hiveinternal.openshift.io_fakeclusterinstalls.yaml @@ -0,0 +1,201 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + labels: + contracts.hive.openshift.io/clusterinstall: "true" + name: fakeclusterinstalls.hiveinternal.openshift.io +spec: + group: hiveinternal.openshift.io + names: + kind: FakeClusterInstall + listKind: FakeClusterInstallList + plural: fakeclusterinstalls + singular: fakeclusterinstall + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FakeClusterInstall represents a fake request to provision an + agent based cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FakeClusterInstallSpec defines the desired state of the FakeClusterInstall. + properties: + clusterDeploymentRef: + description: ClusterDeploymentRef is a reference to the ClusterDeployment + associated with this AgentClusterInstall. + properties: + name: + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed to be + empty. Instances of this type with an empty value here are almost + certainly wrong. TODO: Add other useful fields. apiVersion, + kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + clusterMetadata: + description: ClusterMetadata contains metadata information about the + installed cluster. It should be populated once the cluster install + is completed. (it can be populated sooner if desired, but Hive will + not copy back to ClusterDeployment until the Installed condition + goes True. + properties: + adminKubeconfigSecretRef: + description: AdminKubeconfigSecretRef references the secret containing + the admin kubeconfig for this cluster. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + adminPasswordSecretRef: + description: AdminPasswordSecretRef references the secret containing + the admin username/password which can be used to login to this + cluster. + properties: + name: + default: "" + description: 'Name of the referent. This field is effectively + required, but due to backwards compatibility is allowed + to be empty. Instances of this type with an empty value + here are almost certainly wrong. TODO: Add other useful + fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn''t + need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: ClusterID is a globally unique identifier for this + cluster generated during installation. Used for reporting metrics + among other places. + type: string + infraID: + description: InfraID is an identifier for this cluster generated + during installation and used for tagging/naming resources in + cloud providers. + type: string + platform: + description: Platform holds platform-specific cluster metadata + properties: + aws: + description: AWS holds AWS-specific cluster metadata + properties: + hostedZoneRole: + description: HostedZoneRole is the role to assume when + performing operations on a hosted zone owned by another + account. + type: string + type: object + azure: + description: Azure holds azure-specific cluster metadata + properties: + resourceGroupName: + description: ResourceGroupName is the name of the resource + group in which the cluster resources were created. + type: string + required: + - resourceGroupName + type: object + gcp: + description: GCP holds GCP-specific cluster metadata + properties: + networkProjectID: + description: NetworkProjectID is used for shared VPC setups + type: string + type: object + type: object + required: + - adminKubeconfigSecretRef + - clusterID + - infraID + type: object + imageSetRef: + description: ImageSetRef is a reference to a ClusterImageSet. The + release image specified in the ClusterImageSet will be used to install + the cluster. + properties: + name: + description: Name is the name of the ClusterImageSet that this + refers to + type: string + required: + - name + type: object + required: + - clusterDeploymentRef + - imageSetRef + type: object + status: + description: FakeClusterInstallStatus defines the observed state of the + FakeClusterInstall. + properties: + conditions: + description: Conditions includes more detailed status for the cluster + install. + items: + description: ClusterInstallCondition contains details for the current + condition of a cluster install. + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4605-b41ca3f/metadata/annotations.yaml b/operators/hive-operator/1.2.4605-b41ca3f/metadata/annotations.yaml new file mode 100644 index 00000000000..24e80d98d3e --- /dev/null +++ b/operators/hive-operator/1.2.4605-b41ca3f/metadata/annotations.yaml @@ -0,0 +1,7 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: hive-operator diff --git a/operators/ibm-block-csi-operator-community/1.11.4/bundle-1.11.4.Dockerfile b/operators/ibm-block-csi-operator-community/1.11.4/bundle-1.11.4.Dockerfile new file mode 100644 index 00000000000..b072b9a0dea --- /dev/null +++ b/operators/ibm-block-csi-operator-community/1.11.4/bundle-1.11.4.Dockerfile @@ -0,0 +1,13 @@ +FROM scratch + +LABEL operators.operatorframework.io.bundle.channel.default.v1=stable +LABEL operators.operatorframework.io.bundle.channels.v1=stable +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=ibm-block-csi-operator-community + +COPY manifests /manifests/ +COPY metadata /metadata/ +LABEL com.redhat.openshift.versions="v4.13-v4.17" +LABEL com.redhat.delivery.operator.bundle=true diff --git a/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_hostdefiners.yaml b/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_hostdefiners.yaml new file mode 100644 index 00000000000..0abe22132b7 --- /dev/null +++ b/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_hostdefiners.yaml @@ -0,0 +1,579 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: ibm-block-csi-operator + app.kubernetes.io/managed-by: ibm-block-csi-operator + app.kubernetes.io/name: ibm-block-csi-operator + csi: ibm + product: ibm-block-csi-driver + release: v1.11.4 + name: hostdefiners.csi.ibm.com +spec: + group: csi.ibm.com + names: + kind: HostDefiner + listKind: HostDefinerList + plural: hostdefiners + singular: hostdefiner + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: HostDefiner is the Schema for the hostdefiners API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostDefinerSpec defines the desired state of HostDefiner + properties: + hostDefiner: + description: IBMBlockHostDefinerSpec defines the observed state of HostDefiner + properties: + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + allowDelete: + default: true + type: boolean + connectivityType: + type: string + dynamicNodeLabeling: + default: false + type: boolean + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a container image + type: string + prefix: + type: string + repository: + type: string + tag: + type: string + tolerations: + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - repository + - tag + type: object + imagePullSecrets: + items: + type: string + type: array + required: + - hostDefiner + type: object + status: + description: HostDefinerStatus defines the observed state of HostDefiner + properties: + hostDefinerReady: + type: boolean + phase: + type: string + version: + description: Version is the current driver version + type: string + required: + - hostDefinerReady + - phase + - version + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_hostdefinitions.yaml b/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_hostdefinitions.yaml new file mode 100644 index 00000000000..4dd8a723566 --- /dev/null +++ b/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_hostdefinitions.yaml @@ -0,0 +1,103 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: ibm-block-csi-operator + app.kubernetes.io/managed-by: ibm-block-csi-operator + app.kubernetes.io/name: ibm-block-csi-operator + csi: ibm + product: ibm-block-csi-driver + release: v1.11.4 + name: hostdefinitions.csi.ibm.com +spec: + group: csi.ibm.com + names: + kind: HostDefinition + listKind: HostDefinitionList + plural: hostdefinitions + singular: hostdefinition + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .spec.hostDefinition.nodeName + name: Node + type: string + - jsonPath: .spec.hostDefinition.managementAddress + name: Management_Address + type: string + name: v1 + schema: + openAPIV3Schema: + description: HostDefinition is the Schema for the hostdefinitions API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HostDefinitionSpec defines the desired state of HostDefinition + properties: + hostDefinition: + description: Definition defines the observed state of HostDefinition + properties: + connectivityType: + type: string + ioGroups: + items: + type: integer + type: array + managementAddress: + type: string + nodeId: + type: string + nodeName: + type: string + nodeNameOnStorage: + type: string + ports: + items: + type: string + type: array + secretName: + type: string + secretNamespace: + type: string + required: + - managementAddress + - nodeName + type: object + required: + - hostDefinition + type: object + status: + description: HostDefinitionStatus defines the status of the host definition on the storage + properties: + phase: + type: string + required: + - phase + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_ibmblockcsis.yaml b/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_ibmblockcsis.yaml new file mode 100644 index 00000000000..83bb34e5561 --- /dev/null +++ b/operators/ibm-block-csi-operator-community/1.11.4/manifests/csi.ibm.com_ibmblockcsis.yaml @@ -0,0 +1,1095 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + labels: + app.kubernetes.io/instance: ibm-block-csi-operator + app.kubernetes.io/managed-by: ibm-block-csi-operator + app.kubernetes.io/name: ibm-block-csi-operator + csi: ibm + product: ibm-block-csi-driver + release: v1.11.4 + name: ibmblockcsis.csi.ibm.com +spec: + group: csi.ibm.com + names: + kind: IBMBlockCSI + listKind: IBMBlockCSIList + plural: ibmblockcsis + shortNames: + - ibc + singular: ibmblockcsi + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: IBMBlockCSI is the Schema for the ibmblockcsis API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IBMBlockCSISpec defines the desired state of IBMBlockCSI + properties: + controller: + description: IBMBlockCSIControllerSpec defines the desired state of IBMBlockCSIController + properties: + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a container image + type: string + repository: + type: string + tag: + type: string + tolerations: + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - repository + - tag + type: object + healthPort: + type: integer + imagePullSecrets: + items: + type: string + type: array + node: + description: IBMBlockCSINodeSpec defines the desired state of IBMBlockCSINode + properties: + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a container image + type: string + repository: + type: string + tag: + type: string + tolerations: + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - repository + - tag + type: object + sidecars: + items: + properties: + imagePullPolicy: + description: The pullPolicy of the csi sidecar image + type: string + name: + description: The name of the csi sidecar image + type: string + repository: + description: The repository of the csi sidecar image + type: string + tag: + description: The tag of the csi sidecar image + type: string + required: + - name + - repository + - tag + type: object + type: array + required: + - controller + - node + type: object + status: + description: IBMBlockCSIStatus defines the observed state of IBMBlockCSI + properties: + controllerReady: + type: boolean + nodeReady: + type: boolean + phase: + description: Phase is the driver running phase + type: string + version: + description: Version is the current driver version + type: string + required: + - controllerReady + - nodeReady + - phase + - version + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/ibm-block-csi-operator-community/1.11.4/manifests/ibm-block-csi-operator.v1.11.4.clusterserviceversion.yaml b/operators/ibm-block-csi-operator-community/1.11.4/manifests/ibm-block-csi-operator.v1.11.4.clusterserviceversion.yaml new file mode 100644 index 00000000000..0a4d77d7840 --- /dev/null +++ b/operators/ibm-block-csi-operator-community/1.11.4/manifests/ibm-block-csi-operator.v1.11.4.clusterserviceversion.yaml @@ -0,0 +1,672 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + name: ibm-block-csi-operator.v1.11.4 + namespace: placeholder + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.s390x: supported + operatorframework.io/arch.ppc64le: supported + annotations: + capabilities: "Seamless Upgrades" + categories: "Storage,Cloud Provider" + certified: "true" + containerImage: quay.io/ibmcsiblock/ibm-block-csi-operator:1.11.2 + createdAt: "2024-04-15T11:00:00Z" + description: "Run IBM block storage CSI driver." + repository: https://github.com/IBM/ibm-block-csi-operator + support: IBM + alm-examples: >- + [ + { + "apiVersion": "csi.ibm.com/v1", + "kind": "IBMBlockCSI", + "metadata": { + "name": "ibm-block-csi" + }, + "spec": { + "controller": { + "repository": "quay.io/ibmcsiblock/ibm-block-csi-driver-controller", + "tag": "1.11.2", + "imagePullPolicy": "IfNotPresent", + "affinity": { + "nodeAffinity": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "nodeSelectorTerms": [ + { + "matchExpressions": [ + { + "key": "kubernetes.io/arch", + "operator": "In", + "values": [ + "amd64", + "s390x", + "ppc64le" + ] + } + ] + } + ] + } + } + } + }, + "node": { + "repository": "quay.io/ibmcsiblock/ibm-block-csi-driver-node", + "tag": "1.11.2", + "imagePullPolicy": "IfNotPresent", + "affinity": { + "nodeAffinity": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "nodeSelectorTerms": [ + { + "matchExpressions": [ + { + "key": "kubernetes.io/arch", + "operator": "In", + "values": [ + "amd64", + "s390x", + "ppc64le" + ] + } + ] + } + ] + } + } + } + }, + "sidecars": [ + { + "name": "csi-node-driver-registrar", + "repository": "k8s.gcr.io/sig-storage/csi-node-driver-registrar", + "tag": "v2.5.0", + "imagePullPolicy": "IfNotPresent" + }, + { + "name": "csi-provisioner", + "repository": "k8s.gcr.io/sig-storage/csi-provisioner", + "tag": "v3.1.0", + "imagePullPolicy": "IfNotPresent" + }, + { + "name": "csi-attacher", + "repository": "k8s.gcr.io/sig-storage/csi-attacher", + "tag": "v3.4.0", + "imagePullPolicy": "IfNotPresent" + }, + { + "name": "csi-snapshotter", + "repository": "k8s.gcr.io/sig-storage/csi-snapshotter", + "tag": "v5.0.1", + "imagePullPolicy": "IfNotPresent" + }, + { + "name": "csi-resizer", + "repository": "k8s.gcr.io/sig-storage/csi-resizer", + "tag": "v1.4.0", + "imagePullPolicy": "IfNotPresent" + }, + { + "name": "csi-addons-replicator", + "repository": "quay.io/ibmcsiblock/csi-block-volumereplication-operator", + "tag": "v0.9.0", + "imagePullPolicy": "IfNotPresent" + }, + { + "name": "csi-volume-group", + "repository": "quay.io/ibmcsiblock/csi-volume-group-operator", + "tag": "v0.9.1", + "imagePullPolicy": "IfNotPresent" + }, + { + "name": "livenessprobe", + "repository": "k8s.gcr.io/sig-storage/livenessprobe", + "tag": "v2.6.0", + "imagePullPolicy": "IfNotPresent" + } + ] + } + }, + { + "apiVersion": "csi.ibm.com/v1", + "kind": "HostDefinition", + "metadata": { + "name": "host-definition" + }, + "spec": { + "hostDefinition": { + "nodeName": "node-name" + } + } + }, + { + "apiVersion": "csi.ibm.com/v1", + "kind": "HostDefiner", + "metadata": { + "name": "host-definer" + }, + "spec": { + "hostDefiner": { + "allowDelete": true, + "dynamicNodeLabeling": false, + "repository": "quay.io/ibmcsiblock/ibm-block-csi-host-definer", + "tag": "1.11.2", + "imagePullPolicy": "IfNotPresent", + "affinity": { + "nodeAffinity": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "nodeSelectorTerms": [ + { + "matchExpressions": [ + { + "key": "kubernetes.io/arch", + "operator": "In", + "values": [ + "amd64", + "s390x", + "ppc64le" + ] + } + ] + } + ] + } + } + } + } + } + } + ] +spec: + displayName: "IBM block storage CSI driver operator" + description: | + The Container Storage Interface (CSI) Driver for IBM block storage systems enables container orchestrators such as Kubernetes to manage the life cycle of persistent storage. + + This is the official operator to deploy and manage IBM block storage CSI driver. + + For compatibility, prerequisites, release notes, and other user information, see [IBM block storage CSI driver documentation](https://www.ibm.com/docs/en/stg-block-csi-driver). + + keywords: + - IBM + - BlockStorage + - CSI + relatedImages: + - name: ibm-block-csi-operator + image: quay.io/ibmcsiblock/ibm-block-csi-operator:1.11.2 + version: 1.11.4 + replaces: ibm-block-csi-operator.v1.11.3 + maturity: stable + maintainers: + - name: IBM Block CSI Team + email: csi.block1@il.ibm.com + minKubeVersion: 1.26.0 + provider: + name: IBM + links: + - name: Source Code + url: https://github.com/IBM/ibm-block-csi-operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAEXAAAAeYCAYAAACWKEghAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyBpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBXaW5kb3dzIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjQxRDU4ODQ3NDFDRTExRTY4NzAxOTUyQjlGMzgxMjIxIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjQxRDU4ODQ4NDFDRTExRTY4NzAxOTUyQjlGMzgxMjIxIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6NDFENTg4NDU0MUNFMTFFNjg3MDE5NTJCOUYzODEyMjEiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6NDFENTg4NDY0MUNFMTFFNjg3MDE5NTJCOUYzODEyMjEiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz5Sn3ZJAADIZUlEQVR42uzdXXIbNxqGUdrlfSArmUZ2hKyA8ApGO2IjKxmthNNtk7HyI0f+TIoN9DlVkCgnF6k3F82mqYcfzufzAQAAAAAAAAAAAAAAAAAAAACAH/fRBAAAAAAAAAAAAAAAAAAAAAAAMQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBAi4AAAAAAAAAAAAAAAAAAAAAAEECLgAAAAAAAAAAAAAAAAAAAAAAQQIuAAAAAAAAAAAAAAAAAAAAAABBn0zALf3y2+9nKwAAABtUn5+mz2boWyrtuP6/tAQAAMDuzJfzj753z38+++tLgB59+PDBCBuSSnNBBQAgYn5+mn7d+n+k148A4Pt6eK3OewsBAPgX9X///Y/fKeJdCLgAAAAAAAAAsGX5cv5RKq2+8o/qL7/9/vLn9ZeGmjkBAAAA3kU2AQDwTqoJAACALRBwAQAAAAAAAGBE9a9/kEr77r/z/DT5tB0AAACAG0mlHb3eAgDc+fnGZAUAAGArBFwAAAAAAAAA2Kv68odU2suf58v58vj5aWrmAgAAAPgheTkCLgDAPVUTAAAAWyHgAgAAAAAAAAB/ly/ni1T+1G+p1wc+RRoAAADgVdkEAIDnGwAAwF4IuAAAAAAAAADAj6nXB6m06+P5cr48fn6ampkAAACAvUulHQVwAYB7Pc+wAgAAsCUCLgAAAAAAAADw8/Lhxac8pvJHv6Vevou6AAAAAHtUlyPgAgDcQzYBAACwJQIuAAAAAAAAAHA/9frgr1EXnz4NAAAA7EEqbRK2BQDuIJsAAADYEgEXAAAAAAAAAHhfdf2SSquXn+fr8ctMAAAAwIDycrzmAQDcTCrtaAUAAGBrBFwAAAAAAAAA4LHy5axvOF6/zZdzeH6aPpsHAAAA6Fxdjtc4AIBbP78AAADYFAEXAAAAAAAAANiWfPgWdKmXP/vyXdAFAAAA6FEqbXp+mpolAIBbPK+wAgAAsEUCLgAAAAAAAACwfXX98pegy+wXnwAAAIBO1OX8agYA4AayCQAAgC0ScAEAAAAAAACA/tT1Sypf+i3z9Qi6AAAAABuVTQAA3Eg1AQAAsEUCLgAAAAAAAADQt3w516BLXb88P02fTQMAAABsRSrt6PUKAOAnn09MVgAAALZKwAUAAAAAAAAAxlLXL6m09ft8Pc9PUzMNAAAA8EB5OQIuAMDPqCYAAAC2SsAFAAAAAAAAAMaVL2cNuqzf6kHMBQAAAHiMbAIAwPMJAABgVB9NAAAAAAAAAAC7UZczp9LOyzmuxyQAAADAe/FaBADgeQQAADCqTyYAAAAAAAAAgF2q65dU2vp9Xs/z0/TZLAAAAMAd1eV4/QEAiMgmAAAAtuyjCQAAAAAAAABg9/JyairtvJyTT7EEAAAA7iWVNlkBAAjIJgAAALbskwkAAAAAAAAAgBfyelJpdfk+r+f5afLJ2AAAAMCt5OU0MwAAbyU8DwAA9OCjCQAAAAAAAACAV+Tl1FTaeTknb5AGAAAAbqCaAADw/AEAABiNgAsAAAAAAAAA8Bb58C3mclzOZBIAAAAgwusKAIDnDQAAwGg+mQAAAAAAAAAA+EF1/ZJKuz6en5+mZhYAAADgjepyfjUDAPAG2QQAAEAPPpoAAAAAAAAAAPgJdTlzKu28nKM5AAAAgDfIJgAA3qiaAAAA6IGACwAAAAAAAABwK/UScjktZzIHAAAA8BohWADgDc8X/F0DAADQjU8mAAAAAAAAAABuLC9nTqWtj+v6+PlpamYBAAAAXsjL+WwGAOA7qgkAAIBeCLgAAAAAAAAAAPdU1y+ptPnwNeTiF7MAAACAVTYBAOD5AgAAMIqPJgAAAAAAAAAA3kFeTk2lnZdzXM5kEgAAANi39TUCKwAAnicAAAAjEHABAAAAAAAAAN5bXc6cSjt5AzYAAADsWjUBAPCKbAIAAKAnAi4AAAAAAAAAwKPk5dRU2lnIBQAAAPYplTZZAQD4B9kEAABATwRcAAAAAAAAAIAtuIZcTn5xCwAAAHYlmwAAeEn0HQAA6JGACwAAAAAAAACwJXk58yXm4g3aAAAAML5qAgDA8wMAAKB3Ai4AAAAAAAAAwFZVIRcAAAAY33LvP1kBAPC8AAAA6JmACwAAAAAAAACwddeQy8kbtwEAAGDMe38TAAAX2QQAAECPBFwAAAAAAAAAgF7k5cxCLgAAADDkPT8AwKqaAAAA6JGACwAAAAAAAADQm3z4GnI5L+doDgAAAOife3wAQLwdAADomYALAAAAAAAAANCzKuQCAAAAQ8gmAIDdqyYAAAB6JeACAAAAAAAAAIxAyAUAAAD6lk0AAJ4PmAAAAOiVgAsAAAAAAAAAMJJryOW0nMkcAAAA0A9hVgDwPAAAAKBXAi4AAAAAAAAAwIjycmYhFwAAAOhKNQEA7FY2AQAA0DMBFwAAAAAAAABgZPkg5AIAAADdcP8OALuVTQAAAPRMwAUAAAAAAAAA2IN8EHIBAACAXu7hAYAdSaUdrQAAAPROwAUAAAAAAAAA2JN8EHIBAACALasmAADXfwAAgN4IuAAAAAAAAAAAe5QPQi4AAACwSe7VAcB1HwAAoDcCLgAAAAAAAADAnuWDkAsAAABsTTUBAOxGNgEAADACARcAAAAAAAAAACEXAAAA2Np9OgCwD9UEAADACARcAAAAAAAAAAC+yQchFwAAAHi45b78aAUAGP5673V4AABgGAIuAAAAAAAAAAB/lw9fQy5+WQwAAAAed28OAIytmgAAABiFgAsAAAAAAAAAwOtqKu0s5AIAAADvLpsAAFzvAQAAeiHgAgAAAAAAAADw74RcAAAA4J25DwcA13kAAIBeCLgAAAAAAAAAALzdNeQymQIAAADufx9uAgAYVjYBAAAwEgEXAAAAAAAAAIAfN6fSTkIuAAAAcF/uvQFgWNkEAADASARcAAAAAAAAAABi8kHIBQAAAN7j/hsAGEgq7WgFAABgNAIuAAAAAAAAAAA/Jx++hly84RwAAABur5oAAFzfAQAAtk7ABQAAAAAAAADgNmoq7SzkAgAAALe13GtPVgAA13UAAIAtE3ABAAAAAAAAALita8jFm9ABAADgRvfaJgCAYWQTAAAAIxJwAQAAAAAAAAC4jzmVdhJyAQAAgJ+WTQAAw6gmAAAARiTgAgAAAAAAAABwP/nwNeRyNAUAAADEubcGgCGu54LnAADAsARcAAAAAAAAAADur6bSzn7ZDAAAAMKyCQCge9UEAADAqARcAAAAAAAAAADezxpyOfmUUQAAAPhh2QQA4HoOAACwVQIuAAAAAAAAAADvKy9nXkMupgAAAIC3W+6lj1YAANdxAACALRJwAQAAAAAAAAB4jJxKO3vTOgAAALxZNQEAdCubAAAAGJmACwAAAAAAAADAY9VU2mk5kykAAADg+9w/A0C3sgkAAICRCbgAAAAAAAAAADxeXs6cSjuaAgAAAP71HhoA6IjXvgEAgD0QcAEAAAAAAAAA2I6aSjv7NHEAAAB4/d7ZBADg+g0AALA1Ai4AAAAAAAAAANszp9JOZgAAAIC/Ez4FANdtAACArRFwAQAAAAAAAADYppxKOy/naAoAAAD4k2oCAOhGNgEAALAHAi4AAAAAAAAAANtWU2knn1IKAAAAf8gmAIBuVBMAAAB7IOACAAAAAAAAALB9eTlzKu1oCgAAADgc3CMDQBfXa2FyAABgNwRcAAAAAAAAAAD6UVNpJ296BwAAgC+xUwBg26oJAACAvRBwAQAAAAAAAADoS17OvIZcTAEAAMDO748BANdrAACATRBwAQAAAAAAAADoU06lnZczmQIAAIA9Wu6Jj1YAANdpAACALRBwAQAAAAAAAADo25xKO5kBAACAHaomAIDNyiYAAAD2RMAFAAAAAAAAAKB/OZV2Xs5kCgAAAPbEvTAAbFY2AQAAsCcCLgAAAAAAAAAA45hTaSczAAAAsCPZBACwLam0oxUAAIC9EXABAAAAAAAAABhLTqWdfQI5AAAAO1FNAACuzwAAAI8m4AIAAAAAAAAAMKbZp5wCAACwByKmAOC6DAAA8GgCLgAAAAAAAAAA46qptJM3zAMAADD6/a8JAGAzsgkAAIA9EnABAAAAAAAAABhbXs6cSjuaAgAAgIHvfQGAbagmAAAA9kjABQAAAAAAAABgH2oq7bScyRQAAACMRrgUADZxPfb6MwAAsFsCLgAAAAAAAAAA+5GXM3sTPQAAAIPe8wIAj1VNAAAA7JWACwAAAAAAAADA/qwRl5MZAAAAGEg2AQC4HgMAADyKgAsAAAAAAAAAwD7lVNp5OZMpAAAAGMFyj3u0AgC4DgMAADyCgAsAAAAAAAAAwL7N3lgPAADAIKoJAOBhsgkAAIA9E3ABAAAAAAAAAKCm0k7LmUwBAABAz9zbAsDDZBMAAAB7JuACAAAAAAAAAPyfvbs9cty4wjCqVSkPOBLjOiM4ArQj8GY0bEfijWRMrter8c4XeYlugMA5VSz9Vb2qAnVZw4dwEefXyRfdAAAA2MF9CwB0NEx1tgIAAHB0Ai4AAAAAAAAAALx0ibg8mQEAAIAHVUwAAN5/AQAAehNwAQAAAAAAAADgV3GJuJxfoykAAAB4NO5ZAPC+CwAA0JuACwAAAAAAAAAAb4nz6+SP7wEAAHhAxQQA0E2YAAAAQMAFAAAAAAAAAICPXSIuT2YAAADggYQJAKCbYgIAAAABFwAAAAAAAAAAPheXiMv5NZoCAACAR3C+YWcrAEDz91ufGQMAAPwg4AIAAAAAAAAAwDXi/Dr5g3wAAAAe6I4FANoqJgAAAPgvARcAAAAAAAAAAG5xibg8mQEAAICNCxMAgPdbAACAXgRcAAAAAAAAAAC4VYi4AAAAsHXn23W2AgB4nwUAAOhBwAUAAAAAAAAAgIxLxOX5/BpNAQAAwEYVEwBAM2ECAACAPwm4AAAAAAAAAABwj5NfWgUAAGCrhEcBoJkwAQAAwJ8EXAAAAAAAAAAAuFcZpvpkBgAAADYoTAAAyxL1BgAAeE3ABQAAAAAAAACAJcQl4uKXzQEAANiYYgIA8P4KAADQmoALAAAAAAAAAABLifPrJOICAADAlrhTAcD7KgAAQGsCLgAAAAAAAAAALO0ScZnNAAAAwEYUEwDAYsIEAAAArwm4AAAAAAAAAADQQhmm+mQGAAAANiBMAACLKSYAAAB4TcAFAAAAAAAAAIBWQsQFAACALTjfp7MVAODu99PRCgAAAG8TcAEAAAAAAAAAoKVLxOXZH/YDAACw9n1qAgC4WzEBAADA2wRcAAAAAAAAAADo4STiAgAAwIrCBADg/RQAAKAVARcAAAAAAAAAAHq5RFxmMwAAALAGNykAeB8FAABoRcAFAAAAAAAAAICeyjDVJzMAAACwxk1qAgBICxMAAAC8T8AFAAAAAAAAAIDeQsQFAACANZzv0dEKAJASJgAAAHifgAsAAAAAAAAAAGv4HnHxxTkAAAB636MmAIDbDFOdrQAAAPAxARcAAAAAAAAAANYS59dJxAUAAICOigkAwPsnAADA0gRcAAAAAAAAAABYm4gLAAAA3Zxv0NkKAHD1+6bPbgEAAK4g4AIAAAAAAAAAwBaIuAAAANBLmAAAvG8CAAAsScAFAAAAAAAAAICtOPkVdAAAADoIEwDA1YoJAAAAPifgAgAAAAAAAADAlpRhqk9mAAAAoCUBUQC46v1ytAIAAMB1BFwAAAAAAAAAANiaEHEBAACg9e1pAgD4VDEBAADAdf4wAY5yAADgAE4m2M1/R3cnAAAAAEBfxQQAAAAAh3X6zd9gAgDw+P9PC118eX5+tgIAAAAAAAAAAAAAAAAAAAAAQMLvJgAAAAAAAAAAAAAAAAAAAAAAyBFwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAAAAAAAASBJwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEj6wwQs6S9//9dsBQAAYINO376O1QyPbZjqeP5HWAIAAAAA2vn2dfyHFXhpmKq/BwIAALfZT8/Pz/4DAQ/ly5cvm/z38vdwAADQzenf//yr7xTRhYALSysmAAAANnqr+LDl8YW7EwAAAADaGqYa376Of7MELxQTAABA99tMYBNg/+I3n7sAAEAPl//v9p0iuvjdBAAAAAAAAAAAwA/x49d/AQAAWPE2MwHA7hUTAAAA7IuACwAAAAAAAAAA8NJJxAUAAGBVYQKA/fLZGwAAwD4JuAAAAAAAAAAAAL8ScQEAAFjR+SabrQCwW2ECAACA/RFwAQAAAAAAAAAA3nIyAQAAwGrCBAC7VUwAAACwPwIuAAAAAAAAAADAm4apPlkBAABgFWECgP0ZpjpaAQAAYJ8EXAAAAAAAAAAAgPfEMNXZDAAAAP25xwB2KUwAAACwTwIuAAAAAAAAAADAR4pfBgYAAFhFmABgd4oJAAAA9knABQAAAAAAAAAA+EwxAQAAQHdhAoD9EEkGAADYNwEXAAAAAAAAAADgMzFMdTYDAABAX24xgF0JEwAAAOyXgAsAAAAAAAAAAHCN4leCAQAAugsTAOxGMQEAAMB+CbgAAAAAAAAAAADXKiYAAADoKkwA8PiEkQEAAPZPwAUAAAAAAAAAALhW+LIJAABAX+c7bLYCwMMLEwAAAOybgAsAAAAAAAAAAHCLYgIAAICuwgQAD6+YAAAAYN8EXAAAAAAAAAAAgFuEX38HAADoe4eZAOBxDVMdrQAAALB/Ai4AAAAAAAAAAMCtigkAAAD6EdIEeGhhAgAAgP0TcAEAAAAAAAAAAG7my4MAAABdhQkAHlYxAQAAwP4JuAAAAAAAAAAAABnFBAAAAN2ECQAezzDV0QoAAADHIOACAAAAAAAAAACkDFOdrQAAAOAGA+BdYQIAAIBjEHABAAAAAAAAAACyigkAAADcYAB4dgMAABydgAsAAAAAAAAAAJDmF+ABAAC63mCjFQA8swEAANgeARcAAAAAAAAAAOAexQQAAADdhAkAHkYxAQAAwHEIuAAAAAAAAAAAAHcZpjpbAQAAoItiAoCHESYAAAA4DgEXAAAAAAAAAADgXsUEAAAAfQxTHa0AsPlnteAxAADAwQi4AAAAAAAAAAAAd/OlFAAAgG7CBACe1QAAAGyLgAsAAAAAAAAAALCEYgIAAAD3FwDfhQkAAACORcAFAAAAAAAAAABYxDDV2QoAAABd7q/RCgCbfUb7jAwAAOCABFwAAAAAAAAAAIClhAkAAADcXwCe0QAAAByNgAsAAAAAAAAAALCU8CvwAAAAXRQTAGxWmAAAAOB4BFwAAAAAAAAAAIAlFRMAAAC0J6AJsMln82wFAACAYxJwAQAAAAAAAAAAlhQmAAAAcH8BeDYDAABwJAIuAAAAAAAAAADAovzSMAAAQBfFBACbEyYAAAA4JgEXAAAAAAAAAABgacUEAAAA7Q1THa0AsJlnsqgxAADAgQm4AAAAAAAAAAAAi/OFFQAAgC7CBACeyQAAAKxPwAUAAAAAAAAAAGghTAAAANBcMQHAZoQJAAAAjkvABQAAAAAAAAAAaCFMAAAA0N4w1dEKAKs/i2crAAAAHJuACwAAAAAAAAAA0IQvrgAAAHQRJgDwLAYAAGBdAi4AAAAAAAAAAEArxQQAAABuL4ADCBMAAAAcm4ALAAAAAAAAAADQzDDV0QoAAABuL4AdP4NnKwAAACDgAgAAAAAAAAAAtBQmAAAAcHsBeAYDAACwZwIuAAAAAAAAAABAS8UEAAAAbi+AHQsTAAAAIOACAAAAAAAAAAA0NUx1tgIAAEDz22u0AkD3Z6/PvQAAAPhOwAUAAAAAAAAAAGgtTAAAAOD2AvDsBQAAYK8EXAAAAAAAAAAAgNbCBAAAAM0VEwB0FyYAAADgQsAFAAAAAAAAAABobpjqbAUAAIDmt9doBYBuz1yfdwEAAPCTgAsAAAAAAAAAANBDmAAAAMDtBeCZCwAAwB4JuAAAAAAAAAAAAD2ECQAAAJorJgDoJkwAAADA/wi4AAAAAAAAAAAAXQxTna0AAADQ/PYarQDQ/Fnrcy4AAAD+j4ALAAAAAAAAAADQS5gAAADA7QXgWQsAAMDeCLgAAAAAAAAAAAC9hAkAAACaKyYAaC5MAAAAwEsCLgAAAAAAAAAAQDfDVGcrAAAANL+9RisANHvG+nwLAACAVwRcAAAAAAAAAACAnsIEAAAAbi8Az1gAAAD2RMAFAAAAAAAAAADoKUwAAADQXDEBQDNhAgAAAH4l4AIAAAAAAAAAAHQ1THW2AgAAQPPba7QCwOLPVp9rAQAA8CYBFwAAAAAAAAAAoLcwAQAAgNsLwLMVAACAvRBwAQAAAAAAAAAAegsTAAAANFdMALC4MAEAAABvEXABAAAAAAAAAAC6G6Y6WwEAAKD57TVaAWCxZ6rPswAAAHiXgAsAAAAAAAAAAAAAAMA+hQkAPFMBAABoT8AFAAAAAAAAAABYQzEBAACA2wvggYQJAAAAeI+ACwAAAAAAAAAAsIphqqMVAAAA3F4AD/Asna0AAADARwRcAAAAAAAAAACAtYQJAAAAmismALhbmAAAAICPCLgAAAAAAAAAAABrKSYAAABoLkwA4FkKAABAWwIuAAAAAAAAAAAAAAAAOzZMdbYCgGcoAAAA7Qi4AAAAAAAAAAAAq/EFGAAAgC7CBABpxQQAAAB8RsAFAAAAAAAAAABYU5gAAADA7QWwRcNURysAAABwDQEXAAAAAAAAAABgTWECAACA9oapzlYAuFmYAAAAgGsIuAAAAAAAAAAAAKvyS8YAAABdhAkAblZMAAAAwDUEXAAAAAAAAAAAgLWFCQAAANxeAFsiOgwAAMAtBFwAAAAAAAAAAIC1FRMAAAC0N0x1tgLA1cIEAAAAXEvABQAAAAAAAAAAAAAA4BjCBABXKyYAAADgWgIuAAAAAAAAAADA6vwKPAAAQBdhAoDPDVMdrQAAAMAtBFwAAAAAAAAAAAAAAAAOQkAT4CphAgAAAG4h4AIAAAAAAAAAAGxBMQEAAEAXYQKATxUTAAAAcAsBFwAAAAAAAAAAAAAAgOMIEwC8b5jqaAUAAABuJeACAAAAAAAAAABswjDV2QoAAADuL4CVhQkAAAC4lYALAAAAAAAAAACwFWECAAAA9xfAyooJAAAAuJWACwAAAAAAAAAAsBVhAgAAAPcXwFqGqY5WAAAAIEPABQAAAAAAAAAA2AxfkgEAAOh2f81WAHglTAAAAECGgAsAAAAAAAAAALAlYQIAAAD3F8BKigkAAADIEHABAAAAAAAAAAC2JEwAAADg/gLobZjqaAUAAACyBFwAAAAAAAAAAIAtCRMAAAD0MUx1tgLAT2ECAAAAsgRcAAAAAAAAAACATfFrxwAAAN2ECQB+KiYAAAAgS8AFAAAAAAAAAADYmjABAACA+wugF0FhAAAA7iXgAgAAAAAAAAAAbE2YAAAAoI9hqrMVAHweBQAAwH0EXAAAAAAAAAAAgK0JEwAAALjBADoqJgAAAOAeAi4AAAAAAAAAAAAAAADHFSYAjmyY6mgFAAAA7iXgAgAAAAAAAAAAbM4w1dkKAAAAbjCADsIEAAAA3EvABQAAAAAAAAAAAAAA4NjCBMCBFRMAAABwLwEXAAAAAAAAAABgi4oJAAAAugkTAEc0THW0Av9h5w5uIwiBKAqGQijTIZEBpNaZ+WTLkm15D4BYqArhHVpipPkAAAAjGHABAAAAAAAAAAAAAAC4XKnZVAAuFBIAAAAwggEXAAAAAAAAAABgS34eBAAAWCokAC7UJQAAAGAEAy4AAAAAAAAAAAAAAACEBMBNSs1HBQAAAEYx4AIAAAAAAAAAAOwqJAAAAFin1GwqABcJCQAAABjFgAsAAAAAAAAAALCrkAAAAMA7DGCSLgEAAACjGHABAAAAAAAAAAC2VWo+KgAAACwTEgA38M0JAACA0Qy4AAAAAAAAAAAAOwsJAAAA1ik1mwrABUICAAAARjLgAgAAAAAAAAAAAAAAwKeQALhAlwAAAICRDLgAAAAAAAAAAAA76xIAAAAsFRIAJys1HxUAAAAYzYALAAAAAAAAAAAAAAAAX0rNpgJwsJAAAACA0Qy4AAAAAAAAAAAAW/PjIAAAwHIhAXCwLgEAAACjGXABAAAAAAAAAAAAAADgu5AAOFGp+agAAADADAZcAAAAAAAAAACA3YUEAAAAa5WaTQXgQCEBAAAAMxhwAQAAAAAAAAAAdhcSAAAALNclANw2AAAAeI0BFwAAAAAAAAAAAAAAAH4oNR8VADcNAAAA/mfABQAAAAAAAAAA2F6p2VQAAABYLiQADtIlAAAAYBYDLgAAAAAAAAAAAAAAAPymSwAcJCQAAABgFgMuAAAAAAAAAADAOwgJAAAA1is1HxWAA25ZUwEAAICZDLgAAAAAAAAAAADvICQAAADwHgNwywAAANiRARcAAAAAAAAAAAAAAAD+0iUADhASAAAAMNOHAOzc0ZEbNxaG0VqV88BGYiAkbAQNRuAOiXAk7ki0XmtdkqXRDOcOyW6gz3nx+1cXU2yX6jfgAgAAAAAAAAAADCHVvqgAAACwy/dYVgEY+G+Y/6cEAADAwxlwAQAAAAAAAAAAAAAA4DVFAsDfMAAAAPg5Ay4AAAAAAAAAAAAAAAC8pkkADKxIAAAAwKMZcAEAAAAAAAAAAEbRJAAAANhHqj2rAAz4t2tRAQAAgGcw4AIAAAAAAAAAAAAAAMBbigQAAAAA8LJ/ff78WQUAAAAAAAAAAAAAAAAAAAAAgIBPEgAAAAAAAAAAAAAAAAAAAAAAxBhwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAAAAAAAgy4AIAAAAAAAAAAAAAAAAAAAAAEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIIMuAAAAAAAAAAAAAAAAAAAAAAABBlwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAAAAAAAgy4AIAAAAAAAAAAAAAAAAAAAAAEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIIMuAAAAAAAAAAAAAAAAAAAAAAABBlwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAAAAAAAgy4AIAAAAAAAAAAAAAAAAAAAAAEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIIMuAAAAAAAAAAAAAAAAAAAAAAABBlwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAAAAAAAgy4AIAAAAAAAAAAAAAAAAAAAAAEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIIMuAAAAAAAAAAAAAAAAAAAAAAABBlwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAAAAAAAj6RQKA8/j3f35fVAB4uusfv/3aZQAAfHcC8Kjvzm3NvjsB7iDVnv/8T1ECwG9lAL9jAQDG8+c34EUF2P37xL8bAQD4zh+//epbBeBEDLgAnEuTAGCXv73+cTAA4LsTAN+dAMdX/KYF8FsZwO9YAIAxpdqNuMC+bzD7NgEAeJHvFIAT+SQBAAAAAAAAAAAAAAAAAysSgDcIAAAAezLgAgAAAAAAAAAAAAAAwMiKBLCrJgEAAABnZ8AFAAAAAAAAAAAAAACAoaXaFxXA2wMAAIC9GHABAAAAAAAAAAAAAABgdE0C2EWRAAAAAAy4AAAAAAAAAAAAAAAAMIFUe1YBnq5IAAAAAAZcAAAAAAAAAAAAAAAAmEORAJ4n1b6oAAAAAF8YcAEAAAAAAAAAAAAAAGAGTQJ4qiIBAAAAfGHABQAAAAAAAAAAAAAAgCmk2rMK8LS3VpQAAACALwy4AAAAAAAAAAAAAAAAMIsmATxFkQAAAAC+MuACAAAAAAAAAAAAAADALIoE8BRNAgAAAPjKgAsAAAAAAAAAAAAAAADTSLUvKsBD31hWAQAAAP7JgAsAAAAAAAAAAAAAAAAzKRKANwYAAADPZMAFAAAAAAAAAACYyrbmiwoAAACnViSAh2oSAAAAwD8ZcAEAAAAAAAAAAAAAAGAqqfZFBfC2AAAA4FkMuAAAAAAAAAAAAAAAADCbJgE8RJEAAAAAfmTABQAAAAAAAAAAAAAAgOmk2rMKcHdFAgAAAPiRARcAAAAAAAAAAAAAAABmVCSA+0m1LyoAAADAywy4AAAAAAAAAAAAAAAAMKMmAdxVkQAAAABeZsAFAAAAAAAAAACYyVUCAAAA/pZqzyrA3d5SUQIAAABeZsAFAAAAAAAAAACYyVUCAAAAvtEkgLsoEgAAAMDPGXABAAAAAAAAAAAAAABgVkUCuIsmAQAAAPycARcAAAAAAAAAAAAAAACmlWpfVIAPvaGsAgAAALzOgAsAAAAAAAAAAAAAAAAzKxKANwQAAACPZMAFAAAAAAAAAAAAAACAmRUJ4EOaBAAAAPA6Ay4AAAAAAAAAAMA0tjVfVAAAAOB7qfZFBfB2AAAA4FEMuAAAAAAAAAAAAAAAADC7JgGEFAkAAADgbQZcAAAAAAAAAAAAAAAAmF6qPasA71YkAAAAgLcZcAEAAAAAAAAAAAAAAOAMigRwu1T7ogIAAADcxoALAAAAAAAAAAAwiyYBAAAAvhvhbooEAAAAcBsDLgAAAAAAAAAAAAAAAJxCqj2rADe/laIEAAAA3MaACwAAAAAAAAAAAAAAAGfRJICbFAkAAADgdgZcAAAAAAAAAAAAAAAAOIsiAdykSQAAAAC3M+ACAAAAAAAAAABMYVvzRQUAAADekmpfVIBX30hWAQAAAN7HgAsAAAAAAAAAAAAAAABnUiSAVzUJAAAA4H0MuAAAAAAAAAAAAAAAAHAmRQLwRgAAAOCeDLgAAAAAAAAAAAAzuEoAAADArVLtiwrgbQAAAMC9GHABAAAAAAAAAABmcJUAAACAd2gSwIuKBAAAAPB+BlwAAAAAAAAAAAAAAAA4nVR7VgF+UCQAAACA9zPgAgAAAAAAAAAAAAAAwBkVCeCrVPuiAgAAAMQYcAEAAAAAAAAAAIa3rfmiAgAAAO/UJABvAgAAAO7BgAsAAAAAAAAAAAAAAACnlGrPKoC3AAAAAB9lwAUAAAAAAAAAAAAAAICzahLAX4oEAAAAEGfABQAAAAAAAAAAGF2TAAAAgKAiAfylSQAAAABxBlwAAAAAAAAAAAAAAAA4rVT7ogInfwNZBQAAAPgYAy4AAAAAAAAAAAAAAACcWZGAk2sSAAAAwMcYcAEAAAAAAAAAAIa2rfmiAgAAAB9QJMAbAAAAAD7CgAsAAAAAAAAAAAAAAACnlmpfVMDtAwAAAFEGXAAAAAAAAAAAAAAAADi7JgEnVSQAAACAjzPgAgAAAAAAAAAAjKxJAAAAwD2k2rMKnFCRAAAAAD7OgAsAAAAAAAAAAAAAAAAYsuBkUu2LCgAAAHAfBlwAAAAAAAAAAICRXSUAAADgTpoEuHkAAAAgwoALAAAAAAAAAAAwrG3NXQUAAADuJdWeVcCtAwAAAO9lwAUAAAAAAAAAAAAAAAC+aBJwEkUCAAAAuB8DLgAAAAAAAAAAwKiaBAAAANxZkYCTaBIAAADA/RhwAQAAAAAAAAAAAAAAgP9LtS8qMPmNZxUAAADgvgy4AAAAAAAAAAAAo7pKAAAAwAMUCZhckwAAAADuy4ALAAAAAAAAAAAwpG3NXQUAAAAeoEiAGwcAAADew4ALAAAAAAAAAAAAAAAAfCPVvqiA2wYAAABuZcAFAAAAAAAAAAAYUZMAAAAA353wbkUCAAAAuD8DLgAAAAAAAAAAAAAAAPCdVHtWgQkVCQAAAOD+DLgAAAAAAAAAAAAjukoAAADAgxUJmEmqfVEBAAAAHsOACwAAAAAAAAAAMJxtzV0FAAAAHqxJgJsGAAAAbmHABQAAAAAAAAAAGM1VAgAAAJ4h1Z5VwC0DAAAAbzHgAgAAAAAAAAAAjOYqAQAAAE/SJGASRQIAAAB4HAMuAAAAAAAAAAAAAAAA8LIiAZNoEgAAAMDjGHABAAAAAAAAAACGsq35ogIAAADPkmpfVGDwG84qAAAAwGMZcAEAAAAAAAAAAAAAAICfKxIwuCYBAAAAPJYBFwAAAAAAAAAAYCRNAgAAAJ6sSIAbBgAAAF5jwAUAAAAAAAAAAAAAAABekWpfVMDtAgAAAD9jwAUAAAAAAAAAABjGtuaLCgAAAOygScCgigQAAADweAZcAAAAAAAAAAAAAAAA4A2p9qwCA95sUQIAAAAez4ALAAAAAAAAAAAwiiYBAAAAOyoS4GYBAACAlxhwAQAAAAAAAAAAAAAAgLc1CXCzAAAAwEsMuAAAAAAAAAAAAEPY1nxRAQAAgD2l2rMKuFUAAADgewZcAAAAAAAAAAAAAAAA4DZNAgZRJAAAAIDnMeACAAAAAAAAAACMoEkAAADAARQJGESTAAAAAJ7HgAsAAAAAAAAAAAAAAADcKNW+qIAbBQAAAL5lwAUAAAAAAAAAADi8bc0XFQAAADiIIgFuFAAAAPiWARcAAAAAAAAAAAAAAAC4XZEANwoAAAB8y4ALAAAAAAAAAABwdE0CAAAAjiTVvqiA2wQAAAD+ZsAFAAAAAAAAAAAAAAAA3qdJwEEVCQAAAOD5DLgAAAAAAAAAAACHtq35ogIAAABHk2rPKnDAmyxKAAAAwPMZcAEAAAAAAAAAAAAAAID3KxLgJgEAAID/MeACAAAAAAAAAAAcWZMAAAAA36zgJgEAAODIDLgAAAAAAAAAAABHdpUAAACAo0q1ZxVwiwAAAIABFwAAAAAAAAAA4LC2NXcVAAAAOLAmAQdRJAAAAID9GHABAAAAAAAAAACO6ioBAAAAB1ck4CCaBAAAALAfAy4AAAAAAAAAAMBRXSUAAADg6FLtiwq4QQAAADg3Ay4AAAAAAAAAAMAhbWu+qAAAAMAAigS4QQAAADg3Ay4AAAAAAAAAAAAAAAAQVyTADQIAAMC5/SIBAAAAAADAuFLtIgAAMKsmgW8OAACAgb6flm3NFyXY4/ZUAAAAgP19kgAAAAAAAAAAADigqwQAAAAMpEnATooEAAAAsD8DLgAAAAAAAAAAwOFsa+4qAAAAMJJUe1aBHW6uKAEAAAD7M+ACAAAAAAAAAAAczVUCAAAABlQkwM0BAADAORlwAQAAAAAAAAAAjuYqAQAAAANqEuDmAAAA4JwMuAAAAAAAAAAAAIeyrfmiAgAAACNKtWcVcGsAAABwPgZcAAAAAAAAAACAI7lKAAAAwMCaBDxJkQAAAACOw4ALAAAAAAAAAABwJFcJAAAAGFiRgCdpEgAAAMBxGHABAAAAAAAAAACO5CoBAAAAI0u1LyrgxgAAAOBcDLgAAAAAAAAAAACHsa25qwAAAMDgigS4MQAAADgXAy4AAAAAAAAAAMBRNAkAAACYQJEANwYAAADnYsAFAAAAAAAAAAA4iqsEAAAAzCDVvqiA2wIAAIDzMOACAAAAAAAAAAAcwrbmrgIAAACTaBLwIEUCAAAAOB4DLgAAAAAAAAAAwBE0CQAAAJhJqj2rwANuqigBAAAAx2PABQAAAAAAAAAAOIKrBAAAAEymSICbAgAAgHMw4AIAAAAAAAAAAOxuW3NXAQAAgMk0CXBTAAAAcA4GXAAAAAAAAAAAgL01CQAAAJhRqj2rgFsCAACA+RlwAQAAAAAAAAAA9naVAAAAgEk1CXBLAAAAMD8DLgAAAAAAAAAAwK62NXcVAAAAmFSRALcEAAAA8zPgAgAAAAAAAAAA7KlJAAAAwMxS7YsKuCEAAACYmwEXAAAAAAAAAABgT1cJAAAAmFyRADcEAAAAczPgAgAAAAAAAAAA7GZbc1cBAACA/7J3N0ZuG3cYhymN+oArCfY6givgsgKzJKwrMStReNbFsUSJPP4PH7vA88xwJrHuA3ihYQBF9/PGJRPg9xAAAABsm4ALAAAAAAAAAACwlmwCAAAA9qAbytEK+L0DAAAA2/Xp69evVgAAAAAAAAAAAAAAAAAAAAAACPhsAgAAAAAAAAAAAAAAAAAAAACAGAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAIAEXAAAAAAAAAAAAAAAAAAAAAIAgARcAAAAAAAAAAAAAAAAAAAAAgCABFwAAAAAAAAAAAAAAAAAAAACAoC8mANiP337/86sVABaX//rjPyczAACeOwEAAICZ+P8iAHbst9//PL7+b4ElAACYQL6ce3/G8INuKP4uBAAAYX/98Z9PVgDYj88mAAAAAAAAAACANvnBKgAAAGAiyQTf64ZytAIAAADwXgIuAAAAAAAAAADQpmwCAAAAYCKpG0pvhu83MQEAAADwXgIuAAAAAAAAAADQoMu5P1kBAAAAmFAywTdvMRt7AAAAAO8m4AIAAAAAAAAAAO0ZTQAAAABMLJvgH8kEAAAAwDMEXAAAAAAAAAAAoD3ZBAAAAMDUuqH0VvhbNgEAAADwDAEXAAAAAAAAAABoy3g598UMAAAAwAzS3gcQsQEAAAAiBFwAAAAAAAAAAKAt2QQAAADATLIJRGwAAACA5wm4AAAAAAAAAABAO8bLuS9mAAAAAObSDeW48wmy3wUAAADAswRcAAAAAAAAAACgHdkEAAAAwMzSXk9cvAYAAACIEnABAAAAAAAAAIA2jJdzX8wAAAAAzCw5dwAAAIDnCLgAAAAAAAAAAEADLuf+xQoAAADAErqhHHd66snVBwAAACIEXAAAAAAAAAAAoH7ZBAAAAMCC0t5OeMfRGgAAAGACAi4AAAAAAAAAAFC5y7k/WQEAAABYUOqG0u/tnF12AAAAIErABQAAAAAAAAAA6pZNAAAAAKwg7eVE32I1ySUHAAAAogRcAAAAAAAAAACgXuPl3J/MAAAAAKwg7+hck8sNAAAAfISACwAAAAAAAAAA1CubAAAAAFhLN5R+J6eaXW0AAADgIwRcAAAAAAAAAACgTuPl3BczAAAAACtKWz/BHUVqAAAAgBkJuAAAAAAAAAAAQJ2yCQAAAICV5R2cY3KZAQAAgI8ScAEAAAAAAAAAgPrky7kvZgAAAADW1g3luPFTzK4yAAAA8FECLgAAAAAAAAAAUJfxcu5PZgAAAAAqkbZ6YjuI0wAAAAALEXABAAAAAAAAAIC6ZBMAAAAAFUnODQAAAOA+ARcAAAAAAAAAAKjHeDn3xQwAAABATbqhHDd6asnVBQAAAKYg4AIAAAAAAAAAAJW4nPsXKwAAAAAVSls7oQ1HaQAAAIAVCLgAAAAAAAAAAEAdkgkAAACASqVuKP3WzsllBQAAAKYi4AIAAAAAAAAAAOsbL+e+mAEAAACoWNrKibzFaJJLCgAAAExFwAUAAAAAAAAAAFZ2OfcvVgAAAAAqlzd0LsnlBAAAAKYk4AIAAAAAAAAAAOtKJgAAAABa0A2l38ipZFcTAAAAmJKACwAAAAAAAAAArGe8nPtiBgAAAKARqfUT2FCEBgAAAKiIgAsAAAAAAAAAAKzkcu5frAAAAAA0JG/gHJLLCAAAAExNwAUAAAAAAAAAANaRTAAAAAC0phvKsfFTyK4iAAAAMDUBFwAAAAAAAAAAWN54OffFDAAAAECDUqsHvoH4DAAAAFApARcAAAAAAAAAAFjWa7zlxQwAAABAo5JjBwAAAPiegAsAAAAAAAAAACwrmwAAAABoWTeUY6OHnlw9AAAAYA4CLgAAAAAAAAAAsJx0OffFDAAAAEDjUmsH3HB0BgAAAGiAgAsAAAAAAAAAACxjFG8BAAAANiJ1Q+lbO2aXDQAAAJiLgAsAAAAAAAAAACzgcu5frAAAAABsSHK8AAAAAN8IuAAAAAAAAAAAwPySCQAAAICNya0caDeUo8sFAAAAzEnABQAAAAAAAAAA5pUv576YAQAAANiabih9I4eaXS0AAABgTgIuAAAAAAAAAAAwn/Fy7k9mAAAAADYq136ADUVmAAAAgIYJuAAAAAAAAAAAwDxe4y0vZgAAAAA2LDlGAAAAAAEXAAAAAAAAAACYSzYBAAAAsHXdUI6VH2J2lQAAAIC5CbgAAAAAAAAAAMD00uXcFzMAAAAAO5BqPbBuKL3LAwAAACxBwAUAAAAAAAAAAKY1ircAAAAAO5IqPrbs8gAAAABLEHABAAAAAAAAAIDpvMZbXswAAAAA7Ek3lGOlh5ZcHQAAAGAJAi4AAAAAAAAAADAR8RYAAABgp3JtB1RxVAYAAADYIAEXAAAAAAAAAACYRjIBAAAAsFfdUPrKDim5KgAAAMBSBFwAAAAAAAAAAODj0uXcFzMAAAAAO5YcDwAAALBXAi4AAAAAAAAAAPAxWbwFAAAA4JBrOZBuKEeXAwAAAFiSgAsAAAAAAAAAAMSNl3N/MgMAAADA3+GUvpJDya4GAAAAsCQBFwAAAAAAAAAAiHmNt7yYAQAAAOAfee0DqCgiAwAAAOyIgAsAAAAAAAAAAASItwAAAADcSI4BAAAA2CMBFwAAAAAAAAAAeF4yAQAAAMCtbijHlQ8huwoAAADA0gRcAAAAAAAAAADgOely7osZAABgt0YTANyV1vrG3VB68wO4fwUAgDUIuAAAAAAAAAAAwPuJtwAAAKMJAO5KK37vbH4A968AALAGARcAAAAAAAAAAHifUbwFAAC4OpkA4L5uKMeVvnWyPoD7VwAAWIOACwAAAAAAAAAAPPYab3kxAwAA8L9nBBMA3JWX/oYrRmMAvB8DAAACLgAAAAAAAAAA8IB4CwAA8KNsAoD7uqH0C3/LZHWAG6MJAABgGQIuAAAAAAAAAADwa+ItAADAzxQTADyUNv79ANy3AgAA/xBwAQAAAAAAAACAX8smAAAAPC8A1P0+2Q3laG4A96sAALAmARcAAAAAAAAAAPi5dDn3/u2kAADAr4wmALivG0q/0LfK1ga4cTIBAAAsR8AFAAAAAAAAAABuibcAAACPeGYAeCzP/Q0WjMQAtGQ0AQAALEvABQAAAAAAAAAAvifeAgAAvFc2AcBdaSPfA6A1owkAAGBZAi4AAAAAAAAAAPB/4i0AAMAzRhMA3NcN5Tjzt8hWBrhxMgEAACxLwAUAAAAAAAAAAL4RbwEAAJ7lGQLgsTTXF+6G0psX4EY2AQAALE/ABQAAAAAAAAAADodRvAUAAAjKJgC4K3kPBljUaAIAAFiegAsAAAAAAAAAAHv3Gm95MQMAABB0MgHAfd1QjjN96WRdgBti5QAAsAIBFwAAAAAAAAAA9ky8BQAAmOTZwgQAd+Wpv+CMURgA77cAAMDTBFwAAAAAAAAAANgr8RYAAGCy5wsTANzXDaWf+EsmqwLcOJkAAADWIeACAAAAAAAAAMAeibcAAABT8oOyAI+lyr8eQOtGEwAAwHoEXAAAAAAAAAAA2BvxFgAAYJZnDRMA3JWn+kLdUI7mBHA/CgAANRFwAQAAAAAAAABgT8RbAACA2Z43TABwXzeUfqIvlawJcONkAgAAWI+ACwAAAAAAAAAAeyHeAgAAzMkPzAI8lj/6Bd4iMMmUANO+vwIAAB8j4AIAAAAAAAAAwB6ItwAAAIs8e5gA4K5UydcAcB8KAABMSsAFAAAAAAAAAICtE28BAAAWe/4wAcB93VCOH/wS2YoAN/egxQwAALAuARcAAAAAAAAAALZMvAUAAFjSyQQAD6XoJ3ZD6c0HcGM0AQAArE/ABQAAAAAAAACArRJvAQAA1pBNAHBXWulzAbZKRBAAACog4AIAAAAAAAAAwBaJtwAAAKs9j5gA4L5uKMfgp2brAbj3BACAGn0xAQAAAAAAAAAAGyPeAgAAzOb6vPHoQ0o3FEMB3Jevr9Mzn/CB6AvApt9P33F/enB/CgAA8/tsAgAAAAAAAAAANkS8BQAAqEE2AcB93VD6Jz8lWQ3ge5dzr8wCAACVEHABAAAAAAAAAGArxFsAAIBqnk9MAPBQmvnjAbYumwAAAOoh4AIAAAAAAAAAwBaItwAAANW4Pp8UKwA8lN/7gd1QjuYCuDGaAAAA6iHgAgAAAAAAAABA68RbAACAGmUTANzXDaV/54cmawF8ZxQNBACAugi4AAAAAAAAAADQMvEWAACg2ucVEwA8lB99wFvkJZkKwL0mAADUTMAFAAAAAAAAAIBWibcAAADVuj6vlIMfrAV4JE30MQB7u9c8WQEAAOoi4AIAAAAAAAAAQIvEWwAAgCaeXUwAcF83lOODD8lWAnCPCQAAtRNwAQAAAAAAAACgNeItAABAE67PLicrADyUfvUL3VB68wDcyCYAAID6CLgAAAAAAAAAANAS8RYAAKC55xgTANyVgr8GsEuXc1+sAAAA9RFwAQAAAAAAAACgFeItAABAk88yJgC4rxvK8Re/lK0D4H0RAABaIOACAAAAAAAAAEALsngLAADQouuzzMkKAA/lH//BnagLwJ6NJgAAgDoJuAAAAAAAAAAAULvkBx4BAIDGjSYAuK8bSv/DP0pWAfj+nvJy7osZAACgTgIuAAAAAAAAAADULPkL6QAAwAaMJgB4KD347wDuKQEAgGp9MQEAAAAAAAAAAJVK11fpBv0WAACgHsFnlNP1la0HcFd+e798fa89mgPg9p7Sn5cDAEC9PpsAAAAAAAAAAIAKpevL30QHAAC2ZDQBwH3dUPq3/5isAeBeEgAAWiLgAgAAAAAAAABAbdJBvAUAANiebAKAx++VbxGXZAoA95IAANASARcAAAAAAAAAAGoxXl+fDuItAADANnnWAXgsHcRbANxLAgBAgwRcAAAAAAAAAACowXh9vZgBAADYuGwCAO+VAN4XAQBgewRcAAAAAAAAAABY23gQbwEAAPbz/AMAAO4hAQBgYwRcAAAAAAAAAABY03gQbwEAAPajmAAAgCeM7iEBAKANAi4AAAAAAAAAAKwlH8RbAACAfT4LAQDAe4wmAACANnwxAQAAAAAAAAAAK0gH/9ZQAABgn0YTAADwTicTAABAGz6bAAAAAAAAAACAhaWDeAsAALBfnocAAHiP0QQAANAOARcAAAAAAAAAAJaUDn5YEQAAIJsAAAD3jAAAsB0CLgAAAAAAAAAALGG8vj4dxFsAAABenUwAAMAD/jwdAAAaIuACAAAAAAAAAMDcxuvrxQwAAAA3z0oAAPAz2QQAANAWARcAAAAAAAAAAOY0HsRbAAAAfvW8BAAAP3MyAQAAtEXABQAAAAAAAACAuaSDeAsAAMCv+KFcAAB+ZjQBAAC0R8AFAAAAAAAAAIA5pOurmAEAAOCu0QQAALhHBACA9gm4AAAAAAAAAAAwpfEg3gIAAPDMMxQAAPzbyQQAANAeARcAAAAAAAAAAKYyXl8vB/EWAACA9/LDuQAA/Fs2AQAAtEnABQAAAAAAAACAKYyHb/EWAAAAnn+eAgAA94YAANAwARcAAAAAAAAAAD4qHcRbAAAAokYTAADwppgAAADaJOACAAAAAAAAAMBHpIO/UA4AAPARJxMAAHCVTQAAAO0ScAEAAAAAAAAAIGK8vj4dxFsAAACmkE3Af9m5lxuEYSCKogjRh0uhJZdACZSUKYVO2LBhFTTYoHjOkWjgSY7IRxcAKE/YDwAADuxiAoBSbiYA+LnNBACA+04AAAAW5UNyAPi/7eTZLIBrOgAA7PNfEwAAJhNwAajFB5QAAAC47wRYzON+NQLAAK2HEQAAOKJ4/QBwTQd2eKcCeZ6hwxJ82wUAAJOdTQAAAAAAAAAAAAAAAAAAAAAAkCPgAgAAAAAAAAAAAAAAAAAAAACQJOACAAAAAAAAAAAAAADA0loPI4CzAwAAANMIuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAsLzWwwgAAAAATCHgAgAAAAAAAAAAAAAAAMAb0SMAAAD4nIALAAAAAAAAAAAAAAAAAAAAAECSgAsAAAAAAAAAAAAAAAAltB5GAGcFAAAAhhNwAQAAAAAAAAAAAAAAAAAAAABIEnABAAAAAAAAAAAAAAAAAAAAAEgScAEAAAAAAAAAAAAAAKCM1sMI4IwAAADAUAIuAAAAAAAAAAAAAAAAAAAAAABJAi4AAAAAAAAAAAAAAAAAAAAAAEkCLgAAAAAAAAAAAAAAAJTSehgBnA0AAAAYRsAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAIByWg8jAAAAADCEgAsAAAAAAAAAAAAAAABAcaJGAAAAkCfgAgAAAAAAAAAAAAAAAAAAAACQJOACAAAAAAAAAAAAAABASa2HEcBZAAAAgK89BWDv7o8jtw0wDsM36oOpJGQ6YioQWIG3IwGpJKpE4eWc+EOr0wq7JAHieWbgGY93/Mc7PJG88/4s4AIAAAAAAAAAAAAAAAAAAAAAUEjABQAAAAAAAAAAAAAAAAAAAACgkIALAAAAAAAAAAAAAAAA3RrmbAT8GgAAAADuIuACAAAAAAAAAAAAAAAAAAAAAFBIwAUAAAAAAAAAAAAAAAAAAAAAoJCACwAAAAAAAAAAAAAAAF0b5mwEXPsAAABAMQEXAAAAAAAAAAAAAAAAAAAAAIBCAi4AAAAAAAAAAAAAAAB0b5izEQAAAAAoIuACAAAAAAAAAAAAAAAA0BnRIgAAAHgcARcAAAAAAAAAAAAAAAAAAAAAgEICLgAAAAAAAAAAAAAAALAa5mwEXOsAAADAlwm4AAAAAAAAAAAAAAAAAAAAAAAUEnABAAAAAAAAAAAAAAAAAAAAACgk4AIAAAAAAAAAAAAAAAC/GeZsBFzjAAAAwJcIuAAAAAAAAAAAAAAAAAAAAAAAFBJwAQAAAAAAAAAAAAAAAAAAAAAoJOACAAAAAAAAAAAAAAAAfzDM2Qi4tgEAAICbCbgAAAAAAAAAAAAAAAAAAAAAABQScAEAAAAAAAAAAAAAAIC/GOZsBAAAAABuIuACAAAAAAAAAAAAAAAAcHKiRAAAALAdARcAAAAAAAAAAAAAAAAAAAAAgEICLgAAAAAAAAAAAAAAAHDFMGcj4FoGAAAAPiXgAgAAAAAAAAAAAAAAAAAAAABQSMAFAAAAAAAAAAAAAAAAAAAAAKCQgAsAAAAAAAAAAAAAAAB8YJizEXANAwAAAD8l4AIAAAAAAAAAAAAAAAAAAAAAUEjABQAAAAAAAAAAAAAAAAAAAACgkIALAAAAAAAAAAAAAAAA/MQwZyPg2gUAAAA+JOACAAAAAAAAAAAAAAAAAAAAAFBIwAUAAAAAAAAAAAAAAAA+MczZCLhmAQAAgKsEXAAAAAAAAAAAAAAAAAAAAAAACgm4AAAAAAAAAAAAAAAAAAAAAAAUEnABAAAAAAAAAAAAAACAGwxzNgKuVQAAAOAdARcAAAAAAAAAAAAAAAAAAAAAgEICLgAAAAAAAAAAAAAAAAAAAAAAhQRcAAAAAAAAAAAAAAAA4EbDnI2AaxQAAAD4EwEXAAAAAAAAAAAAAAAAAAAAAIBCAi4AAAAAAAAAAAAAAAAAAAAAAIUEXAAAAAAAAAAAAAAAAOALhjkbAdcmAAAA8H8CLgAAAAAAAAAAAAAAAAAAAAAAhQRcAAAAAAAAAAAAAAAA4IuGORsB1yQAAADwXwIuAAAAAAAAAAAAAAAAAAAAAACFBFwAAAAAAAAAAAAAAAAAAAAAAAoJuAAAAAAAAAAAAAAAAECBYc5GwLUIAAAACLgAAAAAAAAAAAAAAAAAAAAAAJQScAEAAAAAAAAAAAAAAAAAAAAAKCTgAgAAAAAAAAAAAAAAAIWGORsB1yAAAAB0TsAFAAAAAAAAAAAAAAAAAAAAAKCQgAsAAAAAAAAAAAAAAAAAAAAAQKEnEwAAAAAAALRrmLMRAAAAAAAADvb9z2xeL6MhOOTaAwAAAI73zQQAAAAAAAAAAAAAAAAAAAAAAGUEXAAAAAAAAAAAAAAAAOBOw5yNgGsOAAAAOiXgAgAAAAAAAAAAAAAAAAAAAABQSMAFAAAAAAAAAAAAAAAAAAAAAKCQgAsAAAAAAAAAAAAAAAA8wDBnI+BaAwAAgA4JuAAAAAAAAAAAAAAAAAAAAAAAFBJwAQAAAAAAAAAAAAAAAAAAAAAoJOACAAAAAAAAAAAAAAAADzLM2Qi4xgAAAKAzAi4AAAAAAAAAAAAAAAAAAAAAAIUEXAAAAAAAAAAAAAAAAAAAAAAACgm4AAAAAAAAAAAAAAAAwAMNczYCri0AAADoiIALAAAAAAAAAAAAAAAAAAAAAEAhARcAAAAAAAAAAAAAAAB4sGHORsA1BQAAAJ0QcAEAAAAAAAAAAAAAAAAAAAAAKCTgAgAAAAAAAAAAAAAAAAAAAABQSMAFAAAAAAAAAAAAAAAANjDM2Qi4lgAAAKADAi4AAAAAAAAAAAAAAAAAAAAAAIUEXAAAAAAAAAAAAAAAAAAAAAAACgm4AAAAAAAAAAAAAAAAwEaGORsB1xAAAACcnIALAAAAAAAAAAAAAAAAAAAAAEAhARcAAAAAAAAAAAAAAAAAAAAAgEICLgAAAAAAAAAAAAAAALChYc5GwLUDAAAAJ/ZkAgAAAAAAAAAAAAAAgDa8XkYjgF/zNEB8BwAAoC/fTAAAAAAAAAAAAAAAANAGQQAAP6sBAACoj4ALAAAAAAAAAAAAAAAAAAAAAEAhARcAAAAAAAAAAAAAAAAAAAAAgEICLgAAAAAAAAAAAAAAAA0Z5mwEAD+jAQAAqIiACwAAAAAAAAAAAAAAAAAAAABAIQEXAAAAAAAAAAAAAAAAAAAAAIBCAi4AAAAAAAAAAAAAAACNGeZsBAA/mwEAAKiEgAsAAAAAAAAAAAAAAAAAAAAAQCEBFwAAAAAAAAAAAAAAAAAAAACAQgIuAAAAAAAAAAAAAAAADRrmbAQAP5MBAACogIALAAAAAAAAAAAAAAAAAAAAAEAhARcAAAAAAAAAAAAAAAAAAAAAgEICLgAAAAAAAAAAAAAAAI0a5mwEAD+LAQAAOJiACwAAAAAAAAAAAAAAAAAAAABAoScTAHTlzQQAu4vrWcwAAHjvBAAA4ISm9fjfygLAsZ7Djz+XBmBfv7j3UJth9ooOAJ7pfsp/2wXgfgPAxr6ZAAAAAAAAAACAAmk9oxkAAAC6excEAPBMAwAA8BcCLgAAAAAAAAAAlErreTEDAABAN7IJAIATiCYAAAAeTcAFAAAAAAAAAIB7TEHEBQAAoCfRBABA40TpAACAhxNwAQAAAAAAAADgXlP4EXEZTQEAAHB6yQQAQMOiCQAAgC0IuAAAAAAAAAAA8AhT+PElPhEXAACAc8tBxAUAaJfnGAAAYBMCLgAAAAAAAAAAPFIKIi4AAAA9vPsBALQomwAAANiCgAsAAAAAAAAAAI+W1vNiBgAAgNNaTAAANCiaAAAA2IqACwAAAAAAAAAAW5iCiAsAAMCZJRMAAJ5fAAAAfhBwAQAAAAAAAABgK1MQcQEAADiraAIAoDHZBAAAwFYEXAAAAAAAAAAA2NK0nrf1jKYAAAA4FV+ABgBaEk0AAABsScAFAAAAAAAAAIA9pCDiAgAAcDbRBABAIxYTAAAAWxJwAQAAAAAAAABgLymIuAAAAJztPQ8AwDMLAADQPQEXAAAAAAAAAAD2lNbzYgYAAIBTyCYAABqQTAAAAGxNwAUAAAAAAAAAgL1NQcQFAADgLKIJAIDKLSYAAAC2JuACAAAAAAAAAMARpiDiAgAAcAa+EA0A1CyZAAAA2IOACwAAAAAAAAAAR5mCiAsAAMAZJBMAAJ5TAACAngm4AAAAAAAAAABwpGk9b+sZTQEAANCsZAIAoFKLCQAAgD0IuAAAAAAAAAAAUIMURFwAAABa5YvRAECNkgkAAIC9CLgAAAAAAAAAAFCLFERcAAAAWhVNAAB4PgEAAHol4AIAAAAAAAAAQE1SEHEBAABo9X0OAKAm2QQAAMBeBFwAAAAAAAAAAKhNCiIuAAAArfEFaQCgJtEEAADAngRcAAAAAAAAAACoUVrPixkAAACaEk0AAFQimQAAANiTgAsAAAAAAAAAALWagogLAABASxYTAACVyCYAAAD2JOACAAAAAAAAAEDNpiDiAgAA0JJkAgDgYNEEAADA3gRcAAAAAAAAAACo3RREXAAAAFqRTAAAeB4BAAB6I+ACAAAAAAAAAEALpiDiAgAA0ILFBADAgdJ6shkAAIC9CbgAAAAAAAAAANCKKYi4AAAAtCCaAAA4SDIBAABwBAEXAAAAAAAAAABaMgURFwAAgNolEwAAB1lMAAAAHEHABQAAAAAAAACA1kzreVvPaAoAAIAqZRMAAAdIJgAAAI4i4AIAAAAAAAAAQKtSEHEBAACoVTQBALCzZAIAAOAoAi4AAAAAAAAAALQsBREXAACAGi0mAAA8fwAAAL0QcAEAAAAAAAAAoHUpiLgAAADU+r4GAOC5AwAAOD0BFwAAAAAAAAAAziAFERcAAIAa39UAADx3AAAApyfgAgAAAAAAAADAWaQg4gIAAFCTxQQAgOcOAACgBwIuAAAAAAAAAACcSQoiLgAAADWJJgAAPG8AAABnJ+ACAAAAAAAAAMDZpCDiAgAAUNM7GgCA5w0AAODUBFwAAAAAAAAAADijFERcAAAAapBNAAB43gAAAM5OwAUAAAAAAAAAgLNKQcQFAACgBtEEAIDnDAAA4MwEXAAAAAAAAAAAOLMURFwAAABqeDcDAPCcAQAAnJaACwAAAAAAAAAAZ5eCiAsAAMCRcvDlagBgu+cMAACAwwm4AAAAAAAAAADQgxREXAAAAI5+LwMAeKRoAgAAoBYCLgAAAAAAAAAA9CIFERcAAICjLCYAAB4smQAAAKjFkwkAAAAAAAAAAOhIWs+0nmwKAACAw97JAADufq74969/9/u8N/rbP/9lBAAA2Ng3EwAAAAAAAAAA0Jm0ntEMAAAAu4smAAAeJJkAAACoiYALAAAAAAAAAAA9SkHEBQAAYG/ZBADAgywmAAAAaiLgAgAAAAAAAABAr6IJAAAAvIsBAM1JJgAAAGoj4AIAAAAAAAAAQK+m9byYAQAAYFfJBACA5wkAAOBsBFwAAAAAAAAAAOjZFERcAAAA9pSDL10DAPdZTAAAANRGwAUAAAAAAAAAgN5NQcQFAABgT8kEAIDnCAAA4EwEXAAAAAAAAAAAQMQFAABgT4sJAIBCyQQAAECNBFwAAAAAAAAAAOCHKYi4AAAA7CWZAAAoIAQHAABUScAFAAAAAAAAAAB+NwURFwAAgD1EEwAAnh8AAICzEHABAAAAAAAAAIA/m9YzmgEAAGBT2QQAwBclEwAAALUScAEAAAAAAAAAgPdSEHEBAADYWjQBAPAFAnAAAEC1BFwAAAAAAAAAAOC6FERcAAAAtn7vAgC4RTQBAABQMwEXAAAAAAAAAAD4WAoiLgAAAFvJQcQFALiNZwYAAKBqAi4AAAAAAAAAAPBzKYi4AAAAbPnOBQDwmWwCAACgZgIuAAAAAAAAAADwuWgCAACATSwmAAA+EU0AAADUTsAFAAAAAAAAAAA+N63nxQwAAACbSCYAAH5C8A0AAKiegAsAAAAAAAAAANxmCiIuAAAAW4gmAAA+kEwAAAC0QMAFAAAAAAAAAABuN63n2QwAAAAPlU0AAHwgmQAAAGiBgAsAAAAAAAAAAHxNXM9oBgAAgIe/awEA/NViAgAAoAUCLgAAAAAAAAAA8HUpiLgAAAA8+j0LAMDzAQAA0CQBFwAAAAAAAAAAKJOCiAsAAMCjZBMAAH+RTAAAALRCwAUAAAAAAAAAAMpFEwAAAHjHAgA2sZgAAABohYALAAAAAAAAAACUm9bzYgYAAICH8CVtAOB/kgkAAICWCLgAAAAAAAAAAMB9piDiAgAA8CjJBADAKpoAAABoiYALAAAAAAAAAADcb1rPaAYAAIC7JRMAAKtsAgAAoCUCLgAAAAAAAAAA8BgpiLgAAADcazEBAHQvmgAAAGiNgAsAAAAAAAAAADxOMgEAAMDdogkAoGvJBAAAQGsEXAAAAAAAAAAA4LFeTAAAAHCXZAIA6Fo2AQAA0BoBFwAAAAAAAAAAeKwpiLgAAADcw5e2AaBf0QQAAECLBFwAAAAAAAAAAODxpvWMZgAAACgWTQAAXUomAAAAWiTgAgAAAAAAAAAA20hBxAUAAKDUYgIA6FI2AQAA0CIBFwAAAAAAAAAA2E40AQAAQLFkAgDoSjQBAADQKgEXAAAAAAAAAADYzrSeFzMAAAAUSSYAgK4sJgAAAFr1ZAIAAAAAAAAAANjUtJ7x9TLmTf7tv75ZGAAAaM76jnTLx5ZhztFaANCFdO35YH0WsAwAANCEbyYAAAAAAAAAAIDNpWHOoxkAAAC+LJoAALqQTAAAALRMwAUAAAAAAAAAAPYRTQAAAPDDMOdbP5qsBQDn93oZlzueFwAAAA4n4AIAAAAAAAAAAPuYhjm/mAEAAOB2r5fRN7cB4PySCQAAgNYJuAAAAAAAAAAAwH6+R1xGMwAAAHxJNAEAnFoyAQAA0DoBFwAAAAAAAAAA2FcyAQAAQAjDnG/63OtlXKwFAOd17V5/63MCAABALQRcAAAAAAAAAABgZ8OcX6wAAADwJckEAOAeDwAAUCsBFwAAAAAAAAAA2N80zPnZDAAAQO/Wd6NbP5qsBQCnFE0AAACcgYALAAAAAAAAAAAcIw5zHs0AAADwudfLuFgBAE55j39Xc/tC4A0AAKAaAi4AAAAAAAAAAHCcaAIAAADvUADg3g4AANA2ARcAAAAAAAAAADjONMz52QwAAEDP1veiWz+arAUAp5LueC4AAACoioALAAAAAAAAAAAcKw5zHs0AAADwc6+X0Te6AcC9HQAAoEoCLgAAAAAAAAAAcLxoAgAAAO9PAOCeDgAA0CYBFwAAAAAAAAAAON40zPnZDAAAQK/Wd6JbP5qsBQCnkO54HgAAAKiOgAsAAAAAAAAAANQhDnMezQAAAPCx18v4/ZvdyRIA0LT02z0dAADgNJ5MAAAAAAAAAAAA1fgecfmHGQAAgB6t70O3fjStZ7IYADQrfeG+DwAA0IRvJgAAAAAAAAAAgGpM63m+9cOvl9FiAABAjxYTAIB7OQAAQE0EXAAAAAAAAAAAoC7RBAAAAJ9KJgAA93AAAIBaCLgAAAAAAAAAAEB9Xj77wOtltBIAANCzaAIAaFIyAQAAcEYCLgAAAAAAAAAAUJ9pPQotAAAAH8smAIAmLSYAAADOSMAFAAAAAAAAAADqFE0AAADgvQkATiSZAAAAOCsBFwAAAAAAAAAAqNO0nudr/+D1MloHAADAl8ABwL0bAACgEgIuAAAAAAAAAABQr2gCAACAD+Xgi+AA0JLFBAAAwFkJuAAAAAAAAAAAQN1e/vg3r5fRIgAAAL9LJgCAJkQTAAAAZybgAgAAAAAAAAAAdZvWo9oCAABw3WICAGhCMgEAAHBmAi4AAAAAAAAAAFC/+P0vrxcdFwAAgCuSCQCgetkEAADAmQm4AAAAAAAAAABA/ab1qLcAAABcF00AAO7VAAAARxJwAQAAAAAAAACANkQTAAAAXJVNAABVSyYAAADOTsAFAAAAAAAAAADaMA1zHs0AAABwVTQBAFRLbA0AADg9ARcAAAAAAAAAAGhHNAEAAMBVyQQAUKVoAgAAoAcCLgAAAAAAAAAA0I5pmPNoBgAAgHdyEHEBgBq5PwMAAF0QcAEAAAAAAAAAgLZEEwAAAFyVTAAA1d2bsxkAAIAeCLgAAAAAAAAAAEBbpmHOoxkAAADeWUwAAFVJJgAAAHoh4AIAAAAAAAAAAO2JJgAAALgqmQAAqiGuBgAAdEPABQAAAAAAAAAA2jMNcx7NAAAA8E40AQBUIZkAAADoiYALAAAAAAAAAAC0KZoAAADgnWwCAKhCMgEAANATARcAAAAAAAAAAGjTNMx5NAMAAMA70QQAcLjFBAAAQE+eTADQlWgCgN0lEwAA3jsBAAAAANhICn5vFgDcIwEAPufZCAAANvbL29ubFQAAAAAAAAAAAAAAAAAAAAAACnwzAQAAAAAAAAAAAAAAAAAAAABAGQEXAAAAAAAAAAAAAAAAAAAAAIBCAi4AAAAAAAAAAAAAAAAAAAAAAIUEXAAAAAAAAAAAAAAAAAAAAAAACgm4AAAAAAAAAAAAAAAAAAAAAAAUEnABAAAAAAAAAAAAAAAAAAAAACgk4AIAAAAAAAAAAAAAAAAAAAAAUEjABQAAAAAAAAAAAAAAAAAAAACgkIALAAAAAAAAAAAAAAAAAAAAAEAhARcAAAAAAAAAAAAAAAAAAAAAgEICLgAAAAAAAAAAAAAAAAAAAAAAhQRcAAAAAAAAAAAAAAAAAAAAAAAKCbgAAAAAAAAAAAAAAAAAAAAAABQScAEAAAAAAAAAAAAAAAAAAAAAKCTgAgAAAAAAAAAAAAAAAAAAAABQSMAFAAAAAAAAAAAAAAAAAAAAAKCQgAsAAAAAAAAAAAAAAAAAAAAAQCEBFwAAAAAAAAAAAAAAAAAAAACAQgIuAAAAAAAAAAAAAAAAAAAAAACFBFwAAAAAAAAAAAAAAAAAAAD4D3t3mNvGrYZh1DfIPtSVdNgdqSswZwXVksiupFqJr296WzitHcufZYvkdw4gxECU/HgQcEY25g0AEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIIMuAAAAAAAAAAAAAAAAAAAAAAABBlwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAAAAAAAgy4AIAAAAAAAAAAAAAAAAAAAAAEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIIMuAAAAAAAAAAAAAAAAAAAAAAABBlwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAAAAAAAgy4AIAAAAAAAAAAAAAAAAAAAAAEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIIMuAAAAAAAAAAAAAAAAAAAAAAABBlwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAAAAAAAgy4AIAAAAAAAAAAAAAAAAAAAAAEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIK+SgCQx0+//n6vAsCna3/89nOXAQDwuROAj/rceT5tPncCXMHh2LfHX4oSAJ9/T/v4uto97eP98d9fPzw8qAss76dff3cfC3ADf/z2864CwWu3n6kCcE3t7orfW5v0vsy/AvchAKNfq3wPASARAy4AuVQJAG5y9nqQDgDwuRMAnzsBxlfc0wLcRHt8/SIDgPtYgMl4+Ioo120Arn1d8fNi3IcAjM33EAAS+SIBAAAAAAAAAABwI0UCAAAgkSoBAFfUJAAAABiHARcAAAAAAAAAAOCW7iUAAACS8D+vA3At7fHVZQAAABiHARcAAAAAAAAAAOCWyjX+kvNpUxIAAJhBkwAA1xMAAID1GHABAAAAAAAAAABuqUgAAAAk0iQA4Ap2CQAAAMZiwAUAAAAAAAAAALi1ewkAAIAkPHAPwHs1CQAAAMZjwAUAAAAAAAAAALi1IgEAAJBIkwAA1xEAAIC1GHABAAAAAAAAAABurUgAAAAkUiUA4B12CQAAAMZjwAUAAAAAAAAAABjBvQQAAEASXQIAgqoEAAAAYzLgAgAAAAAAAAAAjKBE/+D5tKkHAADMpkoAQECTAAAAYEwGXAAAAAAAAAAAgBEUCQAAgESaBAAEdAkAAADGZMAFAAAAAAAAAAAYxb0EAABAEh7AB+CtqgQAAADjMuACAAAAAAAAAAAAAADw+aoEALxBkwAAAGBcBlwAAAAAAAAAAIBRVAkAAIBEdgkAuFB7fHUZAAAAxmXABQAAAAAAAAAAGMkmAQAAkEiTAADXCwAAgPkZcAEAAAAAAAAAAEZS3vLm88neCwAAMLUmAQAX2CUAAAAYmwEXAAAAAAAAAABgJFUCAAAgEQ/kA/CaJgEAAMD4DLgAAAAAAAAAAACj2SQAAAASaRIA8ANVAgAAgPEZcAEAAAAAAAAAAEZTJAAAABJpEgDwA10CAACA8RlwAQAAAAAAAAAARlMkAAAAEtklAOAFVQIAAIA5GHABAAAAAAAAAABGUy550/m0KQUAAKyiSgDAM5oEAAAAczDgAgAAAAAAAAAAjOheAgAAIJEmAQDP6BIAAADMwYALAAAAAAAAAAAwoiIBAACQiAf0AfinKgEAAMA8DLgAAAAAAAAAAAAjKhIAAADJVAkAeGKXAAAAYB4GXAAAAAAAAAAAgFFtEgAAAIk0CQBwTQAAAJiTARcAAAAAAAAAAGBU5aXfOJ9suwAAAMvpdx7YB+BPrgcAAACTMeACAAAAAAAAAACMqkoAAAAk0yQA4NEuAQAAwFwMuAAAAAAAAAAAAAAAAIzBA/sANAkAAADmY8AFAAAAAAAAAAAY2b0EAABAMk0CgNSqBAAAAPMx4AIAAAAAAAAAAEzlfNpEAAAAVtYkAEitSwAAADAfAy4AAAAAAAAAAMDIqgQAAEAyuwQAaVUJAAAA5mTABQAAAAAAAAAAGN0mAQAAkEyVACClJgEAAMCcDLgAAAAAAAAAAACjKxIAAADJNAkAUuoSAAAAzMmACwAAAAAAAAAAMLry1xfn06YGAACQgQf4AfKpEgAAAMzLgAsAAAAAAAAAADC6IgEAAJBQlQAglV0CAACAeRlwAQAAAAAAAAAAZrBJAAAAJNMkAHDmAwAAMAcDLgAAAAAAAAAAwAyKBAAAQDJdAoA0mgQAAABzM+ACAAAAAAAAAADMoJxPmwoAAEA2VQKAFHYJAAAA5mbABQAAAAAAAAAAmEGRAAAASMgD/QDraxIAAADMz4ALAAAAAAAAAAAwhcOxbyoAAAAJNQkAllYlAAAAmJ8BFwAAAAAAAAAAYBZFAgAAIKEmAcDSugQAAADzM+ACAAAAAAAAAADMokgAAAAktEsAsKwqAQAAwBoMuAAAAAAAAAAAALMoEgAAAEk1CQCc7wAAAIzLgAsAAAAAAAAAADCNw7FvKgAAAAlVCQCW1CUAAABYgwEXAAAAAAAAAABgJkUCAAAgIQ/4A6ynSgAAALAOAy4AAAAAAAAAAMBMigQAAEBSVQKApewSAAAArMOACwAAAAAAAAAAMJMiAQAAkFSTAMCZDgAAwJgMuAAAAAAAAAAAAAAAAIyvSwCwjCYBAADAWgy4AAAAAAAAAAAAUzkc+70KAABAUlUCgCXsEgAAAKzFgAsAAAAAAAAAAAAAAMAcPPAPML8mAQAAwHoMuAAAAAAAAAAAALOpEgAAAIk1CQCmViUAAABYjwEXAAAAAAAAAAAAAACAeTQJAKbWJQAAAFiPARcAAAAAAAAAAGA6h2PfVAAAAJLaJQCYVpUAAABgTQZcAAAAAAAAAACAGRUJAACAxJoEAM5vAAAAxvFVAgAAAAAAgHkdjl0EAACyKnf+13kAACCvdmfYEmBGfsALAACwqC8SAAAAAAAAAAAAEyoSAAAAiRm0BJhPlQAAAGBdBlwAAAAAAAAAAAAAAADmUyUAmIrxLQAAgIUZcAEAAAAAAAAAAKZ0OPZ7FQAAgMSaBADObAAAAMZgwAUAAAAAAAAAAAAAAGA+XQKAaTQJAAAA1mbABQAAAAAAAAAAmFWRAAAASK5KADCFXQIAAIC1GXABAAAAAAAAAABmVSQAAACSaxIAOKsBAAC4PQMuAAAAAAAAAAAAAAAAc+p3hgEARlclAAAAWJ8BFwAAAAAAAAAAYFqHY79XAQAASK5JADC0LgEAAMD6DLgAAAAAAAAAAAAAAADMa5cAYFhVAgAAgBwMuAAAAAAAAAAAAAAAAMytSQDgfAYAAOB2DLgAAAAAAAAAAAAzqxIAAAAYCAAYVJcAAAAgBwMuAAAAAAAAAAAAAAAAc9slABhOlQAAACAPAy4AAAAAAAAAAMDUDse+qQAAAGAoAGAwxrUAAAASMeACAAAAAAAAAADMrkgAAABw1yQAcCYDAABwGwZcAAAAAAAAAAAAAAAA5tclABhGkwAAACAXAy4AAAAAAAAAAMDsigQAAADfVAkAhrBLAAAAkIsBFwAAAAAAAAAAYHZFAgAAgG+aBADOYgAAAD6fARcAAAAAAAAAAAAAAIA1dAkAbq5KAAAAkI8BFwAAAAAAAAAAYHqHY99UAAAA+KZKAHBTxrQAAAASMuACAAAAAAAAAACsoEgAAADwzS4BwM1UCQAAAHIy4AIAAAAAAAAAAAAAALCWJgGA8xcAAIDPY8AFAAAAAAAAAAAAAABgLU0CgJvoEgAAAOT0VQIAAAAAAAAAAGAB9fG1ywAAAKzufNouedt+OPaqFsCnqk/P6MdzWBEAAIBEvkgAAAAAAAAAAAAAAAAwhzcMAjS1AD7P+bTtgbMaAACARRhwAQAAAAAAAAAAAAAAWE+VAODTNAkAAAByM+ACAAAAAAAAAAAs4XDsmwoAAAB/Op+2rgLAp2kSAAAA5GbABQAAAAAAAAAAWEWRAAAAyOBwvHibpaoF8PHOp20PnNEAAAAsxIALAAAAAAAAAAAAAADAmpoEAM5aAAAAPp4BFwAAAAAAAAAAAAAAgAWdT1tXAeDDVQkAAAAw4AIAAAAAAAAAAKyiSAAAAGRxOF68zVLVAvg4T8ey3nA2AwAAsBgDLgAAAAAAAAAAwCqKBAAAAN87n7ZdBYAPUyUAAADgfwy4AAAAAAAAAAAAAAAArK1JAOB8BQAA4OMYcAEAAAAAAAAAAAAAAJjQ4dgvfWtTC+D6zqetB85kAAAAFmTABQAAAAAAAAAAWMbh2DcVAAAAvnc+bbsKAFdXJQAAAOAvBlwAAAAAAAAAAICVFAkAAACe1SQAuB7jWAAAADxlwAUAAAAAAAAAAAAAAGBSh2O/9K1NLYCracGzGAAAgEUZcAEAAAAAAAAAAAAAAFjc+bTtKgBcTZMAAACAp75KAAAAAAAAAAAAAAAAMK/DsV/61vr/FwDvs7/h7AUAACCBLxIAAAAAAAAAAAAAAACk0CQAcJYCAABwfQZcAAAAAAAAAACAlVQJAAAAXtQlAHi3KgEAAAD/ZMAFAAAAAAAAAAAAAAAgjyoBwLsYwwIAAOBfDLgAAAAAAAAAAAAAAADk0SQACKsSAAAA8BwDLgAAAAAAAAAAAAAAAHn0OyMuAFHOTwAAAJ5lwAUAAAAAAAAAAAAAACCXJgFASJcAAACA5xhwAQAAAAAAAAAAAAAAyGWXAODNqgQAAAC8xIALAAAAAAAAAACwlMOxbyoAAAC8qkkA8CbGrwAAAHiRARcAAAAAAAAAAGA1RQIAAIBXNQkAnJkAAABchwEXAAAAAAAAAAAAAACAfHYJAC7WJAAAAOBHDLgAAAAAAAAAAAAAAADkVCUAuIjRKwAAAH7IgAsAAAAAAAAAAAAAAEBOTQIAZyUAAADvZ8AFAAAAAAAAAAAAAAAgpy4BwKuqBAAAALzGgAsAAAAAAAAAAAAAAEBeVQKAHzJ2BQAAwKsMuAAAAAAAAAAAAAAAAOTVJAB4UZUAAACASxhwAQAAAAAAAAAAAAAAyKtLAPCiJgEAAACXMOACAAAAAAAAAAAAAACQW5UA4FlGrgAAALiIARcAAAAAAAAAAAAAAIDcdgkA/qVKAAAAwKUMuAAAAAAAAAAAAAAAANAkAPiOcSsAAAAuZsAFAAAAAAAAAAAAAACAJgGAMxEAAIAYAy4AAAAAAAAAAAAAAADsEgD8rUkAAADAW/zn4eFBBQAAAAAAAAAAAAAAAAAAAACAgC8SAAAAAAAAAAAAAAAAAAAAAADEGHABAAAAAAAAAAAAAAAAAAAAAAgy4AIAAAAAAAAAAAAAAAAAAAAAEGTABQAAAAAAAAAAAAAAAAAAAAAgyIALAAAAAAAAAAAAAAAAAAAAAECQARcAAAAAAAAAAAAAAAAAAAAAgCADLgAAAAAAAAAAAAAAAAAAAAAAQQZcAAAAAAAAAAAAAAAAAAAAAACCDLgAAAAAAAAAAAAAAAAAAAAAAAQZcAEAAAAAAAAAAAAAAAAAAAAACDLgAgAAAAAAAAAAAAAAAAAAAAAQZMAFAAAAAAAAAAAAAAAAAAAAACDIgAsAAAAAAAAAAAAAAAAAAAAAQJABFwAAAAAAAAAAAAAAAAAAAACAIAMuAAAAAAAAAAAAAAAAAAAAAABBBlwAAAAAAAAAAAAAAAAAAAAAAIIMuAAAAAAAAAAAAAAAAAAAAAAABBlwAQAAAAAAAAAAAAAAAAAAAAAIMuACAAAAAAAAAAAAAAAAAAAAABBkwAUAAAAAAAAAAAAAAAAAAAAAIMiACwAAAAAAAAAAAAAAAAAAAABAkAEXAAAAAAAAAAAAAAAAAAAAAIAgAy4AAAAAAAAAAAAAAAAAAAAAAEEGXAAAAAAAAAAAAAAAAAAAAAAAggy4AAAAAAAAAAAAAAAAAAAAAAAEGXABAAAAAAAAAAAAAAAAgP+yc8cCAAAAAIP8reewu0ACAACASeACAAAAAAAAAAAAAAAAAAAAADAJXAAAAAAAAAAAAAAAAAAAAAAAJoELAAAAAAAAAAAAAAAAAAAAAMAkcAEAAAAAAAAAAAAAAAAAAAAAmAQuAAAAAAAAAAAAAAAAAAAAAACTwAUAAAAAAAAAAAAAAAAAAAAAYBK4AAAAAAAAAAAAAAAAAAAAAABMAhcAAAAAAAAAAAAAAAAAAAAAgEngAgAAAAAAAAAAAAAAAAAAAAAwCVwAAAAAAAAAAAAAAAAAAAAAACaBCwAAAAAAAAAAAAAAAAAAAADAJHABAAAAAAAAAAAAAAAAAAAAAJgELgAAAAAAAAAAAAAAAAAAAAAAk8AFAAAAAAAAAAAAAAAAAAAAAGASuAAAAAAAAAAAAAAAAAAAAAAATAIXAAAAAAAAAAAAAAAAAAAAAIBJ4AIAAAAAAAAAAAAAAAAAAAAAMAlcAAAAAAAAAAAAAAAAAAAAAAAmgQsAAAAAAAAAAAAAAAAAAAAAwJQA7N2JjRvHFobR0WDyoCJx0xlREbzqCNQh3VYk6khkyguellnIO71UdZ8DEAYMyzJ+sTwsSvxGwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIEnABQAAAAAAAAAAAAAAAAAAAAAgScAFAAAAAAAAAAAAAAAAAAAAACBJwAUAAAAAAAAAAAAAAAAAAAAAIOnJBKzh46cv/7MCAABQoZiGbjRDG06Xsbv+5WwJAAAAADi2aeh6K6zndHnxbXTv2QIAh/X18x9ek5Ly8dMXI7yPzyWAr6tA/nWIr6MAAO4jLEzAhbUUEwAAAJXeVQRc2nF2vwQAAAAArvwhujqcH7xnCwB4TQqsfw85mwF8XQVSigkAANxHWNajCQAAAAAAAAAAAAAAAKhcmAB2p5gAAACAvRBwAQAAAAAAAAAAWlFMAAAAcFi+KzY41wAAAFAtARcAAAAAAAAAAAAAAABaECYA5xkAAABqJOACAAAAAAAAAAC0IkwAAADgXgg4zwAAAFAbARcAAAAAAAAAAKAJ09CNVgAAADi03gTgPAMAAECNBFwAAAAAAAAAAAAAAABoRTEBNC9MAAAAwN4IuAAAAAAAAAAAAC0oJgAAAOBB+AGcYwAAAKiQgAsAAAAAAAAAAAAAAACtGE0AzetNAAAAwN4IuAAAAAAAAAAAAC0IEwAAAPCvYgJoVpgAAACAPRJwAQAAAAAAAAAAqjcNne+wDgAAwH96E0CzwgQAAADskYALAAAAAAAAAAAAAAAArQkTQJMEmAAAANglARcAAAAAAAAAAKB2xQQAAAD8IkwAzi0AAADUQsAFAAAAAAAAAAAAAACA1vQmgOYUEwAAALBXAi4AAAAAAAAAAEDtwgQAAAA8o5gAmjKaAAAAgL0ScAEAAAAAAAAAAKo2DZ0P9wAAAPCcMAE0o5gAAACAPRNwAQAAAAAAAAAAahYmAAAA4AWCn9COMAEAAAB7JuACAAAAAAAAAADULEwAAADAK4oJoAmCSwAAAOyagAsAAAAAAAAAAAAAAACtChNA9YoJAAAA2DsBFwAAAAAAAAAAoFrT0PVWAAAA4BXjg4gL1M4ZBQAAYPcEXAAAAAAAAAAAAAAAAGhZmACqNpoAAACAvRNwAQAAAAAAAAAAahUmAAAA4Aa9CaBaxQQAAAAcgYALAAAAAAAAAABQqzABAAAA7pDgbAIAAEDtBFwAAAAAAAAAAIBahQkAAAC4UTEBVGk0AQAAAEcg4AIAAAAAAAAAAFRpGjof8AEAAOBW7pBQn2ICAAAAjkLABQAAAAAAAAAAqFGYAAAAgDsVE0BVehMAAABwFAIuAAAAAAAAAABAjcIEAAAAuEuC8wgAAAAtEHABAAAAAAAAAAAAAABgD8YH0QiohbMIAADAoQi4AAAAAAAAAAAA1ZmGrrcCAAAACWECqIL3dgAAADgUARcAAAAAAAAAAAAAAAD2QjQCthcmAAAA4GgEXAAAAAAAAAAAgNoUEwAAAPAOYQJwBgEAAGBNAi4AAAAAAAAAAAAAAADsSZgANtWbAAAAgKMRcAEAAAAAAAAAAKoyDZ0P+QAAAPAe7pWwnTABAAAARyTgAgAAAAAAAAAAAAAAwN4UE8AmwgQAAAAckYALAAAAAAAAAABQk2ICAAAAZhAmgE30JgAAAOCIBFwAAAAAAAAAAAAAAADYm9EEsLowAQAAAEcl4AIAAAAAAAAAAFRjGjrfpRkAAIC5FBOAMwcAAABrEHABAAAAAAAAAAAAAABgj0RCYV2jCQAAADgqARcAAAAAAAAAAKAWxQQAAADMLEwAqygmAAAA4MgEXAAAAAAAAAAAAAAAANirMAE4awAAALC0JxMAAAAAAAAAAAA1mIaut0J1vybP/v3TZTQOAADQiu93zWIGWJw3CwAAADi0RxMAAAAAAAAAAAAVCBMAAACwkGICcMYAAABgSQIuAAAAAAAAAABADcIEAAAAuHOCMwYAAAAtEnABAAAAAAAAAABqECYAAABgIaMJwBkDAACAJQm4AAAAAAAAAAAAm5uGzgd9AAAAWFIxAThbAAAAsBQBFwAAAAAAAAAAYGthAgAAANw9wdkCAACAVgm4AAAAAAAAAAAAWwsTAAAAsLDR/RMWO1sAAABweAIuAAAAAAAAAADA1sIEAAAAuH9Cc4oJAAAA4B8CLgAAAAAAAAAAwKamofOdmgEAAFhDbwKYVZgAAAAA/iHgAgAAAAAAAAAAbKmYAAAAgBWFCWC2syTKCwAAAP8ScAEAAAAAAAAAAAAAAOAoiglgFmECAAAA+D8BFwAAAAAAAAAAYDPT0PVWAAAAYEWjCWAW3tMBAACAHwi4AAAAAAAAAAAAWwkTAAAAsIFiAniXMAEAAAD8TMAFAAAAAAAAAADYSpgAAAAA91FwhgAAAKB1TyYAAAAAAAAAAAA20p8u4yL/4mnorAsAAMBLvl9G4/o4mwJSehMAAADAzx5NAAAAAAAAAAAAAAAAwMGECcDZAQAAgLkIuAAAAAAAAAAAAFsoJgAAAGBDvQkgJUwAAAAAvxNwAQAAAAAAAAAAthAmAAAAwN0UmiN+BAAAAM8QcAEAAAAAAAAAALYwmgAAAICNhQnAmQEAAIA5CLgAAAAAAAAAAABrKyYAAACgAr0J4C5hAgAAAHiegAsAAAAAAAAAALC2MAEAAACVKCaAm4keAQAAwAsEXAAAAAAAAAAAgLWNJgAAAKASYQK4STEBAAAAvEzABQAAAAAAAAAAWFOYAAAAgIqIjMJtwgQAAADwMgEXAAAAAAAAAABgTWECAAAAKlNMAG8SOwIAAIBXCLgAAAAAAAAAAABr6k0AAACAuyo0pZgAAAAAXifgAgAAAAAAAAAArCVMAAAAgDsrOB8AAACwNwIuAAAAAAAAAADAWsIEAAAAuLNCc0YTAAAAwOsEXAAAAAAAAAAAgLX0JgAAAMCdFZpSTAAAAABvE3ABAAAAAAAAAADWEGv9RNPQWRsAAICMYgL4TZgAAAAA3ibgAgAAAAAAAAAArCFMAAAAgLsrNGc0AQAAALxNwAUAAAAAAAAAAFhDbwIAAAAqJ1QBPysmAAAAgNsIuAAAAAAAAAAAAEsrJgAAAMAdFpoTJgAAAIDbCLgAAAAAAAAAAABLCxMAAADgDgvNnYXRDAAAAHAbARcAAAAAAAAAAGBpPuwDAABAS3fYMAM4BwAAAHAPARcAAAAAAAAAAGBJxQQAAAA0JkwAD70JAAAA4HYCLgAAAAAAAAAAwJLCBAAAADRGuIKjCxMAAADAfQRcAAAAAAAAAACApcT1MZoBAACARu+04PkPAAAA3OTJBAAAAAAAAAAAwELCBAAAANRgGrq7/vnTZSzutRz4vPS/nAejAAAAwBseTQAAAAAAAAAAACykNwEAAAAtmoZOsYKjChMAAADA/QRcAAAAAAAAAACAJRQTAAAA4G4LzQkTAAAAwP0EXAAAAAAAAAAAgCXEFj/pNHSWBwAA4Deny9jM3Ra2NA1dP8PZAQAAgMMRcAEAAAAAAAAAAOYW14dP9wAAANC0aejGBxEXjsXzHQAAAJIEXAAAAAAAAAAAgLmFCQAAAKjN6ZJqjbrjciSe7wAAAJAk4AIAAAAAAAAAAMytNwEAAAB7MA2dOy6Hfb4no0cAAABwSAIuAAAAAAAAAADAnIoJAAAA2JkwAQdQTAAAAAB5Ai4AAAAAAAAAAMCcwgQAAADU6nQZMz+sWI4DiBnOCgAAAByWgAsAAAAAAAAAADCXuD58ugcAAIBdmYbOXRfPcwAAAOBVAi4AAAAAAAAAAMBcigkAAABw5wXPbwAAADgaARcAAAAAAAAAAGAOcX1s+p2ap6HzqwAAAMCbTpfU9TUsx47FDGcEAAAADk3ABQAAAAAAAAAAmEOYAAAAgL2ahk7RAs9vAAAA4EUCLgAAAAAAAAAAwBx6EwAAALBzxQR4XgMAAADPeTIBAAAAAAAAAADwTsUEAAAAtOR0GTM/rHcHZocieR4AAACAHzyaAAAAAAAAAAAAeKfeBAAAABxEmICdUW8BAACAGTyZAAAAAAAAAAAAeIfy9fMfdfyXfP7mV2MlHz99MQIAANypmrsT770PxfUvZ0uwE8UEAAAAMI9HEwAAAAAAAAAAAO/QmwAAAAD3YGhSmAAAAADmIeACAAAAAAAAAABkFRMAAADgPgxNiutjNAMAAADMQ8AFAAAAAAAAAADI8l3HAQAAOKIwAZ7HAAAAwI8EXAAAAAAAAAAAgIxiAgAAAA5qNAE7IMwLAAAAMxJwAQAAAAAAAAAAMnzIBwAAgCMrJqBhYQIAAACYl4ALAAAAAAAAAABwr7MJAAAAODhhU1oWJgAAAIB5CbgAAAAAAAAAAAD3iOtjNAMAAACIYNAsASIAAACYmYALAAAAAAAAAABwj2ICAAAA+FuYAM9bAAAA4DsBFwAAAAAAAAAA4Fbl+hjNAAAAAH/rTUCDwgQAAAAwPwEXAAAAAAAAAADgVj6YBgAAAD8LE9AY7+8AAADAAgRcAAAAAAAAAACAW5xNAAAAAL8pJqAhYQIAAABYhoALAAAAAAAAAADwlrg+RjMAAADAb9yXaUmYAAAAAJYh4AIAAAAAAAAAALzlTxMAAADAi4oJaERvAgAAAFiGgAsAAAAAAAAAAPCaswkAAADgVWECGlBMAAAAAMsRcAEAAAAAAAAAAF4S18doBgAAAHjV+CDiQv08RwEAAGBBAi4AAAAAAAAAAMBz4vr40wwAAABw8z0aaibSCwAAAAsScAEAAAAAAAAAAJ4j3gIAAAC3601AxYoJAAAAYFkCLgAAAAAAAAAAwK/OJgAAAIC7hQnw3AQAAIBjEnABAAAAAAAAAAB+dL4+RjMAAADA3YoJqJT3egAAAGBhAi4AAAAAAAAAAMB/zg8+0AMAAABZ7tTUqJgAAAAAlvfh27dvVmD5J9qHD0aACpwufj8AYAvT0BkBAHDvBMC9E8DrWYBd+/r5DyMcjD8PBF7HAnj9CxzVx09fjAC+roKvXwDcxJ/tgrppbTC3RxMAAAAAAAAAAAAAAAAAAAAAAOQIuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQJuAAAAAAAAAAAAAAAAAAAAAAAJAm4AAAAAAAAAAAAAAAAAAAAAAAkCbgAAAAAAAAAAAAAAAAAAAAAACQ9mYA1nC6jEQAAr4WATU1DZwT/PwUA8DoJAADAXQQAAAAAAGAVfj8F6uAzRazl0QQAAAAAAAAAAAAAAAAAAAAAADkCLgAAAAAAAAAAAAAAAAAAAAAASQIuAAAAAAAAAAAAAAAAAAAAAABJAi4AAAAAAAAAAAAAAAAAAAAAAEkCLgAAAAAAAAAAAAAAAAAAAAAASQIuAAAAAAAAAAAAAAAAAAAAAABJAi4AAAAAAAAAAAAAAAAAAAAAAEkCLgAAAAAAAAAAAAAAAAAAAAAASQIuAAAAAAAAAAAAAAAAAAAAAABJAi4AAAAAAAAAAAAAAAAAAAAAAEkCLgAAAAAAAAAAAAAAAAAAAAAASQIuAAAAAAAAAAAAAAAAAAAAAABJAi4AAAAAAAAAAAAAAAAAAAAAAEkCLgAAAAAAAAAAAAAAAAAAAAAASQIuAAAAAAAAAAAAAAAAAAAAAABJAi4AAAAAAAAAAAAAAAAAAAAAAEkCLgAAAAAAAAAAAAAAAAAAAAAASQIu/MXevSC3bWQBFG2qtA/OSkJwR5oVTGMF5pIeZyXhSjytUJkosT5kE58GcE7VK7n8kcEHpVzuGJcAAAAAAAAAAAAAAAAAAAAAQCUBFwAAAAAAAAAAAAAAAAAAAACASgIuAAAAAAAAAAAAAAAAAAAAAACVBFwAAAAAAAAAAAAAAAAAAAAAACoJuAAAAAAAAAAAAAAAAAAAAAAAVBJwAQAAAAAAAAAAAAAAAAAAAACoJOACAAAAAAAAAAAAAAAAAAAAAFBJwAUAAAAAAAAAAAAAAAAAAAAAoJKACwAAAAAAAAAAAAAAAAAAAABAJQEXAAAAAAAAAAAAAAAAAAAAAIBKAi4AAAAAAAAAAAAAAAAAAAAAAJUEXAAAAAAAAAAAAAAAAAAAAAAAKgm4AAAAAAAAAAAAAAAAAAAAAABUEnABAAAAAAAAAAAAAAAAAAAAAKgk4AIAAAAAAAAAAAAAAAAAAAAAUEnABQAAAAAAAAAAAAAAAAAAAACgkoALAAAAAAAAAAAAAAAAAAAAAEAlARcAAAAAAAAAAAAAAAAAAAAAgEoCLgAAAAAAAAAAAAAAAAAAAAAAlQRcAAAAAAAAAAAAAAAAAAAAAAAqCbgAAAAAAAAAAAAAAAAAAAAAAFQScAEAAAAAAAAAAAAAAAAAAAAAqCTgAgAAAAAAAAAAAAAAAAAAAABQScAFAAAAAAAAAAAAAAAAAAAAAKCSgAsAAAAAAAAAAAAAAAAAAAAAQCUBFwAAAAAAAAAAAAAAAAAAAACASgIuAAAAAAAAAAAAAAAAAAAAAACVBFwAAAAAAAAAAAAAAAAAAAAAACoJuAAAAAAAAAAAAAAAAAAAAAAAVBJwAQAAAAAAAAAAAAAAAAAAAACoJOACAAAAAAAAAAAAAAAAAAAAAFBJwAUAAAAAAAAAAAAAAAAAAAAAoJKACwAAAAAAAAAAAAAAAAAAAABAJQEXAAAAAAAAAAAAAAAAAAAAAIBKAi4AAAAAAAAAAAAAAAAAAAAAAJUEXAAAAAAAAAAAAAAAAAAAAAAAKgm4AAAAAAAAAAAAAAAAAAAAAABUEnABAAAAAAAAAAAAAAAAAAAAAKgk4AIAAAAAAAAAAAAAAAAAAAAAUEnABQAAAAAAAAAAAAAAAAAAAACgkoALAAAAAAAAAAAAAAAAAAAAAEAlARcAAAAAAAAAAAAAAAAAAAAAgEoCLgAAAAAAAAAAAAAAAAAAAAAAlQRcAAAAAAAAAAAAAAAAAAAAAAAqCbgAAAAAAAAAAAAAAAAAAAAAAFQScAEAAAAAAAAAAAAAAAAAAAAAqCTgAgAAAAAAAAAAAAAAAAAAAABQScAFAAAAAAAAAAAAAAAAAAAAAKCSgAsAAAAAAAAAAAAAAAAAAAAAQCUBFwAAAAAAAAAAAAAAAAAAAACASgIuAAAAAAAAAAAAAAAAAAAAAACVBFwAAAAAAAAAAAAAAAAAAAAAACoJuAAAAAAAAAAAAAAAAAAAAAAAVBJwAQAAAAAAAAAAAAAAAAAAAACoJOACAAAAAAAAAAAAAAAAAAAAAFBJwAUAAAAAAAAAAAAAAAAAAAAAoJKACwAAAAAAAAAAAAAAAAAAAABApWcrYCL/sQIAAGBO+5fzR98dl9PhbDuLcSjTWQMAAADApvRWAM1yZgsA+LsKwLJ4rmN8Uca/RwP8OQAA0JhPnil65ZyPQQm4MJVsBQAAQKN/V/E/zJej8/dLAAAAgE3prACa/280WwMAsFEe7ACWyt/jxt+vf48G+DMAAGA5nPMxqCcrAAAAAAAAAACgMV3ysAsAAADAkMIKRufBPwAAANgwARcAAAAAAAAAAFrSJfEWAAAAgKE5bxlXWAEAAABsm4ALAAAAAAAAAAAtiCTeAgAAADCmbAWjCSsAAACAbRNwAQAAAAAAAABgblHmmMRbAAAAAMbUW4HdAgAAAOMQcAEAAAAAAAAAYE6RrvEWAAAAAMYXVmCnAAAAwPAEXAAAAAAAAAAAmEsk8RYAAACAKYUVDC5bAQAAACDgAgAAAAAAAADAHLok3gIAAAAwtd4KBne2AgAAAEDABQAAAAAAAACAqXXJgy0AAAAAcwkrGEy2AgAAAOCVgAsAAAAAAAAAAFPqkngLAAAAwJzCCuwSAAAAGJaACwAAAAAAAAAAU4gyuyTeAgAAADC33goG46wLAAAA+IOACwAAAAAAAAAAY4syR2sAAAAAaEa2AjsEAAAAhiPgAgAAAAAAAADAmHISbwEAAABoTVjBw3orAAAAAP70bAUAAAAAAAAAAIykK3O2BgAAAIDmOLN5TFgBAAAA8N6TFQAAAAAAAAAAMLBI4i0AAAAArctWUC2sAAAAAHjv2QoAAAAAAAAAABhQlDlaAwAAAEDzwgqq9VYAAAAAvPdkBQAAAAAAAAAADCQn8RYAAACApThbQZWwAgAAAOCfBFwAAAAAAAAAABhCl7zzMAAAAMDSZCuwMwAAAOBxAi4AAAAAAAAAADwi0jXe4h2bAQAAAJZHkPd+zsEAAACAXwi4AAAAAAAAAABQK8ock4dWAAAAAJYsrOBm2QoAAACAjwi4AAAAAAAAAABQI6drvAUAAACAZQsrsCsAAADgMQIuAAAAAAAAAADcqyvTWwMAAADAKjjnud3ZCgAAAICPCLgAAAAAAAAAAHCrKLNLHlQBAAAAWJuwgm9lKwAAAAA+I+ACAAAAAAAAAMAtcpmjNQAAAACsUljBt3orAAAAAD4j4AIAAAAAAAAAwHe65AEVAAAAgDVz9vO1sAIAAADgKwIuAAAAAAAAAAB8JsrsypytAgAAAGD1shV8KqwAAAAA+IqACwAAAAAAAAAAH8lljtYAAAAAsBlhBZ/qrQAAAAD4yrMVAAAAAAAAAADwD12ZszUAAAAAbIrzoI+FFQAAAADfebICAAAAAAAAAADeRJld8rAOAAAAwFZlK/hFWAEAAADwHQEXAAAAAAAAAABe5TJHawAAAADYtLCCX/RWAAAAAHxHwAUAAAAAAAAAYNuiTJc8iAIAAABASmcr+JtsBQAAAMAtBFwAAAAAAAAAALYryhyTB3MAAAAA+Eu2gv8LKwAAAABuIeACAAAAAAAAALBNXbrGWwAAAADgvd4K/k/4GAAAALiJgAsAAAAAAAAAwLZEmV3y8AkAAAAAnwsrSNkKAAAAgFsJuAAAAAAAAAAAbEcuc7QGAAAAAL4RVmAHAAAAwO0EXAAAAAAAAAAA1i/KdGV6qwAAAADgBls/R4oyZ18GAAAAwK0EXAAAAAAAAAAA1i2XOSYPnAAAAABwn/DaAQAAAG4j4AIAAAAAAAAAsE5RpkveLRkAAACAOnnDr92ZGgAAAHCXZysAAAAAAAAAAFidnDxkAgAAAMBjzht93eHWAwAAAPcScAEAAAAAAAAAWI9I13jL2Sraczkd1vvifvx0gwEAAGCd8ttsSbjtAAAAwL2erAAAAAAAAAAAYBVymWMSb2nW/sWtAQAAABYnNviae7cdAAAAuJeACwAAAAAAAADAskWZLnmwBAAAAIDhba1Im91yAAAAoIaACwAAAAAAAADAcuUyx7S9B2kWa//iVgEAAACLkzf0WsPtBgAAAGoIuAAAAAAAAAAALE+U6cr0VrE8Ii4AAADAwsSGXquDGwAAAKCKgAsAAAAAAAAAwLLkMsfkYRIAAAAApvF6DhUbeJ3ZrQYAAABqCbgAAAAAAAAAACxDlOnK9FaxfPsX/R0AAABgUcJrBAAAAPicgAsAAAAAAAAAQPtymWO6vtsxKyHiAgAAACzI2qPCkZy9AQAAAA8QcAEAAAAAAAAAaFeU2aX1PyCzWSIuAAAAwIKE1wYAAADwMQEXAAAAAAAAAIA2dWWO1gAAAABAI2LFr01AGQAAAHiIgAsAAAAAAAAAQFtymV2Zs1Vsw/7FrQYAAAAWYa2Rk3BrAQAAgEcJuAAAAAAAAAAAtCHKdMm7/W6SiAsAAACwEOE1AQAAAPzq2QoAAAAAAAAAAGbXlVHwAAAAAKB1Oa0veCKoDAAAADzsyQoAAAAAAAAAAGYTZXZJvIVi/+LLAAAAAGje2g4wslsKAAAADEHABQAAAAAAAABgelGmK3O0Ct4TcQEAAAAWIK/otYTbCQAAAAzh2QoAAAAAAAAAACaVy/TWwGfujbhcTgdLAwAAAKYUK3otaroAAADAIARcAAAAAAAAAACmkZNwCwMTbwEAAABmsJboSXYrAQAAgKE8WQEAAAAAAAAAwKiiTJfEWwAAAABYj7yC1xBuIwAAADCUZysAAAAAAAAAABhNl9bzjsQ05nI6WAIAAAAwl1jB9Tu3AwAAAAbzZAUAAAAAAAAAAIPLZXbJQyAAAAAArNPruVcs+PrDLQQAAACGJOACAAAAAAAAADCcSNdwS28VAAAAAKxcLPjand8BAAAAgxJwAQAAAAAAAAB4XJTpyhytgilcTgdLAAAAAOa21AhKuHUAAADA0ARcAAAAAAAAAADqRfor3HK2DgAAAAA2JlwzAAAAgIALAAAAAAAAAECtnIRbmMHldLAEAAAAoBWxwGvu3TYAAABgaAIuAAAAAAAAAAD3yWV2yYMeAAAAALC0M7LslgEAAABjEHABAAAAAAAAALhNTsItzOxyOlgCAAAA0JpwrQAAAMDWCbgAAAAAAAAAAHwtknALAAAAAHwmL+haz24XAAAAMAYBFwAAAAAAAACAj0WZrszRKgAAAADgU0uJomS3CgAAABiLgAsAAAAAAAAAwN9F+ivc4h15acr+xZckAAAA0KS8gGsMtwkAAAAYy7MVAAAAAAAAAAD8IdL1QROFDAAAAAC4Tyzg+pz7AQAAAKN5sgIAAAAAAAAAYOOiTFfmmDzEwQLsX3yZAgAAAM1p/cAi3CIAAABgTAIuAAAAAAAAAMBWRRJuAQAAAICh5IavrXd7AAAAgDEJuAAAAAAAAAAAWxNJuIWF27/40gUAAACaE64LAAAA2CoBFwAAAAAAAABgKyIJtwAAAADAWF7P3KLB6wq3BgAAABibgAsAAAAAAAAAsHaRhFtYof2LL2cAAACgOdHgNfVuCwAAADA2ARcAAAAAAAAAYK0iCbcAAAAAwJRai6VktwQAAACYgoALAAAAAAAAALA2kYRb2Ij9iy9xAAAAoDnhWgAAAICtebYCAAAAAAAAAGAlcro+kKFoAQAAAADziXQNLLfAWSEAAAAwCQEXAAAAAAAAAGDpcpneGliDy+lgCQAAAECT7ji36Pcv59zAJeevrrlco5sKAAAADObJCgAAAAAAAACAhcpldkm8BQAAAABGd2fwJBq45HDXAAAAgKkIuAAAAAAAAAAASxJluiTcwgrd8S7WAAAAAK3LM//+cTkdPi3O3BmjAQAAAPiWgAsAAAAAAAAAsASRruGWYxlPV7A64i0AAADAmnwVT5lIuAsAAADAlARcAAAAAAAAAICW5TK7JNwCAAAAALPbv9x1RJfnus7L6dC7WwAAAMCUnq0AAAAAAAAAAGhMvI2HLNiEy+lgCQAAAMAaRYu/750RGgAAAICbPFkBAAAAAAAAANCIKNOVOSbxFjZCvAUAAABYq8vpMFcpJWwfAAAAmJqACwAAAAAAAAAwt1xml67hFm9/CwAAAAAN27/cdYSXp76+y+kgDg0AAABM7tkKAAAAAAAAAIAZRLo+vCHYwmZdTgdLAAAAANYuJv798lc/eGd8BgAAAOBmT1YAAAAAAAAAAEwol9mVOSbxFjZMvAUAAADYgsvp8HoGGBP+lmHrAAAAwBwEXAAAAAAAAACAsUWZLl3DLb11AAAAAMCy7V/uajPHVNf1FowBAAAAmJyACwAAAAAAAAAwlpyu0ZZjGQ9OwJvL6WAJAAAAwGZcToepos75qx+8MzoDAAAAcJdnKwAAAAAAAAAABpTLxO8/fvM0BHzmx087AAAAgIX6/cdvlvCnO844/vXv/0b50I18RfHzp3MXAAAAYB5PVgAAAAAAAAAAPCjSNdyyK/P6brriLQAAAADAezH257+cDs4lAQAAgNk8WwEAAAAAAAAAUCHeprcKAAAAAOAbr+eIecTPH/sX/RYAAABgPgIuAAAAAAAAAMA9crqGWzwNAQAAAADcI6fxIi5C0wAAAMCsBFwAAAAAAAAAgO/kJNoCAAAAADwmFvZ5AQAAAG4m4AIAAAAAAAAAfCQn0RYAAAAAYDhjnTWG1QIAAABze7ICAAAAAAAAAOBNLtOV2ZXpk3gLAAAAADCsPMLn7K0VAAAAmNuzFQAAAAAAAADApuV0fYdasRYAAAAAYGwx8OfLVgoAAAC0QMAFAAAAAAAAALYl3o1oCwAAAAAwpaHPJMNKAQAAgBYIuAAAAAAAAADA+sXb9FYBAAAAAMwsv80QRKoBAACAJgi4AAAAAAAAAMA65XSNtniAAQAAAABoyWtoOg/webJVAgAAAK0QcAEAAAAAAACAdYi36a0CAAAAAGhclOkG+BwAAAAATRBwAQAAAAAAAIBlindztg4AAAAAYEEiPR5wcS4KAAAANEPABQAAAAAAAACWI7997K0CAAAAAFiw1zPO/MCvz1YIAAAAtETABQAAAAAAAADald8+CrYAAAAAAGsTZbrKX+vMFAAAAGiKgAsAAAAAAAAAtCHe5pWHDwAAAACAtYtUF3AJqwMAAABaI+ACAAAAAAAAAPPIbx+jzNk6AAAAAICNeQ1Z54pfF1YHAAAAtEbABQAAAAAAAADGF+mvhwp66wAAAAAA+ENO90dcnLECAAAAzRFwAQAAAAAAAIBhRRJrAQAAAAC4RYz88wEAAAAmIeACAAAAAAAAAPXy28coc7YOAAAAAIC73Huumq0MAAAAaJGACwAAAAAAAAB8L7/7dm8dAAAAAACDyen2MIuQNgAAANAkARcAAAAAAAAAuMrvvh3JgwAAAAAAAFOIG39etioAAACgVQIuAAAAAAAAAGxBpF8fAuitBQAAAABgdrfGtMOqAAAAgFYJuAAAAAAAAACwZPmT7+9///Gb7QAAAAAALENOn5/3/ulsTQAAAECrBFwAAAAAAAAAGFN+8NdH8o/yAQAAAADWrv/ix7p0PSsGAAAAaNbu58+ftgAAAAAAAAAAAAAAAAAAAAAAUOHJCgAAAAAAAAAAAAAAAAAAAAAA6gi4AAAAAAAAAAAAAAAAAAAAAABUEnABAAAAAAAAAAAAAAAAAAAAAKgk4AIAAAAAAAAAAAAAAAAAAAAAUEnABQAAAAAAAAAAAAAAAAAAAACgkoALAAAAAAAAAAAAAAAAAAAAAEAlARcAAAAAAAAAAAAAAAAAAAAAgEoCLgAAAAAAAAAAAAAAAAAAAAAAlQRcAAAAAAAAAAAAAAAAAAAAAAAqCbgAAAAAAAAAAAAAAAAAAAAAAFQScAEAAAAAAAAAAAAAAAAAAAAAqCTgAgAAAAAAAAAAAAAAAAAAAABQScAFAAAAAAAAAAAAAAAAAAAAAKCSgAsAAAAAAAAAAAAAAAAAAAAAQCUBFwAAAAAAAAAAAAAAAAAAAACASgIuAAAAAAAAAAAAAAAAAAAAAACVBFwAAAAAAAAAAAAAAAAAAAAAACoJuAAAAAAAAAAAAAAAAAAAAAAAVBJwAQAAAAAAAAAAAAAAAAAAAACoJOACAAAAAAAAAAAAAAAAAAAAAFBJwAUAAAAAAAAAAAAAAAAAAAAAoJKACwAAAAAAAAAAAAAAAAAAAABAJQEXAAAAAAAAAAAAAAAAAAAAAIBKAi4AAAAAAAAAAAAAAAAAAAAAAJUEXAAAAAAAAAAAAAAAAAAAAAAAKgm4AAAAAAAAAAAAAAAAAAAAAABUEnABAAAAAAAAAAAAAAAAAAAAAKgk4AIAAAAAAAAAAAAAAAAAAAAAUEnABQAAAAAAAAAAAAAAAAAAAACgkoALAAAAAAAAAAAAAAAAAAAAAEAlARcAAAAAAAAAAAAAAAAAAAAAgEoCLgAAAAAAAAAAAAAAAAAAAAAAlQRcAAAAAAAAAAAAAAAAAAAAAAAqCbgAAAAAAAAAAAAAAAAAAAAAAFQScAEAAAAAAAAAAAAAAAAAAAAAqCTgAgAAAAAAAAAAAAAAAAAAAABQScAFAAAAAAAAAAAAAAAAAAAAAKCSgAsAAAAAAAAAAAAAAAAAAAAAQCUBFwAAAAAAAAAAAAAAAAAAAACASgIuAAAAAAAAAAAAAAAAAAAAAACVBFwAAAAAAAAAAAAAAAAAAAAAACoJuAAAAAAAAAAAAAAAAAAAAAAAVBJwAQAAAAAAAAAAAAAAAAAAAACoJOACAAAAAAAAAAAAAAAAAAAAAFBJwAUAAAAAAAAAAAAAAAAAAAAAoJKACwAAAAAAAAAAAAAAAAAAAABAJQEXAAAAAAAAAAAAAAAAAAAAAIBKAi4AAAAAAAAAAAAAAAAAAAAA8D927lgAAAAAYJC/9Rx2F0gwCVwAAAAAAAAAAAAAAAAAAAAAACaBCwAAAAAAAAAAAAAAAAAAAADAJHABAAAAAAAAAAAAAAAAAAAAAJgELgAAAAAAAAAAAAAAAAAAAAAAk8AFAAAAAAAAAAAAAAAAAAAAAGASuAAAAAAAAAAAAAAAAAAAAAAATAIXAAAAAAAAAAAAAAAAAAAAAIBJ4AIAAAAAAAAAAAAAAAAAAAAAMAlcAAAAAAAAAAAAAAAAAAAAAAAmgQsAAAAAAAAAAAAAAAAAAAAAwCRwAQAAAAAAAAAAAAAAAAAAAACYBC4AAAAAAAAAAAAAAAAAAAAAAJPABQAAAAAAAAAAAAAAAAAAAABgErgAAAAAAAAAAAAAAAAAAAAAAEwCFwAAAAAAAAAAAAAAAAAAAACASeACAAAAAAAAAAAAAAAAAAAAADAJXAAAAAAAAAAAAAAAAAAAAAAAJoELAAAAAAAAAAAAAAAAAAAAAMAkcAEAAAAAAAAAAAAAAAAAAAAAmAQuAAAAAAAAAAAAAAAAAAAAAACTwAUAAAAAAAAAAAAAAAAAAAAAYBK4AAAAAAAAAAAAAAAAAAAAAABMCdDOHQsAAAAADPK3nsPuAkngAgAAAAAAAAAAAAAAAAAAAAAwCVwAAAAAAAAAAAAAAAAAAAAAACaBCwAAAAAAAAAAAAAAAAAAAADAJHABAAAAAAAAAAAAAAAAAAAAAJgELgAAAAAAAAAAAAAAAAAAAAAAk8AFAAAAAAAAAAAAAAAAAAAAAGASuAAAAAAAAAAAAAAAAAAAAAAATAIXAAAAAAAAAAAAAAAAAAAAAIBJ4AIAAAAAAAAAAAAAAAAAAAAAMAlcAAAAAAAAAAAAAAAAAAAAAAAmgQsAAAAAAAAAAAAAAAAAAAAAwCRwAQAAAAAAAAAAAAAAAAAAAACYBC4AAAAAAAAAAAAAAAAAAAAAAJPABQAAAAAAAAAAAAAAAAAAAABgErgAAAAAAAAAAAAAAAAAAAAAAEwCFwAAAAAAAAAAAAAAAAAAAACASeACAAAAAAAAAAAAAAAAAAAAADAJXAAAAAAAAAAAAAAAAAAAAAAAJoELAAAAAAAAAAAAAAAAAAAAAMAkcAEAAAAAAAAAAAAAAAAAAAAAmAQuAAAAAAAAAAAAAAAAAAAAAACTwAUAAAAAAAAAAAAAAAAAAAAAYBK4AAAAAAAAAAAAAAAAAAAAAABMAhcAAAAAAAAAAAAAAAAAAAAAgEngAgAAAAAAAAAAAAAAAAAAAAAwCVwAAAAAAAAAAAAAAAAAAAAAACaBCwAAAAAAAAAAAAAAAAAAAADAJHABAAAAAAAAAAAAAAAAAAAAAJgELgAAAAAAAAAAAAAAAAAAAAAAk8AFAAAAAAAAAAAAAAAAAAAAAGASuAAAAAAAAAAAAAAAAAAAAAAATAIXAAAAAAAAAAAAAAAAAAAAAIBJ4AIAAAAAAAAAAAAAAAAAAAAAMAlcAAAAAAAAAAAAAAAAAAAAAAAmgQsAAAAAAAAAAAAAAAAAAAAAwCRwAQAAAAAAAAAAAAAAAAAAAACYBC4AAAAAAAAAAAAAAAAAAAAAAJPABQAAAAAAAAAAAAAAAAAAAABgErgAAAAAAAAAAAAAAAAAAAAAAEwCFwAAAAAAAAAAAAAAAAAAAACASeACAAAAAAAAAAAAAAAAAAAAADAJXAAAAAAAAAAAAAAAAAAAAAAAJoELAAAAAAAAAAAAAAAAAAAAAMAkcAEAAAAAAAAAAAAAAAAAAAAAmAQuAAAAAAAAAAAAAAAAAAAAAACTwAUAAAAAAAAAAAAAAAAAAAAAYBK4AAAAAAAAAAAAAAAAAAAAAABMAhcAAAAAAAAAAAAAAAAAAAAAgEngAgAAAAAAAAAAAAAAAAAAAAAwCVwAAAAAAAAAAAAAAAAAAAAAACaBCwAAAAAAAAAAAAAAAAAAAADAJHABAAAAAAAAAAAAAAAAAAAAAJgELgAAAAAAAAAAAAAAAAAAAAAAk8AFAAAAAAAAAAAAAAAAAAAAAGASuAAAAAAAAAAAAAAAAAAAAAAATAIXAAAAAAAAAAAAAAAAAAAAAIBJ4AIAAAAAAAAAAAAAAAAAAAAAMAlcAAAAAAAAAAAAAAAAAAAAAAAmgQsAAAAAAAAAAAAAAAAAAAAAwCRwAQAAAAAAAAAAAAAAAAAAAACYBC4AAAAAAAAAAAAAAAAAAAAAAJPABQAAAAAAAAAAAAAAAAAAAABgErgAAAAAAAAAAAAAAAAAAAAAAEwCFwAAAAAAAAAAAAAAAAAAAACASeACAAAAAAAAAAAAAAAAAAAAADAJXAAAAAAAAAAAAAAAAAAAAAAAJoELAAAAAAAAAAAAAAAAAAAAAMAkcAEAAAAAAAAAAAAAAAAAAAAAmAJDDWGZmlwYagAAAABJRU5ErkJggjwhRE9DVFlQRSBIVE1MPjxodG1sCmxhbmc9ImVuLVVTIiBwcmVmaXg9Im9nOiBodHRwOi8vb2dwLm1lL25zIyI+PGhlYWQ+IDxzY3JpcHQgYXN5bmMgc3JjPSIvL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3BhZ2VhZC9qcy9hZHNieWdvb2dsZS5qcyI+PC9zY3JpcHQ+IDxzY3JpcHQ+KGFkc2J5Z29vZ2xlPXdpbmRvdy5hZHNieWdvb2dsZXx8W10pLnB1c2goe2dvb2dsZV9hZF9jbGllbnQ6ImNhLXB1Yi00MTMzMTk1NzU2Nzg5OTMzIixlbmFibGVfcGFnZV9sZXZlbF9hZHM6dHJ1ZX0pOzwvc2NyaXB0PiA8bWV0YQpodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCIgLz48bWV0YQpuYW1lPSd2aWV3cG9ydCcgY29udGVudD0nd2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEsIG1heGltdW0tc2NhbGU9MSwgdXNlci1zY2FsYWJsZT1ubywgbWluaW1hbC11aScgLz48IS0tW2lmIElFXT4gPHNjcmlwdCBzcmM9Imh0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L2pzL2h0bWw1LmpzIj48L3NjcmlwdD4gPCFbZW5kaWZdLS0+PGxpbmsKcmVsPSJhbHRlcm5hdGUiIHR5cGU9ImFwcGxpY2F0aW9uL3Jzcyt4bWwiIHRpdGxlPSJQbmdQaXggUlNTIEZlZWQiIGhyZWY9Imh0dHBzOi8vd3d3LnBuZ3BpeC5jb20vZmVlZCIgLz48bGluawpyZWw9InBpbmdiYWNrIiBocmVmPSJodHRwczovL3d3dy5wbmdwaXguY29tL3htbHJwYy5waHAiIC8+PGxpbmsKcmVsPSJzaG9ydGN1dCBpY29uIiB0eXBlPSJpbWFnZS9wbmciIGhyZWY9Imh0dHA6Ly93d3cucG5ncGl4LmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAxNi8wNi9mYXZpY29uLnBuZyIvPjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+aHRtbApib2R5e2JhY2tncm91bmQtY29sb3I6I0Y1RjVGNSFpbXBvcnRhbnR9LmZyb250LW92ZXJsYXktY29udGVudHtiYWNrZ3JvdW5kOnVybChodHRwOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L2ltYWdlcy9iZy5qcGcpfS5lbnRyeSBwIGEsIC5vbmVfaGFsZiBhLCAub25lX2hhbGZfbGFzdCBhLC5vbmVfdGhpcmQgYSwub25lX3RoaXJkX2xhc3QgYSwub25lX2ZvdXJ0aCBhLC5vbmVfZm91cnRoX2xhc3QgYSwuYm94aW5mbyBhLCAuYm94c3VjY2VzIGEsIC5ib3hlcnJvciBhLCAuYm94bm90aWNlCmF7Y29sb3I6I0ZGRiAhaW1wb3J0YW50fS5lbnRyeSBwIGEsIC5vbmVfaGFsZiBhLCAub25lX2hhbGZfbGFzdCBhLCAub25lX3RoaXJkIGEsIC5vbmVfdGhpcmRfbGFzdCBhLCAub25lX2ZvdXJ0aCBhLCAub25lX2ZvdXJ0aF9sYXN0IGEsIC5ib3hpbmZvIGEsIC5ib3hzdWNjZXMgYSwgLmJveGVycm9yIGEsIC5ib3hub3RpY2UKYXtiYWNrZ3JvdW5kLWNvbG9yOiNlNDM3NmQgIWltcG9ydGFudH0udG9wLXNvY2lhbCBsaSBhLCAubWVudS1jYXRlZ29yaWVzIC5qcXVlcnljc3NtZW51IHVsIGxpLm1vcmUgPiBhLCAjaW5mc2NyLWxvYWRpbmcgc3BhbiwgLnJiLWV4cGVyaWVuY2UtcmF0aW5nLCBkaXYuZmVlZC1pbmZvIGksIC5hcnRpY2xlX2xpc3QgbGkgLmFuLWRpc3BsYXktYXV0aG9yIGEsIHVsLmFydGljbGVfbGlzdCAuYW4td2lkZ2V0LXRpdGxlIGksIC53aWRnZXRfYW50aGVtZXNfY2F0ZWdvcmllcyBsaSwgZGl2LnRhZ2Nsb3VkIHNwYW4sIC53aWRnZXRfYXJjaGl2ZSBsaSwgLndpZGdldF9tZXRhIGxpLCAjbWNUYWdNYXAgLnRhZ2luZGV4IGg0LCAjc2NfbWNUYWdNYXAgLnRhZ2luZGV4IGg0LCB1bC5mb290ZXItc29jaWFsIGxpIGEsIGE6aG92ZXIsIC50cm9waHktZmVhdHVyZWQgaSwgdWwuZ3JpZF9saXN0IC5jb250ZW50IGE6aG92ZXIKaDJ7Y29sb3I6I2U0Mzc2ZCAhaW1wb3J0YW50fS5jdXN0b20tZHJvcGRvd24tLXdoaXRlOjpiZWZvcmUsIGlucHV0LmFwLWZvcm0tc3VibWl0LWJ1dHRvbiwgLndwLXBhZ2VuYXZpIGE6aG92ZXIsIC53cC1wYWdlbmF2aSBzcGFuLmN1cnJlbnQsIC5lbnRyeS1idG4sIC5teS1wYWdpbmF0ZWQtcG9zdHMgc3BhbiwgI25ld3NsZXR0ZXItZm9ybSBpbnB1dC5uZXdzbGV0dGVyLWJ0biwgI2NvbnRhY3Rmb3JtIC5zZW5kZW1haWwsICNiYWNrLXRvcCBzcGFuLCAjc2VhcmNoZm9ybTIgLmJ1dHRvbmljb24sIHVsLm12X2xpc3Rfc21hbGwgbGkgaDMgc3BhbiwgI3RhYnMgbGkuYWN0aXZlIGEsICN0YWJzIGxpLmFjdGl2ZSBhOmhvdmVyLCAjdGFiczIgbGkuYWN0aXZlMiBhLCAjdGFiczIgbGkuYWN0aXZlMiBhOmhvdmVye2JhY2tncm91bmQtY29sb3I6I2U0Mzc2ZCAhaW1wb3J0YW50fS5qcXVlcnljc3NtZW51IHVsIGxpID4gYTphZnRlciwgLmFyY2hpdmUtaGVhZGVyIGgzOmFmdGVyLCBkaXYuZW50cnktZXhjZXJwdDphZnRlciwgaDMud2lkZ2V0LXRpdGxlOmFmdGVyLCAucmItcmVzdW1lLWJsb2NrIC5yYi1leHBlcmllbmNlIC5yYi1zZWN0aW9uLXRpdGxlOmFmdGVyLCAucmItcmVzdW1lLWJsb2NrIC5yYi1leHBlcmllbmNlLWl0ZW0gLnJiLXJpZ2h0IHA6YWZ0ZXJ7YmFja2dyb3VuZDpub25lIHJlcGVhdCBzY3JvbGwgMCUgMCUgI2U0Mzc2ZCAhaW1wb3J0YW50fSNtY1RhZ01hcCAudGFnaW5kZXggaDQsICNzY19tY1RhZ01hcCAudGFnaW5kZXgKaDR7Ym9yZGVyLWJvdHRvbTo1cHggc29saWQgI2U0Mzc2ZCAhaW1wb3J0YW50fXVsI2luZmluaXRlLWFydGljbGVzCmxpLnN0aWNreXtib3JkZXItdG9wOjEwcHggc29saWQgI2U0Mzc2ZCAhaW1wb3J0YW50fS5lbnRyeS10b3Agc3BhbiBhLCBkaXYuZmVlZC1pbmZvIHN0cm9uZywgdWwuYXJ0aWNsZV9saXN0IC5hbi13aWRnZXQtdGl0bGUgc3BhbiBhLCAuY29weXJpZ2h0IGEsIC5tYWdhemluZS1saXN0IC5hbi13aWRnZXQtdGl0bGUgc3Bhbgphe2JvcmRlci1ib3R0b206MXB4IHNvbGlkICNlNDM3NmQgIWltcG9ydGFudH1kaXYudXBsb2FkYnRuIC5zaW1wbGVidG4sIC5mcm9udC1vdmVybGF5LWNvbnRlbnQgI3NlYXJjaGZvcm0xIC5idXR0b25pY29uLCAucG9zdC1jYXRlZ29yeSBhLCB1bC5hcnRpY2xlX2xpc3QgLmFydGljbGUtY2F0ZWdvcnl7YmFja2dyb3VuZC1jb2xvcjojZTQzNzZkICFpbXBvcnRhbnR9LmFydGljbGUtY29tbSwgLndwLXBhZ2VuYXZpIGEsIC53cC1wYWdlbmF2aSBzcGFuLCAuc2luZ2xlLWNvbnRlbnQgaDMudGl0bGUsIC5teS1wYWdpbmF0ZWQtcG9zdHMgcCBhLCAjd3AtY2FsZW5kYXIgdGJvZHkgdGQjdG9kYXksIC5jb21tZW50cyBoMy5jb21tZW50LXJlcGx5LXRpdGxlLCAjY29tbWVudGZvcm0gI3NlbmRlbWFpbCwgZm9ybS53cGNmNy1mb3JtIGlucHV0LndwY2Y3LXN1Ym1pdCwgLmJhci10b3AsIC5mYS1ib3gsICN0YWJzIGxpIGEsICN0YWJzMiBsaQphe2JhY2tncm91bmQtY29sb3I6IzIyMiAhaW1wb3J0YW50fS5zaW5nbGUtY29udGVudCBoMy50aXRsZSBpLCAuY29tbWVudHMgaDMuY29tbWVudC1yZXBseS10aXRsZQppe2JvcmRlci1jb2xvcjojMjIyIHRyYW5zcGFyZW50ICMyMjIgIzIyMjIyMiAhaW1wb3J0YW50fS5hcnJvdy1kb3duLXJlbGF0ZWR7Ym9yZGVyLXRvcDoxMHB4IHNvbGlkICMyMjIyMjIhaW1wb3J0YW50fS53aWRnZXQgaDMudGl0bGU6YWZ0ZXIsaDMudG9wLXRpdGxlOmFmdGVye2JhY2tncm91bmQ6bm9uZSByZXBlYXQgc2Nyb2xsIDAlIDAlICMyMjIgIWltcG9ydGFudH0uZnJvbnQtb3ZlcmxheS13cmFwCmgxe3BhZGRpbmctdG9wOjEwMHB4ICFpbXBvcnRhbnR9LmZyb250LW92ZXJsYXktY29udGVudCwuZnJvbnQtb3ZlcmxheS13cmFwe2hlaWdodDozNjBweCAhaW1wb3J0YW50fTwvc3R5bGU+PHRpdGxlPlBhZ2Ugbm90IGZvdW5kIC0gUG5nUGl4PC90aXRsZT48bWV0YQpuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsZm9sbG93Ii8+PG1ldGEKcHJvcGVydHk9Im9nOmxvY2FsZSIgY29udGVudD0iZW5fVVMiIC8+PG1ldGEKcHJvcGVydHk9Im9nOnR5cGUiIGNvbnRlbnQ9Im9iamVjdCIgLz48bWV0YQpwcm9wZXJ0eT0ib2c6dGl0bGUiIGNvbnRlbnQ9IlBhZ2Ugbm90IGZvdW5kIC0gUG5nUGl4IiAvPjxtZXRhCnByb3BlcnR5PSJvZzpzaXRlX25hbWUiIGNvbnRlbnQ9IlBuZ1BpeCIgLz48bWV0YQpuYW1lPSJ0d2l0dGVyOmNhcmQiIGNvbnRlbnQ9InN1bW1hcnkiIC8+PG1ldGEKbmFtZT0idHdpdHRlcjp0aXRsZSIgY29udGVudD0iUGFnZSBub3QgZm91bmQgLSBQbmdQaXgiIC8+IDxzY3JpcHQgdHlwZT0nYXBwbGljYXRpb24vbGQranNvbic+eyJAY29udGV4dCI6Imh0dHA6XC9cL3NjaGVtYS5vcmciLCJAdHlwZSI6IldlYlNpdGUiLCJAaWQiOiIjd2Vic2l0ZSIsInVybCI6Imh0dHBzOlwvXC93d3cucG5ncGl4LmNvbVwvIiwibmFtZSI6IlBuZ1BpeCIsInBvdGVudGlhbEFjdGlvbiI6eyJAdHlwZSI6IlNlYXJjaEFjdGlvbiIsInRhcmdldCI6Imh0dHBzOlwvXC93d3cucG5ncGl4LmNvbVwvP3M9e3NlYXJjaF90ZXJtX3N0cmluZ30iLCJxdWVyeS1pbnB1dCI6InJlcXVpcmVkIG5hbWU9c2VhcmNoX3Rlcm1fc3RyaW5nIn19PC9zY3JpcHQ+IDxsaW5rCnJlbD0nZG5zLXByZWZldGNoJyBocmVmPScvL2ZvbnRzLmdvb2dsZWFwaXMuY29tJyAvPjxsaW5rCnJlbD0nZG5zLXByZWZldGNoJyBocmVmPScvL3Mudy5vcmcnIC8+PGxpbmsKcmVsPSJhbHRlcm5hdGUiIHR5cGU9ImFwcGxpY2F0aW9uL3Jzcyt4bWwiIHRpdGxlPSJQbmdQaXggJnJhcXVvOyBGZWVkIiBocmVmPSJodHRwczovL3d3dy5wbmdwaXguY29tL2ZlZWQiIC8+PGxpbmsKcmVsPSJhbHRlcm5hdGUiIHR5cGU9ImFwcGxpY2F0aW9uL3Jzcyt4bWwiIHRpdGxlPSJQbmdQaXggJnJhcXVvOyBDb21tZW50cyBGZWVkIiBocmVmPSJodHRwczovL3d3dy5wbmdwaXguY29tL2NvbW1lbnRzL2ZlZWQiIC8+IDxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij53aW5kb3cuX3dwZW1vamlTZXR0aW5ncz17ImJhc2VVcmwiOiJodHRwczpcL1wvcy53Lm9yZ1wvaW1hZ2VzXC9jb3JlXC9lbW9qaVwvMi40XC83Mng3MlwvIiwiZXh0IjoiLnBuZyIsInN2Z1VybCI6Imh0dHBzOlwvXC9zLncub3JnXC9pbWFnZXNcL2NvcmVcL2Vtb2ppXC8yLjRcL3N2Z1wvIiwic3ZnRXh0IjoiLnN2ZyIsInNvdXJjZSI6eyJjb25jYXRlbW9qaSI6Imh0dHBzOlwvXC93d3cucG5ncGl4LmNvbVwvd3AtaW5jbHVkZXNcL2pzXC93cC1lbW9qaS1yZWxlYXNlLm1pbi5qcz92ZXI9NC45LjQifX07IWZ1bmN0aW9uKGEsYixjKXtmdW5jdGlvbiBkKGEsYil7dmFyIGM9U3RyaW5nLmZyb21DaGFyQ29kZTtsLmNsZWFyUmVjdCgwLDAsay53aWR0aCxrLmhlaWdodCksbC5maWxsVGV4dChjLmFwcGx5KHRoaXMsYSksMCwwKTt2YXIgZD1rLnRvRGF0YVVSTCgpO2wuY2xlYXJSZWN0KDAsMCxrLndpZHRoLGsuaGVpZ2h0KSxsLmZpbGxUZXh0KGMuYXBwbHkodGhpcyxiKSwwLDApO3ZhciBlPWsudG9EYXRhVVJMKCk7cmV0dXJuIGQ9PT1lfWZ1bmN0aW9uIGUoYSl7dmFyIGI7aWYoIWx8fCFsLmZpbGxUZXh0KXJldHVybiExO3N3aXRjaChsLnRleHRCYXNlbGluZT0idG9wIixsLmZvbnQ9IjYwMCAzMnB4IEFyaWFsIixhKXtjYXNlImZsYWciOnJldHVybiEoYj1kKFs1NTM1Niw1NjgyNiw1NTM1Niw1NjgxOV0sWzU1MzU2LDU2ODI2LDgyMDMsNTUzNTYsNTY4MTldKSkmJihiPWQoWzU1MzU2LDU3MzMyLDU2MTI4LDU2NDIzLDU2MTI4LDU2NDE4LDU2MTI4LDU2NDIxLDU2MTI4LDU2NDMwLDU2MTI4LDU2NDIzLDU2MTI4LDU2NDQ3XSxbNTUzNTYsNTczMzIsODIwMyw1NjEyOCw1NjQyMyw4MjAzLDU2MTI4LDU2NDE4LDgyMDMsNTYxMjgsNTY0MjEsODIwMyw1NjEyOCw1NjQzMCw4MjAzLDU2MTI4LDU2NDIzLDgyMDMsNTYxMjgsNTY0NDddKSwhYik7Y2FzZSJlbW9qaSI6cmV0dXJuIGI9ZChbNTUzNTcsNTY2OTIsODIwNSw5NzkyLDY1MDM5XSxbNTUzNTcsNTY2OTIsODIwMyw5NzkyLDY1MDM5XSksIWJ9cmV0dXJuITF9ZnVuY3Rpb24gZihhKXt2YXIgYz1iLmNyZWF0ZUVsZW1lbnQoInNjcmlwdCIpO2Muc3JjPWEsYy5kZWZlcj1jLnR5cGU9InRleHQvamF2YXNjcmlwdCIsYi5nZXRFbGVtZW50c0J5VGFnTmFtZSgiaGVhZCIpWzBdLmFwcGVuZENoaWxkKGMpfXZhciBnLGgsaSxqLGs9Yi5jcmVhdGVFbGVtZW50KCJjYW52YXMiKSxsPWsuZ2V0Q29udGV4dCYmay5nZXRDb250ZXh0KCIyZCIpO2ZvcihqPUFycmF5KCJmbGFnIiwiZW1vamkiKSxjLnN1cHBvcnRzPXtldmVyeXRoaW5nOiEwLGV2ZXJ5dGhpbmdFeGNlcHRGbGFnOiEwfSxpPTA7aTxqLmxlbmd0aDtpKyspYy5zdXBwb3J0c1tqW2ldXT1lKGpbaV0pLGMuc3VwcG9ydHMuZXZlcnl0aGluZz1jLnN1cHBvcnRzLmV2ZXJ5dGhpbmcmJmMuc3VwcG9ydHNbaltpXV0sImZsYWciIT09altpXSYmKGMuc3VwcG9ydHMuZXZlcnl0aGluZ0V4Y2VwdEZsYWc9Yy5zdXBwb3J0cy5ldmVyeXRoaW5nRXhjZXB0RmxhZyYmYy5zdXBwb3J0c1tqW2ldXSk7Yy5zdXBwb3J0cy5ldmVyeXRoaW5nRXhjZXB0RmxhZz1jLnN1cHBvcnRzLmV2ZXJ5dGhpbmdFeGNlcHRGbGFnJiYhYy5zdXBwb3J0cy5mbGFnLGMuRE9NUmVhZHk9ITEsYy5yZWFkeUNhbGxiYWNrPWZ1bmN0aW9uKCl7Yy5ET01SZWFkeT0hMH0sYy5zdXBwb3J0cy5ldmVyeXRoaW5nfHwoaD1mdW5jdGlvbigpe2MucmVhZHlDYWxsYmFjaygpfSxiLmFkZEV2ZW50TGlzdGVuZXI/KGIuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsaCwhMSksYS5hZGRFdmVudExpc3RlbmVyKCJsb2FkIixoLCExKSk6KGEuYXR0YWNoRXZlbnQoIm9ubG9hZCIsaCksYi5hdHRhY2hFdmVudCgib25yZWFkeXN0YXRlY2hhbmdlIixmdW5jdGlvbigpeyJjb21wbGV0ZSI9PT1iLnJlYWR5U3RhdGUmJmMucmVhZHlDYWxsYmFjaygpfSkpLGc9Yy5zb3VyY2V8fHt9LGcuY29uY2F0ZW1vamk/ZihnLmNvbmNhdGVtb2ppKTpnLndwZW1vamkmJmcudHdlbW9qaSYmKGYoZy50d2Vtb2ppKSxmKGcud3BlbW9qaSkpKX0od2luZG93LGRvY3VtZW50LHdpbmRvdy5fd3BlbW9qaVNldHRpbmdzKTs8L3NjcmlwdD4gPHN0eWxlIHR5cGU9InRleHQvY3NzIj5pbWcud3Atc21pbGV5LGltZy5lbW9qaXtkaXNwbGF5OmlubGluZSAhaW1wb3J0YW50O2JvcmRlcjpub25lICFpbXBvcnRhbnQ7Ym94LXNoYWRvdzpub25lICFpbXBvcnRhbnQ7aGVpZ2h0OjFlbSAhaW1wb3J0YW50O3dpZHRoOjFlbSAhaW1wb3J0YW50O21hcmdpbjowCi4wN2VtICFpbXBvcnRhbnQ7dmVydGljYWwtYWxpZ246LTAuMWVtICFpbXBvcnRhbnQ7YmFja2dyb3VuZDpub25lICFpbXBvcnRhbnQ7cGFkZGluZzowCiFpbXBvcnRhbnR9PC9zdHlsZT48bGluawpyZWw9J3N0eWxlc2hlZXQnIGlkPSdhbnRoZW1lc19zaG9ydGNvZGVfc3R5bGVzLWNzcycgIGhyZWY9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC9wbHVnaW5zL2FudGhlbWVzLXNob3J0Y29kZXMvaW5jbHVkZXMvY3NzL2FudGhlbWVzLXNob3J0Y29kZXMuY3NzP3Zlcj00LjkuNCcgdHlwZT0ndGV4dC9jc3MnIG1lZGlhPSdhbGwnIC8+PGxpbmsKcmVsPSdzdHlsZXNoZWV0JyBpZD0nYXJldmljb19zY3NmYmNzcy1jc3MnICBocmVmPSdodHRwczovL3d3dy5wbmdwaXguY29tL3dwLWNvbnRlbnQvcGx1Z2lucy9mYWNlYm9vay1wYWdlLXByb21vdGVyLWxpZ2h0Ym94L2luY2x1ZGVzL2ZlYXRoZXJsaWdodC9mZWF0aGVybGlnaHQubWluLmNzcz92ZXI9NC45LjQnIHR5cGU9J3RleHQvY3NzJyBtZWRpYT0nYWxsJyAvPjxsaW5rCnJlbD0nc3R5bGVzaGVldCcgaWQ9J3dwLXBhZ2VuYXZpLWNzcycgIGhyZWY9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC9wbHVnaW5zL3dwLXBhZ2VuYXZpL3BhZ2VuYXZpLWNzcy5jc3M/dmVyPTIuNzAnIHR5cGU9J3RleHQvY3NzJyBtZWRpYT0nYWxsJyAvPjxsaW5rCnJlbD0nc3R5bGVzaGVldCcgaWQ9J3N0eWxlLWNzcycgIGhyZWY9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L3N0eWxlLmNzcz92ZXI9MS4wJyB0eXBlPSd0ZXh0L2NzcycgbWVkaWE9J2FsbCcgLz48bGluawpyZWw9J3N0eWxlc2hlZXQnIGlkPSdkZWZhdWx0LWNzcycgIGhyZWY9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L2Nzcy9jb2xvcnMvZGVmYXVsdC5jc3M/dmVyPTQuOS40JyB0eXBlPSd0ZXh0L2NzcycgbWVkaWE9J2FsbCcgLz48bGluawpyZWw9J3N0eWxlc2hlZXQnIGlkPSdvd2wtY2Fyb3VzZWwtY3NzLWNzcycgIGhyZWY9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L293bC1jYXJvdXNlbC9vd2wuY2Fyb3VzZWwuY3NzP3Zlcj00LjkuNCcgdHlwZT0ndGV4dC9jc3MnIG1lZGlhPSdhbGwnIC8+PGxpbmsKcmVsPSdzdHlsZXNoZWV0JyBpZD0ncmVzcG9uc2l2ZS1jc3MnICBocmVmPSdodHRwczovL3d3dy5wbmdwaXguY29tL3dwLWNvbnRlbnQvdGhlbWVzL3BuZ3BpeC9jc3MvcmVzcG9uc2l2ZS5jc3M/dmVyPTEuMCcgdHlwZT0ndGV4dC9jc3MnIG1lZGlhPSdhbGwnIC8+PGxpbmsKcmVsPSdzdHlsZXNoZWV0JyBpZD0nZ29vZ2xlLWZvbnQtY3NzJyAgaHJlZj0nLy9mb250cy5nb29nbGVhcGlzLmNvbS9jc3M/ZmFtaWx5PVJ1ZGElM0E0MDAlMkM3MDAmIzAzODt2ZXI9NC45LjQnIHR5cGU9J3RleHQvY3NzJyBtZWRpYT0nYWxsJyAvPjxsaW5rCnJlbD0nc3R5bGVzaGVldCcgaWQ9J2ZvbnQtYXdlc29tZS1jc3MnICBocmVmPSdodHRwczovL3d3dy5wbmdwaXguY29tL3dwLWNvbnRlbnQvdGhlbWVzL3BuZ3BpeC9jc3MvZm9udC1hd2Vzb21lLTQuNS4wL2Nzcy9mb250LWF3ZXNvbWUubWluLmNzcz92ZXI9NC45LjQnIHR5cGU9J3RleHQvY3NzJyBtZWRpYT0nYWxsJyAvPiA8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCcgc3JjPSdodHRwczovL3d3dy5wbmdwaXguY29tL3dwLWluY2x1ZGVzL2pzL2pxdWVyeS9qcXVlcnkuanM/dmVyPTEuMTIuNCc+PC9zY3JpcHQ+IDxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtaW5jbHVkZXMvanMvanF1ZXJ5L2pxdWVyeS1taWdyYXRlLm1pbi5qcz92ZXI9MS40LjEnPjwvc2NyaXB0PiA8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCcgc3JjPSdodHRwczovL3d3dy5wbmdwaXguY29tL3dwLWNvbnRlbnQvcGx1Z2lucy9mYWNlYm9vay1wYWdlLXByb21vdGVyLWxpZ2h0Ym94L2luY2x1ZGVzL2ZlYXRoZXJsaWdodC9mZWF0aGVybGlnaHQubWluLmpzP3Zlcj00LjkuNCc+PC9zY3JpcHQ+IDxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0Jz52YXIgbGJfbF9yZXQ9eyJ3aWR0aCI6IjQwMCIsImhlaWdodCI6IjI1NSIsImRlbGF5IjoiMTAwMDAiLCJjb2MiOiIxIiwiZmJfaWQiOiJwbmdwaXgiLCJjb29jIjoiMCIsImRpc3BsYXlfb25fYWxsIjoiMSIsInNob3dfb25jZSI6IjEiLCJtaW4iOiIwIiwicGVyZm9ybWFuY2UiOiIwIn07PC9zY3JpcHQ+IDxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC9wbHVnaW5zL2ZhY2Vib29rLXBhZ2UtcHJvbW90ZXItbGlnaHRib3gvaW5jbHVkZXMvbGF1bmNoL2xhdW5jaC5taW4uanM/dmVyPTQuOS40Jz48L3NjcmlwdD4gPGxpbmsKcmVsPSdodHRwczovL2FwaS53Lm9yZy8nIGhyZWY9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtanNvbi8nIC8+PGxpbmsKcmVsPSJFZGl0VVJJIiB0eXBlPSJhcHBsaWNhdGlvbi9yc2QreG1sIiB0aXRsZT0iUlNEIiBocmVmPSJodHRwczovL3d3dy5wbmdwaXguY29tL3htbHJwYy5waHA/cnNkIiAvPjxsaW5rCnJlbD0id2x3bWFuaWZlc3QiIHR5cGU9ImFwcGxpY2F0aW9uL3dsd21hbmlmZXN0K3htbCIgaHJlZj0iaHR0cHM6Ly93d3cucG5ncGl4LmNvbS93cC1pbmNsdWRlcy93bHdtYW5pZmVzdC54bWwiIC8+PG1ldGEKbmFtZT0iZ2VuZXJhdG9yIiBjb250ZW50PSJXb3JkUHJlc3MgNC45LjQiIC8+IDxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij53aW5kb3cuX3NlX3BsdWdpbl92ZXJzaW9uPSc4LjEuOSc7PC9zY3JpcHQ+IDwvaGVhZD48Ym9keQpjbGFzcz0iZXJyb3I0MDQiPjxoZWFkZXI+PGRpdgpjbGFzcz0ibWFpbi1oZWFkZXIiPjxkaXYKY2xhc3M9InN0aWNreS1vbiI+PGEKaHJlZj0iaHR0cHM6Ly93d3cucG5ncGl4LmNvbS8iPjxpbWcKY2xhc3M9ImxvZ28iIHNyYz0iaHR0cDovL3d3dy5wbmdwaXguY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDE2LzA2L2xvZ28ucG5nIiBhbHQ9IlBuZ1BpeCIgLz48L2E+PG5hdgppZD0ibXlqcXVlcnltZW51IiBjbGFzcz0ianF1ZXJ5Y3NzbWVudSI+CjwvbmF2PjxkaXYKY2xhc3M9InVwbG9hZGJ0biI+CjxhCmhyZWY9IiMiIGNsYXNzPSJzaW1wbGVidG4iPjxpCmNsYXNzPSJmYSBmYS1jbG91ZC11cGxvYWQiPjwvaT4gPHNwYW4+U3VibWl0PC9zcGFuPjwvYT48L2Rpdj48ZGl2CmNsYXNzPSJjdXN0b20tZHJvcGRvd24gY3VzdG9tLWRyb3Bkb3duLS13aGl0ZSI+PGZvcm0KYWN0aW9uPSJodHRwczovL3d3dy5wbmdwaXguY29tLyIgbWV0aG9kPSJnZXQiPgo8c2VsZWN0Cm5hbWU9J2NhdCcgaWQ9J2NhdCcgY2xhc3M9J3Bvc3Rmb3JtJyAgb25jaGFuZ2U9J3JldHVybiB0aGlzLmZvcm0uc3VibWl0KCknPjxvcHRpb24KdmFsdWU9JzAnIHNlbGVjdGVkPSdzZWxlY3RlZCc+QnJvd3NlIENhdGVnb3JpZXM8L29wdGlvbj48b3B0aW9uCmNsYXNzPSJsZXZlbC0wIiB2YWx1ZT0iMjAwNyI+Q2xpcGFydHMmbmJzcDsmbmJzcDsoNDg4KTwvb3B0aW9uPjxvcHRpb24KY2xhc3M9ImxldmVsLTAiIHZhbHVlPSIyNTUzIj5DZWxlYnJpdHkmbmJzcDsmbmJzcDsoMjk5KTwvb3B0aW9uPjxvcHRpb24KY2xhc3M9ImxldmVsLTAiIHZhbHVlPSIxNDIiPlZlZ2V0YWJsZXMmbmJzcDsmbmJzcDsoMzQxKTwvb3B0aW9uPjxvcHRpb24KY2xhc3M9ImxldmVsLTAiIHZhbHVlPSIxNDUiPkZydWl0cyZuYnNwOyZuYnNwOygzOTMpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE0NCI+QW5pbWFscyZuYnNwOyZuYnNwOygxOTcpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE1NSI+QmlyZHMmbmJzcDsmbmJzcDsoNTYpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE0OCI+Rmxvd2VycyZuYnNwOyZuYnNwOyg1Nik8L29wdGlvbj48b3B0aW9uCmNsYXNzPSJsZXZlbC0wIiB2YWx1ZT0iMTQzIj5DYXJzJm5ic3A7Jm5ic3A7KDgxMSk8L29wdGlvbj48b3B0aW9uCmNsYXNzPSJsZXZlbC0wIiB2YWx1ZT0iMTU3Ij5WZWhpY2xlcyZuYnNwOyZuYnNwOygzMjEpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE1NiI+RWxlY3Ryb25pY3MmbmJzcDsmbmJzcDsoMzA5KTwvb3B0aW9uPjxvcHRpb24KY2xhc3M9ImxldmVsLTAiIHZhbHVlPSIxNDYiPkZvb2QmbmJzcDsmbmJzcDsoMzczKTwvb3B0aW9uPjxvcHRpb24KY2xhc3M9ImxldmVsLTAiIHZhbHVlPSIxNTEiPlBlb3BsZSZuYnNwOyZuYnNwOygzMTUpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE0OSI+RmFzaGlvbiZuYnNwOyZuYnNwOygxMTMpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE1MiI+RnVybml0dXJlJm5ic3A7Jm5ic3A7KDI2KTwvb3B0aW9uPjxvcHRpb24KY2xhc3M9ImxldmVsLTAiIHZhbHVlPSIxNTQiPkluc2VjdHMmbmJzcDsmbmJzcDsoNDIpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE0NyI+TmF0dXJlJm5ic3A7Jm5ic3A7KDE3Myk8L29wdGlvbj48b3B0aW9uCmNsYXNzPSJsZXZlbC0wIiB2YWx1ZT0iMTUzIj5TcG9ydHMmbmJzcDsmbmJzcDsoMTQ4KTwvb3B0aW9uPjxvcHRpb24KY2xhc3M9ImxldmVsLTAiIHZhbHVlPSIxNTAiPk9iamVjdHMmbmJzcDsmbmJzcDsoMSwxMDcpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE1OSI+V2VhcG9ucyZuYnNwOyZuYnNwOygxMjcpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9IjE1OCI+VG9vbHMmbmJzcDsmbmJzcDsoMTAwKTwvb3B0aW9uPjxvcHRpb24KY2xhc3M9ImxldmVsLTAiIHZhbHVlPSIxMTg1Ij5Mb2dvcyZuYnNwOyZuYnNwOygzODEpPC9vcHRpb24+PG9wdGlvbgpjbGFzcz0ibGV2ZWwtMCIgdmFsdWU9Ijk4Ij5PdGhlcnMmbmJzcDsmbmJzcDsoNTQpPC9vcHRpb24+Cjwvc2VsZWN0Pgo8bm9zY3JpcHQ+PGRpdj48aW5wdXQKdHlwZT0ic3VibWl0IiB2YWx1ZT0iVmlldyIgLz48L2Rpdj48L25vc2NyaXB0PjwvZm9ybT48L2Rpdj48Zm9ybQppZD0ic2VhcmNoZm9ybTIiIGNsYXNzPSJoZWFkZXItc2VhcmNoIiBtZXRob2Q9ImdldCIgYWN0aW9uPSJodHRwczovL3d3dy5wbmdwaXguY29tLyI+PGlucHV0CnBsYWNlaG9sZGVyPSJTZWFyY2ggUE5HIC4uLiIgdHlwZT0idGV4dCIgbmFtZT0icyIgaWQ9InMiIC8+PGlucHV0CnR5cGU9InN1Ym1pdCIgdmFsdWU9IlNlYXJjaCIgY2xhc3M9ImJ1dHRvbmljb24iIC8+PC9mb3JtPjxkaXYKY2xhc3M9ImNsZWFyIj48L2Rpdj48L2Rpdj48ZGl2CmNsYXNzPSJjbGVhciI+PC9kaXY+PC9kaXY+PC9oZWFkZXI+PGRpdgpjbGFzcz0iY2xlYXIiPjwvZGl2PjxkaXYKY2xhc3M9InN1Yi1oZWFkZXIiPjxkaXYKY2xhc3M9IndyYXAtbWlkZGxlIj48Zm9ybQppZD0ic2VhcmNoZm9ybTIiIGNsYXNzPSJoZWFkZXItc2VhcmNoIiBtZXRob2Q9ImdldCIgYWN0aW9uPSJodHRwczovL3d3dy5wbmdwaXguY29tLyI+PGlucHV0CnBsYWNlaG9sZGVyPSJTZWFyY2ggUE5HIC4uLiIgdHlwZT0idGV4dCIgbmFtZT0icyIgaWQ9InMiIC8+PGlucHV0CnR5cGU9InN1Ym1pdCIgdmFsdWU9IlNlYXJjaCIgY2xhc3M9ImJ1dHRvbmljb24iIC8+PC9mb3JtPjxkaXYKY2xhc3M9ImNsZWFyIj48L2Rpdj48L2Rpdj48L2Rpdj48ZGl2CmNsYXNzPSJob21lLWZ1bGx3aWR0aCI+PGRpdgpjbGFzcz0id3JhcC1jb250ZW50Ij48ZGl2CmNsYXNzPSJhcmNoaXZlLWhlYWRlciI+PGgzPkVycm9yIDQwNCAtIE5vdCBGb3VuZCA8YnIKLz4gU29ycnksIGJ1dCB5b3UgYXJlIGxvb2tpbmcgZm9yIHNvbWV0aGluZyB0aGF0IGlzbiYjMDM5O3QgaGVyZS48L2gzPjwvZGl2Pjx1bAppZD0iaW5maW5pdGUtYXJ0aWNsZXMiIGNsYXNzPSJncmlkX2xpc3QganMtbWFzb25yeSIgZGF0YS1tYXNvbnJ5LW9wdGlvbnM9J3sgImNvbHVtbldpZHRoIjogMCB9Jz48L3VsPjxkaXYKY2xhc3M9ImNsZWFyIj48L2Rpdj48L2Rpdj48ZGl2CmNsYXNzPSJjbGVhciI+PC9kaXY+PC9kaXY+PGZvb3Rlcj48ZGl2CmNsYXNzPSJzb2NpYWwtc2VjdGlvbiI+PHVsCmNsYXNzPSJmb290ZXItc29jaWFsIj48bGk+PGEKaHJlZj0iaHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL3BuZ3BpeCIgdGFyZ2V0PSJfYmxhbmsiPjxpCmNsYXNzPSJmYSBmYS1mYWNlYm9vayI+PC9pPjwvYT48L2xpPjxsaT48YQpocmVmPSJodHRwczovL3R3aXR0ZXIuY29tL3BuZ3BpeGNvbSIgdGFyZ2V0PSJfYmxhbmsiPjxpCmNsYXNzPSJmYSBmYS10d2l0dGVyIj48L2k+CjwvYT48L2xpPjxsaT48YQpocmVmPSJodHRwczovL3d3dy5waW50ZXJlc3QuY29tL3BuZ3BpeGNvbS8iIHRhcmdldD0iX2JsYW5rIj48aQpjbGFzcz0iZmEgZmEtcGludGVyZXN0Ij48L2k+PC9hPjwvbGk+PGxpPjxhCmhyZWY9IiMiPjxpCmNsYXNzPSJmYSBmYS1nb29nbGUtcGx1cyI+PC9pPjwvYT48L2xpPjxsaT48YQpocmVmPSIjIj48aQpjbGFzcz0iZmEgZmEteW91dHViZSI+PC9pPjwvYT48L2xpPjwvdWw+PC9kaXY+PGRpdgpjbGFzcz0id3JhcC1mb290ZXIiPjxkaXYKY2xhc3M9ImNvcHlyaWdodCI+CkNvcHlyaWdodCDCqSAyMDE4IFBuZ1BpeCA8YQpocmVmPSIjIj5BYm91dDwvYT4gfCA8YQpocmVmPSIjIj5MaWNlbnNlPC9hPiB8IDxhCmhyZWY9IiMiPlRlcm1zIG9mIFNlcnZpY2U8L2E+IHwgPGEKaHJlZj0iIyI+RE1DQSBDb3B5cmlnaHQgUG9saWN5PC9hPjwvZGl2PjwvZGl2PjxwCmlkPSJiYWNrLXRvcCI+PGEKaHJlZj0iI3RvcCI+PHNwYW4+PC9zcGFuPjwvYT48L3A+CjwvZm9vdGVyPiA8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+dmFyIGpxdWVyeWNzc21lbnU9e2ZhZGVzZXR0aW5nczp7b3ZlcmR1cmF0aW9uOjAsb3V0ZHVyYXRpb246MTAwfSxidWlsZG1lbnU6ZnVuY3Rpb24oYixhKXtqUXVlcnkoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKGUpe3ZhciBjPWUoIiMiK2IrIj51bCIpO3ZhciBkPWMuZmluZCgidWwiKS5wYXJlbnQoKTtkLmVhY2goZnVuY3Rpb24oZyl7dmFyIGg9ZSh0aGlzKTt2YXIgZj1lKHRoaXMpLmZpbmQoInVsOmVxKDApIik7dGhpcy5fZGltZW5zaW9ucz17dzp0aGlzLm9mZnNldFdpZHRoLGg6dGhpcy5vZmZzZXRIZWlnaHQsc3VidWx3OmYub3V0ZXJXaWR0aCgpLHN1YnVsaDpmLm91dGVySGVpZ2h0KCl9O3RoaXMuaXN0b3BoZWFkZXI9aC5wYXJlbnRzKCJ1bCIpLmxlbmd0aD09MT90cnVlOmZhbHNlO2YuY3NzKHt0b3A6dGhpcy5pc3RvcGhlYWRlcj90aGlzLl9kaW1lbnNpb25zLmgrInB4IjowfSk7aC5jaGlsZHJlbigiYTplcSgwKSIpLmNzcyh0aGlzLmlzdG9waGVhZGVyP3twYWRkaW5nUmlnaHQ6YS5kb3duWzJdfTp7fSkuYXBwZW5kKCc8aW1nIHNyYz0iJysodGhpcy5pc3RvcGhlYWRlcj9hLmRvd25bMV06YS5yaWdodFsxXSkrJyIgY2xhc3M9IicrKHRoaXMuaXN0b3BoZWFkZXI/YS5kb3duWzBdOmEucmlnaHRbMF0pKyciIHN0eWxlPSJib3JkZXI6MDsiIC8+Jyk7aC5ob3ZlcihmdW5jdGlvbihqKXt2YXIgaT1lKHRoaXMpLmNoaWxkcmVuKCJ1bDplcSgwKSIpO3RoaXMuX29mZnNldHM9e2xlZnQ6ZSh0aGlzKS5vZmZzZXQoKS5sZWZ0LHRvcDplKHRoaXMpLm9mZnNldCgpLnRvcH07dmFyIGs9dGhpcy5pc3RvcGhlYWRlcj8wOnRoaXMuX2RpbWVuc2lvbnMudztrPSh0aGlzLl9vZmZzZXRzLmxlZnQrayt0aGlzLl9kaW1lbnNpb25zLnN1YnVsdz5lKHdpbmRvdykud2lkdGgoKSk/KHRoaXMuaXN0b3BoZWFkZXI/LXRoaXMuX2RpbWVuc2lvbnMuc3VidWx3K3RoaXMuX2RpbWVuc2lvbnMudzotdGhpcy5fZGltZW5zaW9ucy53KTprO2kuY3NzKHtsZWZ0OmsrInB4In0pLmZhZGVJbihqcXVlcnljc3NtZW51LmZhZGVzZXR0aW5ncy5vdmVyZHVyYXRpb24pfSxmdW5jdGlvbihpKXtlKHRoaXMpLmNoaWxkcmVuKCJ1bDplcSgwKSIpLmZhZGVPdXQoanF1ZXJ5Y3NzbWVudS5mYWRlc2V0dGluZ3Mub3V0ZHVyYXRpb24pfSl9KTtjLmZpbmQoInVsIikuY3NzKHtkaXNwbGF5OiJub25lIix2aXNpYmlsaXR5OiJ2aXNpYmxlIn0pfSl9fTt2YXIgYXJyb3dpbWFnZXM9e2Rvd246Wydkb3duYXJyb3djbGFzcycsJ2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L2ltYWdlcy9tZW51L2Fycm93LWRvd24ucG5nJ10scmlnaHQ6WydyaWdodGFycm93Y2xhc3MnLCdodHRwczovL3d3dy5wbmdwaXguY29tL3dwLWNvbnRlbnQvdGhlbWVzL3BuZ3BpeC9pbWFnZXMvbWVudS9hcnJvdy1yaWdodC5wbmcnXX07anF1ZXJ5Y3NzbWVudS5idWlsZG1lbnUoIm15anF1ZXJ5bWVudSIsYXJyb3dpbWFnZXMpO2pxdWVyeWNzc21lbnUuYnVpbGRtZW51KCJteWpxdWVyeW1lbnUtY2F0IixhcnJvd2ltYWdlcyk7PC9zY3JpcHQ+IDxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij5qUXVlcnkoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCQpeyRrd21Gb3JjZURvd25sb2FkPSQoImJvZHkgYS5rd20tZm9yY2UtZG9ud2xvYWQiKTska3dtRm9yY2VEb3dubG9hZC5lYWNoKGZ1bmN0aW9uKGluZGV4KXt2YXIgb2xkSHJlZj0kKHRoaXMpLmRhdGEoImZvcmNlZG93bmxvYWQiKTskKHRoaXMpLnByb3AoImhyZWYiLCJodHRwczovL3d3dy5wbmdwaXguY29tL2Rvd25sb2FkLyIrb2xkSHJlZik7fSk7fSk7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCIgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij52YXIga3BnX2NlbGw9Ik4iO3ZhciBrcGdfbnJjaV9pbWFnZT0iaHR0cDovL3d3dy5wbmdwaXguY29tL3dwLWNvbnRlbnQvcGx1Z2lucy9uby1yaWdodC1jbGljay1pbWFnZXMtcGx1Z2luL25vdC5naWYiO3ZhciBrcGdfbnJjaV9leHRyYT0iTiI7dmFyIGtwZ19ucmNpX2RyYWc9IlkiOzwvc2NyaXB0PiA8c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0IiB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiIHNyYz0iaHR0cDovL3d3dy5wbmdwaXguY29tL3dwLWNvbnRlbnQvcGx1Z2lucy9uby1yaWdodC1jbGljay1pbWFnZXMtcGx1Z2luL25vLXJpZ2h0LWNsaWNrLWltYWdlcy5qcyI+PC9zY3JpcHQ+IDxzY3JpcHQ+alF1ZXJ5KGRvY3VtZW50KS5yZWFkeShmdW5jdGlvbigpe2pRdWVyeS5wb3N0KCdodHRwczovL3d3dy5wbmdwaXguY29tP2dhX2FjdGlvbj1nb29nbGVhbmFseXRpY3NfZ2V0X3NjcmlwdCcse2FjdGlvbjonZ29vZ2xlYW5hbHl0aWNzX2dldF9zY3JpcHQnfSxmdW5jdGlvbihyZXNwb25zZSl7dmFyIEY9bmV3IEZ1bmN0aW9uKHJlc3BvbnNlKTtyZXR1cm4oRigpKTt9KTt9KTs8L3NjcmlwdD48ZGl2CnN0eWxlPSJkaXNwbGF5Om5vbmUiPjxkaXYKaWQ9ImFydmxiZGF0YSIgc3R5bGU9Im92ZXJmbG93OnZpc2libGU7d2lkdGg6NDAwcHg7aGVpZ2h0OjI1MHB4OyI+PGRpdgphbGxvd3RyYW5zcGFyZW5jeT0idHJ1ZSIgc3R5bGU9Im92ZXJmbG93OmhpZGRlbjt3aWR0aDo0MDBweDtoZWlnaHQ6MjUwcHg7IiBjbGFzcz0iZmItcGFnZSIKZGF0YS1ocmVmPSJodHRwczovL3d3dy5mYWNlYm9vay5jb20vcG5ncGl4IgpkYXRhLXdpZHRoPSI0MDAiCmRhdGEtaGVpZ2h0PSIyNTAiCmRhdGEtc21hbGwtaGVhZGVyPSJmYWxzZSIKZGF0YS1hZGFwdC1jb250YWluZXItd2lkdGg9ImZhbHNlIgpkYXRhLWhpZGUtY292ZXI9InRydWUiCmRhdGEtc2hvdy1mYWNlcGlsZT0idHJ1ZSIKZGF0YS1zaG93LXBvc3RzPSJmYWxzZSI+PC9kaXY+PC9kaXY+PC9kaXY+IDxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L293bC1jYXJvdXNlbC9vd2wuY2Fyb3VzZWwubWluLmpzP3Zlcj00LjkuNCc+PC9zY3JpcHQ+IDxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L2pzL2pxdWVyeS5tYWluLmpzP3Zlcj00LjkuNCc+PC9zY3JpcHQ+IDxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9J2h0dHBzOi8vd3d3LnBuZ3BpeC5jb20vd3AtY29udGVudC90aGVtZXMvcG5ncGl4L2pzL2N1c3RvbS5qcz92ZXI9NC45LjQnPjwvc2NyaXB0PiA8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCcgc3JjPSdodHRwczovL3d3dy5wbmdwaXguY29tL3dwLWluY2x1ZGVzL2pzL3dwLWVtYmVkLm1pbi5qcz92ZXI9NC45LjQnPjwvc2NyaXB0PiA8L2JvZHk+PC9odG1sPgo8IS0tCioqKiBUaGlzIHNpdGUgcnVucyBXUCBTdXBlciBNaW5pZnkgcGx1Z2luIHYxLjUuMSAtIGh0dHA6Ly93b3JkcHJlc3Mub3JnL3BsdWdpbnMvd3Atc3VwZXItbWluaWZ5ICoqKgoqKiogVG90YWwgc2l6ZSBzYXZlZDogMTYuMTg0JSB8IFNpemUgYmVmb3JlIGNvbXByZXNzaW9uOiAyMDY5OSBieXRlcyB8IFNpemUgYWZ0ZXIgY29tcHJlc3Npb246IDE3MzQ5IGJ5dGVzLiAqKioKLS0+ + mediatype: image/png + labels: + alm-owner-ibmblockcsi: ibmblockcsioperator + operated-by: ibmblockcsioperator + selector: + matchLabels: + alm-owner-ibmblockcsi: ibmblockcsioperator + operated-by: ibmblockcsioperator + installModes: + - type: OwnNamespace + supported: true + - type: SingleNamespace + supported: true + - type: MultiNamespace + supported: false + - type: AllNamespaces + supported: false + customresourcedefinitions: + owned: + - name: ibmblockcsis.csi.ibm.com + version: v1 + group: csi.ibm.com + kind: IBMBlockCSI + displayName: "IBM block storage CSI driver" + description: "Represents a block storage CSI driver" + resources: + - kind: ServiceAccount + name: '' + version: v1 + - kind: StatefulSet + name: '' + version: apps/v1 + - kind: DaemonSet + name: '' + version: apps/v1 + specDescriptors: + - description: Controller Image Repository. + displayName: Controller Image Repository + path: controller.repository + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: Controller Image Tag. + displayName: Controller Image Tag + path: controller.tag + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: Node Image Repository. + displayName: Node Image Repository + path: node.repository + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: Node Image Tag. + displayName: Node Image Tag + path: node.tag + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + statusDescriptors: + - description: The current status of the driver. + displayName: Status + path: phase + x-descriptors: + - 'urn:alm:descriptor:io.kubernetes.phase' + - description: Is the controller ready? + displayName: Controller Ready + path: controllerReady + x-descriptors: + - 'urn:alm:descriptor:text' + - description: Is the node ready? + displayName: Node Ready + path: nodeReady + x-descriptors: + - 'urn:alm:descriptor:text' + - description: The current version of the driver. + displayName: Version + path: version + - name: hostdefinitions.csi.ibm.com + version: v1 + group: csi.ibm.com + kind: HostDefinition + displayName: "IBM block storage Host Definition" + description: "Represents a Host Definition for IBM block storage" + specDescriptors: + - description: HostDefinition node name. + displayName: HostDefinition node name + path: hostdefiner.nodeName + x-descriptors: + - "urn:alm:descriptor:com.tectonic.ui:text" + - description: HostDefinition management address. + displayName: HostDefinition management address + path: hostdefiner.managementAddress + x-descriptors: + - "urn:alm:descriptor:com.tectonic.ui:text" + - name: hostdefiners.csi.ibm.com + version: v1 + group: csi.ibm.com + kind: HostDefiner + displayName: "IBM block storage Host Definer" + description: "Represents Host Definer for block storage CSI driver" + resources: + - kind: ServiceAccount + name: '' + version: v1 + - kind: Deployment + name: '' + version: apps/v1 + specDescriptors: + - description: HostDefiner Image Repository. + displayName: HostDefiner Image Repository + path: hostdefiner.repository + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + - description: HostDefiner Image Tag. + displayName: HostDefiner Image Tag + path: hostdefiner.tag + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:text' + statusDescriptors: + - description: The current status of the host definer. + displayName: Status + path: phase + x-descriptors: + - 'urn:alm:descriptor:io.kubernetes.phase' + - description: Is the host definer deployment ready? + displayName: HostDefiner Ready + path: hostdefinerReady + x-descriptors: + - 'urn:alm:descriptor:text' + - description: The current version of the driver. + displayName: Version + path: version + install: + strategy: deployment + spec: + clusterPermissions: + - serviceAccountName: ibm-block-csi-operator + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - apiGroups: + - "" + resources: + - events + verbs: + - '*' + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - update + - watch + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - apps + resourceNames: + - ibm-block-csi-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - csi.ibm.com + resources: + - '*' + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplicationclasses + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplications/finalizers + verbs: + - update + - apiGroups: + - replication.storage.openshift.io + resources: + - volumereplications/status + verbs: + - get + - patch + - update + - apiGroups: + - security.openshift.io + resourceNames: + - anyuid + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - delete + - get + - list + - update + - watch + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + + deployments: + - name: ibm-block-csi-operator + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ibm-block-csi-operator + template: + metadata: + labels: + app.kubernetes.io/name: ibm-block-csi-operator + csi: ibm + spec: + serviceAccountName: ibm-block-csi-operator + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - s390x + - ppc64le + containers: + - name: ibm-block-csi-operator + resources: + requests: + memory: 100Mi + cpu: 50m + limits: + memory: 500Mi + cpu: 100m + readinessProbe: + exec: + command: ["./health_check.sh"] + initialDelaySeconds: 3 + periodSeconds: 1 + livenessProbe: + exec: + command: ["./health_check.sh"] + initialDelaySeconds: 10 + periodSeconds: 30 + securityContext: + capabilities: + drop: + - ALL + image: quay.io/ibmcsiblock/ibm-block-csi-operator:1.11.2 + imagePullPolicy: IfNotPresent + command: + - ibm-block-csi-operator + env: + - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "ibm-block-csi-operator" diff --git a/operators/ibm-block-csi-operator-community/1.11.4/metadata/annotations.yaml b/operators/ibm-block-csi-operator-community/1.11.4/metadata/annotations.yaml new file mode 100644 index 00000000000..16f685c7982 --- /dev/null +++ b/operators/ibm-block-csi-operator-community/1.11.4/metadata/annotations.yaml @@ -0,0 +1,8 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: ibm-block-csi-operator-community + com.redhat.openshift.versions: "v4.13-v4.17" diff --git a/operators/k8gb/0.14.0/manifests/dnsendpoints.externaldns.k8s.io.customresourcedefinition.yaml b/operators/k8gb/0.14.0/manifests/dnsendpoints.externaldns.k8s.io.customresourcedefinition.yaml new file mode 100644 index 00000000000..447e06685b5 --- /dev/null +++ b/operators/k8gb/0.14.0/manifests/dnsendpoints.externaldns.k8s.io.customresourcedefinition.yaml @@ -0,0 +1,102 @@ +# Generated by https://github.com/upbound/olm-bundle +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/external-dns/pull/2007 + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: dnsendpoints.externaldns.k8s.io +spec: + group: externaldns.k8s.io + names: + kind: DNSEndpoint + listKind: DNSEndpointList + plural: dnsendpoints + singular: dnsendpoint + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DNSEndpointSpec defines the desired state of DNSEndpoint + properties: + endpoints: + items: + description: Endpoint is a high-level way of a connection between + a service and an IP + properties: + dnsName: + description: The hostname of the DNS record + type: string + labels: + additionalProperties: + type: string + description: Labels stores labels defined for the Endpoint + type: object + providerSpecific: + description: ProviderSpecific stores provider specific config + items: + description: ProviderSpecificProperty holds the name and value + of a configuration which is specific to individual DNS providers + properties: + name: + type: string + value: + type: string + type: object + type: array + recordTTL: + description: TTL for the record + format: int64 + type: integer + recordType: + description: RecordType type of record, e.g. CNAME, A, SRV, + TXT etc + type: string + setIdentifier: + description: Identifier to distinguish multiple records with + the same name and type (e.g. Route53 records with routing + policies other than 'simple') + type: string + targets: + description: The targets the DNS record points to + items: + type: string + type: array + type: object + type: array + type: object + status: + description: DNSEndpointStatus defines the observed state of DNSEndpoint + properties: + observedGeneration: + description: The generation observed by the external-dns controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/k8gb/0.14.0/manifests/gslbs.k8gb.absa.oss.customresourcedefinition.yaml b/operators/k8gb/0.14.0/manifests/gslbs.k8gb.absa.oss.customresourcedefinition.yaml new file mode 100644 index 00000000000..df8813528fc --- /dev/null +++ b/operators/k8gb/0.14.0/manifests/gslbs.k8gb.absa.oss.customresourcedefinition.yaml @@ -0,0 +1,464 @@ +# Generated by https://github.com/upbound/olm-bundle +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: gslbs.k8gb.absa.oss +spec: + group: k8gb.absa.oss + names: + kind: Gslb + listKind: GslbList + plural: gslbs + singular: gslb + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.strategy.type + name: strategy + type: string + - jsonPath: .status.geoTag + name: geoTag + type: string + - jsonPath: .status.hosts + name: hosts + priority: 1 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Gslb is the Schema for the gslbs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: GslbSpec defines the desired state of Gslb + properties: + ingress: + description: Gslb-enabled Ingress Spec + properties: + backend: + description: |- + A default backend capable of servicing requests that don't match any + rule. At least one of 'backend' or 'rules' must be specified. This field + is optional to allow the loadbalancer controller or defaulting logic to + specify a global default. + properties: + resource: + description: |- + resource is an ObjectRef to another Kubernetes resource in the namespace + of the Ingress object. If resource is specified, a service.Name and + service.Port must not be specified. + This is a mutually exclusive setting with "Service". + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + service: + description: |- + service references a service as a backend. + This is a mutually exclusive setting with "Resource". + properties: + name: + description: |- + name is the referenced service. The service must exist in + the same namespace as the Ingress object. + type: string + port: + description: |- + port of the referenced service. A port name or port number + is required for a IngressServiceBackend. + properties: + name: + description: |- + name is the name of the port on the Service. + This is a mutually exclusive setting with "Number". + type: string + number: + description: |- + number is the numerical port number (e.g. 80) on the Service. + This is a mutually exclusive setting with "Name". + format: int32 + type: integer + type: object + required: + - name + type: object + type: object + ingressClassName: + description: |- + IngressClassName is the name of the IngressClass cluster resource. The + associated IngressClass defines which controller will implement the + resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when that annotation is set, it + must be given precedence over this field. The controller may emit a + warning if the field and annotation have different values. + Implementations of this API should ignore Ingresses without a class + specified. An IngressClass resource may be marked as default, which can + be used to set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: |- + A list of host rules used to configure the Ingress. If unspecified, or + no rule matches, all traffic is sent to the default backend. + items: + description: |- + IngressRule represents the rules mapping the paths under a specified host to + the related backend services. Incoming requests are first evaluated for a host + match, then routed to the backend associated with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name of + a network host, as defined by RFC 3986.\nNote the following + deviations from the \"host\" part of the\nURI as defined + in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue + can only apply to\n the IP in the Spec of the parent + Ingress.\n2. The `:` delimiter is not respected because + ports are not allowed.\n\t Currently the port of an Ingress + is implicitly :80 for http and\n\t :443 for https.\nBoth + these may change in the future.\nIncoming requests are + matched against the host before the\nIngressRuleValue. + If the host is unspecified, the Ingress routes all\ntraffic + based on the specified IngressRuleValue.\n\n\nHost can + be \"precise\" which is a domain name without the terminating + dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name\nprefixed with a single wildcard + label (e.g. \"*.foo.com\").\nThe wildcard character '*' + must appear by itself as the first DNS label and\nmatches + only a single label. You cannot have a wildcard label + by itself (e.g. Host == \"*\").\nRequests will be matched + against the Host field in the following way:\n1. If Host + is precise, the request matches this rule if the http + host header is equal to Host.\n2. If Host is a wildcard, + then the request matches this rule if the http host header\nis + to equal to the suffix (removing the first label) of the + wildcard rule." + type: string + http: + description: |- + HTTPIngressRuleValue is a list of http selectors + pointing to backends. In the example: http:///? + -> backend where where parts of the url correspond to + RFC 3986, this resource will be used to match against + everything after the last '/' and before the first '?' + or '#'. + properties: + paths: + description: paths is a collection of paths that map + requests to backends. + items: + description: |- + HTTPIngressPath associates a path with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: |- + backend defines the referenced service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: |- + resource is an ObjectRef to another Kubernetes resource in the namespace + of the Ingress object. If resource is specified, a service.Name and + service.Port must not be specified. + This is a mutually exclusive setting with "Service". + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + service: + description: |- + service references a service as a backend. + This is a mutually exclusive setting with "Resource". + properties: + name: + description: |- + name is the referenced service. The service must exist in + the same namespace as the Ingress object. + type: string + port: + description: |- + port of the referenced service. A port name or port number + is required for a IngressServiceBackend. + properties: + name: + description: |- + name is the name of the port on the Service. + This is a mutually exclusive setting with "Number". + type: string + number: + description: |- + number is the numerical port number (e.g. 80) on the Service. + This is a mutually exclusive setting with "Name". + format: int32 + type: integer + type: object + required: + - name + type: object + type: object + path: + description: |- + path is matched against the path of an incoming request. Currently it can + contain characters disallowed from the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin with a '/' and must be present + when using PathType with value "Exact" or "Prefix". + type: string + pathType: + description: |- + pathType determines the interpretation of the path matching. PathType can + be one of the following values: + * Exact: Matches the URL path exactly. + * Prefix: Matches based on a URL path prefix split by '/'. Matching is + done on a path element by element basis. A path element refers is the + list of labels in the path split by the '/' separator. A request is a + match for path p if every p is an element-wise prefix of p of the + request path. Note that if the last element of the path is a substring + of the last element in request path, it is not a match (e.g. /foo/bar + matches /foo/bar/baz, but does not match /foo/barbaz). + * ImplementationSpecific: Interpretation of the Path matching is up to + the IngressClass. Implementations can treat this as a separate PathType + or treat it identically to Prefix or Exact path types. + Implementations are required to support all path types. + type: string + required: + - backend + - pathType + type: object + type: array + x-kubernetes-list-type: atomic + required: + - paths + type: object + required: + - http + type: object + type: array + tls: + description: |- + TLS configuration. Currently the Ingress only supports a single TLS + port, 443. If multiple members of this list specify different hosts, they + will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. + items: + description: IngressTLS describes the transport layer security + associated with an ingress. + properties: + hosts: + description: |- + hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + x-kubernetes-list-type: atomic + secretName: + description: |- + secretName is the name of the secret used to terminate TLS traffic on + port 443. Field is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts with the "Host" + header field used by an IngressRule, the SNI host is used for termination + and value of the "Host" header is used for routing. + type: string + type: object + type: array + type: object + resourceRef: + description: ResourceRef spec + properties: + apiVersion: + description: APIVersion of the referenced resource + type: string + kind: + description: Kind of the referenced resource + type: string + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + required: + - apiVersion + - kind + type: object + x-kubernetes-map-type: atomic + strategy: + description: Gslb Strategy spec + properties: + dnsTtlSeconds: + description: Defines DNS record TTL in seconds + type: integer + primaryGeoTag: + description: Primary Geo Tag. Valid for failover strategy only + type: string + splitBrainThresholdSeconds: + description: Split brain TXT record expiration in seconds + type: integer + type: + description: Load balancing strategy type:(roundRobin|failover) + type: string + weight: + additionalProperties: + type: integer + description: Weight is defined by map region:weight + type: object + required: + - type + type: object + required: + - strategy + type: object + status: + description: GslbStatus defines the observed state of Gslb + properties: + geoTag: + description: Cluster Geo Tag + type: string + healthyRecords: + additionalProperties: + items: + type: string + type: array + description: Current Healthy DNS record structure + type: object + hosts: + description: Comma-separated list of hosts + type: string + loadBalancer: + description: LoadBalancer configuration + properties: + exposedIps: + description: ExposedIPs on the local Load Balancer + items: + type: string + type: array + type: object + servers: + description: Servers configuration + items: + description: Servers holds the GSLB's servers' configuration + properties: + host: + description: Hostname exposed by the GSLB + type: string + services: + description: Kubernetes Services backing the load balanced application + items: + description: NamespacedName holds a reference to a k8s resource + properties: + name: + description: Name of the resource + type: string + namespace: + description: Namespace where the resource can be found + type: string + required: + - name + - namespace + type: object + type: array + type: object + type: array + serviceHealth: + additionalProperties: + type: string + description: Associated Service status + type: object + required: + - geoTag + - healthyRecords + - loadBalancer + - servers + - serviceHealth + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/k8gb/0.14.0/manifests/k8gb-coredns.configmap.yaml b/operators/k8gb/0.14.0/manifests/k8gb-coredns.configmap.yaml new file mode 100644 index 00000000000..207c446dddf --- /dev/null +++ b/operators/k8gb/0.14.0/manifests/k8gb-coredns.configmap.yaml @@ -0,0 +1,25 @@ +# Generated by https://github.com/upbound/olm-bundle +apiVersion: v1 +data: + Corefile: |- + cloud.example.com:5353 { + errors + health + ready + prometheus 0.0.0.0:9153 + forward . /etc/resolv.conf + k8s_crd { + filter k8gb.absa.oss/dnstype=local + negttl 300 + loadbalance weight + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: k8gb + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: k8gb + app.kubernetes.io/version: v0.14.0 + helm.sh/chart: k8gb-v0.14.0 + name: k8gb-coredns diff --git a/operators/k8gb/0.14.0/manifests/k8gb-coredns.service.yaml b/operators/k8gb/0.14.0/manifests/k8gb-coredns.service.yaml new file mode 100644 index 00000000000..9d8bf6b07bf --- /dev/null +++ b/operators/k8gb/0.14.0/manifests/k8gb-coredns.service.yaml @@ -0,0 +1,21 @@ +# Generated by https://github.com/upbound/olm-bundle +apiVersion: v1 +kind: Service +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: k8gb + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: coredns + helm.sh/chart: coredns-1.15.3 + name: k8gb-coredns +spec: + ports: + - name: udp-5353 + port: 53 + protocol: UDP + targetPort: 5353 + selector: + app.kubernetes.io/instance: k8gb + app.kubernetes.io/name: coredns + type: ClusterIP diff --git a/operators/k8gb/0.14.0/manifests/k8gb.v0.14.0.clusterserviceversion.yaml b/operators/k8gb/0.14.0/manifests/k8gb.v0.14.0.clusterserviceversion.yaml new file mode 100644 index 00000000000..689d640deb1 --- /dev/null +++ b/operators/k8gb/0.14.0/manifests/k8gb.v0.14.0.clusterserviceversion.yaml @@ -0,0 +1,341 @@ +# Generated by https://github.com/upbound/olm-bundle +apiVersion: v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"k8gb.absa.oss/v1beta1","kind":"Gslb","metadata":{"name":"test-gslb-failover","namespace":"test-gslb"},"spec":{"ingress":{"rules":[{"host":"failover.test.k8gb.io","http":{"paths":[{"backend":{"service":{"name":"frontend-podinfo","port":{"name":"http"}}},"path":"/"}]}}]},"strategy":{"primaryGeoTag":"eu-west-1","type":"failover"}}}]' + capabilities: Seamless Upgrades + categories: Networking + certified: "false" + containerImage: docker.io/absaoss/k8gb:v0.14.0 + createdAt: "2021-09-24 12:00:00" + description: A cloud native Kubernetes Global Balancer + operatorframework.io/suggested-namespace: k8gb + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: k8gb + operators.operatorframework.io/builder: operator-sdk-v1.12.0+git + operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 + repository: https://github.com/k8gb-io/k8gb + support: cncf-k8gb-maintainers@lists.cncf.io + creationTimestamp: null + name: k8gb.v0.14.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + cleanup: + enabled: false + customresourcedefinitions: + owned: + - description: Gslb resource for global load balancing strategy configuration + displayName: Gslb + kind: Gslb + name: gslbs.k8gb.absa.oss + version: v1beta1 + - description: Using ExternalDNS it synchronizes exposed Kubernetes Services and + Ingresses with DNS providers + displayName: DNSEndpoint + kind: DNSEndpoint + name: dnsendpoints.externaldns.k8s.io + version: v1alpha1 + description: | + **A cloud native Kubernetes Global Balancer** + + A Global Service Load Balancing solution with a focus on having cloud native qualities and work natively in a Kubernetes context. + + Key Differentiators: + - Load balancing is based on timeproof DNS protocol which is perfect for global scope and extremely reliable + - No dedicated management cluster and no single point of failure + - Kubernetes native application health checks utilizing status of Liveness and Readiness probes for load balancing decisions + - Configuration with a single Kubernetes CRD of `Gslb` kind + + Operator needs to be configured by setting couple of environment variables. This can be done by modifying + the subscription yaml in the web ui or via kubectl. Here is an example of changing the `EDGE_DNS_ZONE`: + + ```yaml + kind: Subscription + ... + spec: + ... + config: + env: + - name: CLUSTER_GEO_TAG + value: us + - name: EDGE_DNS_ZONE + value: mycloud.example.com + ... + ``` + For more deployment variables see [helm code](https://github.com/k8gb-io/k8gb/blob/v0.8.3/chart/k8gb/templates/operator.yaml#L53:L68). + + For more information see [k8gb.io](https://k8gb.io). + displayName: k8gb + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAMAAAADACAYAAABS3GwHAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAAB3RJTUUH5QgUCgoDCyeXfgAAarBJREFUeNrtnXd8HMXZx7+ze/1OvUuWLMuy5d4wxqZjeq+BAKGFJIQkbxJCgAAphISaQCoJIaEZBwKh92aaMeAY3JtcZMvqvV/fnfePPcmSbk86NZeEHx9x55292dnZ+c3O88xT4Et8if9hiP3dgP81vM+U7q9CgkAIHAV5srr8XXnB/m7c/yC+JMA+wkdMQ0ciwK0jjwLOlpAOIGzWVkfRuGUpxyx455G//bLpV3WN2LPS93eT/yfwJQHGGB+JEqRUABKBxRKuksjjgAQZOUcCis0aUJMTV9lzMx7zzJ32yrRH7qjv+GIzifOn7+9b+K/GlwQYIyxnGjo6CkqKRJ4k4SrgKAkuiTH0exOg+1PYrCFLcsIaW3bGEs/MyS/MWHpvdeuK1aQcecj+vqX/SnxJgFHGcmag0InElS7hdOBKiVwowQHGIB+IAAAIAVZL2JLo2WjLyXjCPXXis7Oevr+i4ZX3ZeZZi/f3Lf5X4UsCjBJWMBUIA9ZsCWcBV0iYD9hkz5CPnwA93y0WzZLo3mrLSv+ne2rRM1Me+HlZ0zufyLzLztrft/xfgS8JMEJ8xgyEEEKTeh5wnkReDsySYN07sIdPABn5n7Cquprg3mHLTPuXa9L4pybces22jtWb9YLvXLK/u+CgxpcEGCY+YzoYqsxC4CsSvgZMk0gVuge6gREToPu7lAiLKlWPe7c1K+3frokFS/O/fdHmzk07tIk3f2t/d8lBiS8JMESsZAaAAhRL5FeBiyVMlsaxPoN71AnQ/SklwmKRqsdVac1Ied41MX9JzldPW9+5dVd4yt3X7+8uOqjwJQHixH+YAQIVyRQJlwIXSmQRxlugz2CHwQigRY5JQET+L5AGhwYnQPc5EoSqoLqdNdb0lJecReMezzr7+NWdm3cGZ/zl5/u7yw4KfEmAAfAOR5NCC4BFImcCl0k4H8iXIGINdrNjxn86isOJvSAXx4Q8LKmJSE0jUNuEr6ySQG09ejiEEKqxZcbABOj5LiWoCorL2WBLT3nVOWHcYxmnHrWyfe3WwNyl9+7vbjyg8SUBTLCBQwgSBIQV5DwJV0jkOUBOrKVMLAIYA1/DkpRE8gmLyLzkDBIOnYk1PQVhs4AE3ecnUF1P6/LPqfvXG7R+uoaw14tAQYq9jygmAehFBEVBcTmabekpbzoKch5LO3bBisb3VnoP/+gJhPjycffHlz3SD6uZCWAHFki4EjhDQqbZun1gAhgzviU1heRTjiT7qvNIPGIuitMx4PXDbR00v/sp1Y8+T8uHqwh1diJQopdFZgSgHxGc9jZravK7jvycR1OPOuTDqqde6zxh97tfEqEXvuwJYAWzcBtfnRKOkMirgFMkpEJswdWcADoSiTUjjZQzjiXzynNIOGwWit02pDZpnV5aPvgPVY8+T/OyTwm1tUNvIgxEgN7fhUBx2jutKUkfOPKyHk0+bNa7W//wx/YLZM2XROB/nADrmE1kmHgkHANcJeEEiUyC2IPd7Jgx8MGWk0nq2YvJuOJsPPOmIWzWEbVR8/pp/fgLqh97gca3PibY3AIooChR7en92fO915tDsdu8lpTEFc68rEeT5k9/87W//KLlR3WNOP6HDe/+JwmwjlkI49aTgOMl8ioJx2IQYdDB3vuYRAcBtnG5pJ5/IhmXnYlr1mSExTKqbdb9AdpWrqfqsRdoeO1DAg1NIJSYb4Ke7yYaJcVu81uSE1Y6cjMfTZo37fW5D93e0L5pO4nTJ+3vR7PP8T9FgE3MISR0VClSMZY4V2IseVxDm+3pGfj2CfmkfuVk0i89A+e0IoSqxtUWPRAkUF2PYlGx5WQiLHH+Lhii/YtNVD/+InUvv4+/tt4oEH3fCD3fB1CpKjZr0JKU8IU9N+Px5LnTXpr7j1/VtqzaQOqCWfv7Ue0z/E8QYDOzaCORRDozJPKMiGXmAmkIu3FtVO09poOiYC8uJO3iU0m7+DQckwp6liSDQfcFaPtkDbWPPk/ritUIm4XUk44k+/KzSZgzFWGN780hQ2E61pdS9cRL1L3wLr6KGqSkTzsGI0D3p2KzhixJCevt2elLEqcXPz9/6b1V9e98IrNOOmJ/P7oxx381ATaLuQhVIMN6joRzMNSZcyXYYGg7tRINVBXH1ImkXXI6qReejL1oXM8SZDBoXT7aPlpF7SMv0PzuCkKtrXRvggHYsjJIP/M4sq88l8T5M+IWmqWm0bl5J9VLX6Hm2bfw7q5E6hKhKHETAEAKgbBYNGuie5M9O31pwtSJ/17wr/vKK//1usy/+PT9/SjHDP+VBNjCnO57ywfOl8YG1kyMDS0TwVEOsNzRERYLjpmTSbvsDFLOPxFbfnb8A7+9k9b3Vhoz/vsrCXV0ELGa6NcOQ56wpqWRdtox5F51LkkL56A47XFdR+o6Xdt2U/3Ua9Q8/QZdO8rRNR2hqnERoK8FqqpbEzzb7FmpT7onF/5r+u3/t7P503X6hG9+ZT890bHDfxUBSpkLAiElRRimCpcAUyWosQa72bHuzSthteGaN43Uy88i+ZzFWHMz4m5LuKWd1rdXUPvoC7Qt/xzN2wUoSMQgtkDG1S0pyaSdeAS5V51H8lGHoLqd8V1YSrxlFVQ/8yZVT75G59YydE3b+0YwvSbmFqgWVaoJrp32zLSnPcUFTxZ95+LStg3btCk3XL0/Hu+Y4L+CANuYC8a0OlnCVyVcjGGsFjFQiz3Y+x6ThheX3Y5rwUxSrzybpDOOwZKZGndbQo0ttLz+EfWPvkD7Z+vQ/D6Mpc5ebU1cxnAyspGWmEjKcYeR9/XzSDnuMCwJ7vgaIiW+PTXUPP8OlUtfpmPDdvRQGFQl9jX7H6OXBarbtceemfasu7jgiYLLzt7UuW13ePrPvr3vHvIY4aAmwHbmAagYZsgRAzUK6TFQG9wwzfjUjaWO04X78DmkXnU2CacciSUtKe62hGobaX7lA+ofe4HOzzeiBQORpo3QGjRCBNXjJuWo+eRedR7pJx6OJTkx7rb5q+upfXEZFU+8RNuaLeiBIKhq7Gv2+u3edoCwqKhuZ5UtI+UF94RxS8add+LajtJdoTn33TSGT3lscVASYKcyD8AidWZjrO/Pk8hxRAY+DGyq0Pe7juJ24z7mEFKuOoeEExaiJifE3ZZgZR3NL7xLw5KX6Vq3FS0UJHqNP3Jz6B4iOJ0kLZpL3lXnknHq0VjTkuNua6CuibpXP6BiyYu0rNqI5vMbWiMhhmCBKg0LVJezzpae8rJrfO7juacdvapt887ggn/8auwe+hjhoCFAmXUuMrLnJKU4BMkVUnI2kD00U4W9lplqYiLuxQtI+fo5eI49FCXBFV9jpCRQXkPzs2/RuPRVujZtR4bDGGv8eMyhh06Avd8lutRRHQ4SD51F3hVnk3nGcdiy0uLuy2BTK/VvLGfP4y/S/Okawl0+440gBrdAlb0KpCKwuByNtrTkN1zj8x7NWnzYp82rNviPfPHPB42ZxQHfyl3WqYATkA4pWYjkSinF6UjSZeRpxE8AQ7hVUpLxnHQ4KV8/G9eR81Bcjvgao0v8ZRU0/+sNmp58He+2MqSmYQx8eq7Q95pj4BDT/Sl1hM1G4typ5F52NlnnnIAjLzPuvg21dlD/zifsefwFmpZ/QaijyxCWB7BAjWqPBBSB4rS32lKT33IVZD+aefT85dVvfOQ9edWzBzwRDtjW7bbMBNUCSJeU4kgkV0nJyUhSpBTGDBQ3AYz/1PRUPKcfSfKVZ+NaOBPhiFPFqOkESnfT9ORrND/9Jr6yPUhd7+k+c2vQMSZAr9la6jrCaiFhxmRyv3Ym2eefhLMgJ25Vbbiji4b3/8Oex1+g4f2VBFs7EIq5BWrM9nQTwWFrt6Umve8al/VI2qI575f+/omOrwbXH7BEOOBatcs2H0UNASJBSo5F8nUpxWIkiTIyquIngGGZacnOwHPWsSRdcSbO+fEbqMmwhn/TDpqWvkrLs28TKK9CGtutAy6xzI6NJQF66tUNvb97ahG5F59B7kWn4JqQD0qcexZeH43Lv6D8sRepf/cTgk2tPTLCoATo/pQSBCgOe5ctJfEj57jsR1MPnfHOJ3+4tfWbNQ24cuJXJe8LHDAEqHTPIWxYGSRLyYmRGf9oJO4+Az4OAkh0ACzjsvGcu5iky8/APnvykMwMfGtLaXriZVqfX0awqjZSu4g5kA8EAvTUr+sIRcE1aTy5F51G7sWn4Z5caMzqcUDzB2j+bB3lj71I7ZvLCdQ3GyQaZC9B9irp/q7YbT5rcuInrrzMx1LmTnvjqgdva/qsdBeJJROGPVZGE/udABUJcyCkgUVJk3AqUlyFZJGUOE0H/AAEMAzUBJbxeSR85QQSv3YatukT4zZQk4EQ3i820fzYS7S+/AGhugYM/b355tWBSoBu6BEiOCeMI+eCk8m79AwSpsXfH3ogRMsXGyl//CWqX/0Af22jcV1lsGtHq5oVmzVgTU5c5czJeCx5dskri/7x6/qGz9aRuWjOsMbNaGG/EaAyeTbt19tJ/E0gCzhTSq5AcqiUwt49uOMngI5UBNaJ+SRcdDIJl5yKrWR83AZq0h+g67P1ND/6Eu2vLyfU2EQ8m1cHOgF6li264avgzM8h+7wTyP/aWSTOKon7jaiHwrSt20r5Ey9T9dJ7eCtrjYIYPglmBOj+rtisIWuiZ7UjJ2NJysxJLx7+2N3Vte+vJGfxwqEMn1HDPidAVcpMpNAQuiVPSnEOcAWSOVJi7T+4ByeADqqKtaQQzyWnknDRSViLxsW95tW9frqWr6bl0Rdpf/sTwi2t9NXo7P08qAnQ/e8IERw5mWSddRz5l59N8iHTUYYgE7Vt2sGeJ1+l8rm36SqvNmQipb8pthy0/YpVDVsTPRsc2elPJE0rfu6of/62Ys8L78rx550Y30AaJewzAlSnz0IKhNAoQHKBlHwNKWZIsMSa3WMSQNPBYsU2vRjP107D85UTsBTEb6Cmd3jpev8/ND/6Ep3vrSTcHnE3jKzxh+IQs/d79/EDmADdn1IipcSemUbWaUeTf8U5pB42G8URrwWqTse2Xex56nUq/v0mHTv29CFCPAToPkcxLFC32rPS/plUUvT0wr/ctqvyjQ9l8eXnxNWWkWLMCVCTMQuQClIUIblISi5BUiIlKjLycOIlQFgDmw3b7CkkXHYGrnOPwzIEvbfW2kHXO5/R8uiLdH30BVpXt4Ha0Aa72bGDiQA936VE13Vs6SlknnQkBVeeQ9oR81Dj3BeRuqSrrII9z7zBnn+9TvvWXREL1Hj2MXr9XxKxQHXvcGSmPZVYUvjUtOuu2N68ZrM+7ftXxP18h4MxI0Bt1iwjkJQuJyO5RErxVSRFUhojzhjccRIgrCPsdmzzp+O57CxcZx6NOoSdT62pjc43Pqb10Zfp+nQtus9Lt2WmcfmhOMSYHzsoCcBeIkgpsSQnknH8QsZfeS7pxxyKxRP/znhXeTUVz71N+ZOv0bppG3pIQ6hKfASgDxGk1ePa7chMfcYzsWBp8ZXnbmnbUqbN+em1cT/voWDUCVCfPRMQFomcjuRrUnIBkvFSGk9i70BnYALoEqnpCKcT22Gz8Vx+Fq5Tj0QZgu1LuL6Zzlc+pO2xV/Cu2oge8GO+xv8fJ0D3eVIidR1Loof0o+dTcOW5ZB6/EGtS/LZR3qo6Kl94l93/fIWWtVvRgsEerdOgBGAvIYWqStXjqnSkJz+XMDH/icKvnLq+bWtZ+NB7boi7LfFg1AjQkDcDhFCkLmcjxdel5FwkebEFWcwJoEdmfI8b+xHz8Fx+No4TFqEMwUAtXNVA54vv07bkFXxrtiBDQWQMy0yzY/+zBOg+FiGC6naRdvhcxl95DlknH4ktNSnuZ+Cva6TqlfcpW/ISzV9sQvMHQFFBxEGAXu3oDv3oyEh9MXnqxH8c/8IDaytf/1DPP/3YuNsyEEaFAA3jZoIiVDT9Cin5BZKCAVWXZgTQpTHwkxJxHL0A9+VnYz/mUJQh2L+H99TS8dy7tD/xOv6N25HhENFr/C8JEO81e4jgdJCyYBbjrziHnNOPxp4Rv39EoLGF6tc/omzJizSsXI/m9UV2l83bEd1G2UMEW3JiReq86bed/PrfHy9/8V2t8NyRa4xGTICGifPAGwCLcha6fERK0swHfAwC6EYnK8nJ2Bcvwn3Z2dgPn4cYggdUqKyKjqffpuPJ1wls3dXLQG3wwWh2bHQJYGzQyV7XGZQAEY0UMLTQiIwuAXq+S9B1DcVhJ2XedMZfdha5Zx2HYwhmDcGWdmreXkHZ4y9St2I14c7OvabYDEKAnkctcWSkNo077Zivb374iZevkXtGbGM0YgI0Tj4UIUSS7vU9hy6Pj2vzqnvG1yVKehqOE47E9bWzsC2YHbeBGrpOcFs5nU+9Rce/3iK4ozxioLZXJ71vCbDXzNroWQVhtaG4nSiJLtQED2qSB8XjQnHYEXZrZG0s0cMaeiCI5vOjdXgJt3cR6uhE6+hC8/rRg6EeEhmPTIljN3YUCdDrU9d1FJuVpFkljL/0TPLOOwFXXnbcIynU3knteyvZ+djz1H24imB7Rx8L1AEJEPlMmzP1nSP//usLOvdUt48/6/j4LhwDIyfAxEMQirJA9/vfQJepgxKge+BnpeM4+Vhcl5yNdd70+COoaRrBzWV0Ln2Dzn+/Q2h3VcRZxMQ4bMwJYIQ5RygobjfW7HTsRXk4SgpxTirEXpiHLScdS0oSakJk4NsiA1+Ivb0vAV1Hahp6MITuCxDu6CTU1Eaguh7frkq6tu/Gu70cb1klwfomwj4/RO67t7/vmBKg9zmajrCoJE4vpuDi08m/4CTchXnxW6B2eqlb/jk7H3uBmmWfEmhpj6E16vdspMSdm9lU8s0LTwl1ej9fMEKheEQEaDn2TLTtZQiH/Rt6IPQQUooBCaBLcDpxnHMy7q9fiGXmlPgN1MJhguu30/nEq3Q9/x7hitqIKYQS16AdPQIYFqbC7sBWkINr7hQ8h83CPXcq9on5WDNSUBz2uAdC3JASrctHoK4J7/bdtH2xibaV62nfsI1AdT1aMGg8zmHEBSLe80ysQaWmg6qQMLmQgq+eRsFFp+KZmB+/4Z3PT/2K1Wz581Kq31qBHg73Wxb1e15SYklw64XnnfSNmg9WPnrhjpEF+x3RU2pedCIpn7xNU9HcB2Qo/J0BlzyaRMlMx3Pz93BeeEb8tvjBEME1W+hc8gpdL3+AVtVtoKYMwR9gpASIRImwO7BPKiTh2PkkHn8Y7nnTsOZkxE3i0YbuD+CrqKVt1QYa3/2UlhWr8e6uQg8G94ZNHGMC9PSZbhgieibmk3/BSYy/+AwSpxQh1PiIEGxtZ8sfn2DT/Y8aHmo914p+XsKiknPcwj+d8vrfv++ta8Q1gtimIyJA06wjEEIk6q0dr0pNOyomAXSJSEwk4a6bcX7l9LhmR+kPEli1ga4lL+N9/WO02qbIOlEMwR9gpAQwHqo1LwvP4sNIPutYPIvmYM1Oj9veaF9BhjX8lbU0fbiKupeW0fzxagKNzfR+K4wlAXr6TjdkINf4HPLPO4nCS88kecakuEI/6sEQG3/zMOvvfBA9GEaK7qcT3a7U2VM/POH5P5/ZVVHTkXXEvGH328gIMHk+CDFV+gLvSl3PHegN4P7BN/Dc9F0YpCOk10/g0zV0LnkZ39ufoDe2IkXETsesbsaCABpYLDimF5Ny/okknXs8jpLCMZ/pZShsDJQRLp80X4CO9VupefZtal96j66yCmNg9l8eMfoE6P6mR4jgzMti3FmLmXDZ2aTMnYJiHVjWC3V08ck1P2f3029EQriYPC8p8YzPq5zxwytO0MNa6czrrhx2X8VnGB4DNyakgxBHEtauiK4r8hB1Hcu0ySTcfgPKAKE8ZKcX/7JPafvVX2i/71GCn29E+oORh9Z/QIzN7CsxXAtdh84k+5ZvkHv7d0k6/WisWWlxv8rNoHX56Fq3lYZn3qTp5fdwFuVjSenbF96tZWz74Z20fbIGGdawpiahuuJUBfeDYrXgGJdN+gmLyDz1aOzZ6QRqGwk2thjOMmYEi4d0QyGmEAghCLV30bRqA1WvfUDHjnLsqUk4s9JivhFUuw13XhaVr39IuMsb+1Erit2Vl/V+85rNpU+Ufj7sZzPsKa3l6FMJrVqHkpM5F2RsM0IhcJxxAuq4HNNi6fXjX/YJXY+/QGD55+htXUhFMaIU9J66xxQRx5FZU0m95gKSzzthSMGwYiHc3EbzG8tpeOpV2j9bT6i5BakI3LNLcBSN63Nux5ot1P37NaSmU/m3p/HMKiHrq6eTdcHJ2Idg8Nen6xUF96TxTPrJN8m7+HSq/vkKex5/ia4d5T3ywZhDEQgE/vomdvzjWSpeeo/ck49k4lXnkXHEPBSTt2ravOlkL15I2ZOvmE48QgjCXp/dW1U358mXH3xZSjlsQXjYBJBt7VimT7LrjS1zYp8kEYkJ2I4+zLRYb++k/Vd/xrvkBfQOrzHwLSqi1/JmbGEsfqwFuaR+83xSrzgba37WiGvVA0Fa3lhO9R+X0v7JGrSAj+7NLSEV0ExuTtcRUgUEutdP62draFu1gZqlL1Pw/cvIPP/EYb8REAJXYR6TbrmGnPNOYveD/6LyqdcINDT3BMgaawghQFUJNLVStvRlqt5czvQbr2bK9y+PIoFis5J7wuHs/vebSF0z7+NQGF9t45xHpbS1by8PDrddw1/UBoIQCGYgZUnMWVqXqOOyUSeMNy32vfAWXQ8/E3GJ3JcDH0BHcTlJPPd40q+/HOfsklERbAPl1VTd8w/ql75CqKMDgRLJrjoYel1bCAQq6JL2z9ez+du/oPm9z5hw67dxFRcMv3FC4JlaxLTf3kjWWYvZ8ZuHaXh/JXpY22dRG/YSoYWNd/+d1HnTyT4ueoJMnV2CLTUJf0OT+ZtK1/E3t07Z9e830/VQuHq47Rn+GyAUBEWZiJS5sU+SWCZPRDExopKhMIH3PoVgaO9yZ59Bxz51Iuk3XUXSV06KPy7QIGhf/gXlN91H+2drQRrW4JG7HX6lQkX3+ql67Hk6Nm5n8r03kHrcgtjnS0nX9nKQEtfEAtO1tmK1kHH8QpLmTKH8kecp+9NSfJV1PXFD9wWEohBsbqX2g5WmBHAX5OApyMVf1wiqOTmDbR15zeu3Tgy0dgybAMO649YjTwJfAHR9JpAwgKCCZcYUMEkXpDe3Ei7dtW/WoXuvirBZSL74NAqevY+UK84ancGv6zQ9+zY7Lr+Z9k9XI6Shrh01CIEQCm2fr2fjVTdT9+xbxqaiCQL1zay76hZWnnQ1m398L21rtkRso6JhS0um+Pormf/kb8k4PuKTu+9ewUiJYTLtD0S3LTmRlOnFkTA0pp1CuNOb2LmnZubmPz8xwHkDY1gEkB2dWOdOU9Dl3JgdJkG4HFinl5gWa7sr0arr9qE+XUfNTCPzju+T+7efYZ9WNErV6jQsfZVd3/0V/t2VvWb90YcQKr7yKjZ/71dUP/WqKQksHhfO8bl491Sx649L+Pzs77LlJ/fTWbrLdHALRSHtyHkc8sQ9TPzBZUYY9ogKc6whFEH7tt3465tN25U6dypKLBlFgOYP4q1pmPsNuU3pLB/eS2B4BAgGCZdVJCHljNgn6SgZaagTzdf/oY3bkB2d7Bu3ZB3HjEnkPXo76T/6Wvwm1oN2hKTx6Tcp//G9hOqbjHy+YwwhFIJ1jZT++F5qn38nqlx1O5n002tJnDkFJPgqaym7/1FWnfM9yv641Ah2ZQJHdjrT7/ghs373E5zjsg0Th7G/GXw1DXTsKDctTpk5GUuCK+ZbSWoa/sbmmQ2rNiS1bNk5rCYMjwDhMDIcLkDKwpgn6RJ1QgFKlonJrJSE1m8xfHzHevwLifuEReT98y48px0Zd6iUeND65gr23PAbwg3Nw+3KYd6TQqC2kdIb7qX5/ZVRxZ5pE5n08+9gTU4whE6h0Fm6i803/obVl95A0wf/MR3git3G+KvOY94jd5A0u2TMSSCEINzlpXndVtPyhIkFuHIyYy5vJBBoaS+s/WjVuKbVm4bVhiE/tZbDFkMoDLo+DWRsZbkAy/QShElmdL2tg/Dm7WPRp326R6iCxK+eSs4jv8Q+a3RTgHrXbmXPj39DsKpuON04YghFwbe7kq03/IaurWVR5VlnLyb/yvP6nC81nfq3Pubzi3/M9rv/TrC5zaRiQebxC5n/+F2kH7ugx7RhrCA1nZYYcoojI5Wkkgkx5R0BhDq60tp37pm255X3hyUHDP3JBfyEd1eClHOJpUWSIGw2QwA2gVZVS7i8alRn476Xl2BVSf7G+WT96aZR0e33RqiuiYqbf49v8/Z9suyJBaGotH2xiW0/+yOh1vY+ZYrVyoQfXk7SvOl9ZnKhqgTqmij95QOs/fqttK8vNa07aVYJh/zjdnLOOHbYAmZ8NyFo3byDgAkZVbuN1NlTYitKhCDs81u6qurmnv3ZM6ayxGAY+tMLhrDPmOwUUs6Oqd2TEpGciGVKsWlxeOtO9Ja2MdI9S4TVQsq1F5Fxzw9Qh+BEH1ftoTC19z9O29srhtV9ow0hFOpfWsaeB5+Omimd43Mp+vFVUetooRjR4mpeeo/PL/kxNS8tM13uuIvymfvAz8g75wTj92PAA6EIuipq6NxdZVqeOmcK6gCJAmUojK+hebaU0tlVXTfk6w/5CcpwGBkMZYOMvaaQEjU/FyUv27Q4tG6LsZE26pBgUUn+9ldI/9V3UJI8o36F1tc+ouGhf8d8Le9zCNBDGuV/fILm5dE2MVlnHkfWWYuRJu0VqkL7pp2s/dYvKHvgSVN1pHNcNrP/cDO5Zy82IvGNevsFwdYOWjduMy1OKinCkZ5i2n4wDOMCzW2Tty95IatpzeYhX37oU1g4jNT1SUhiryukxFJSjJIYHclB+vyENpYyJlAESVedTfrt16IkjpKmpxeCFbXU3PV3wq1tHABxhXsgFIG/pp6dd/+dUL+lhOpyMOF7l+LIzTAlrVAVAo0tbL7192y9/S+E2jujznHmZTH7dzeTffKRY6IilaEwzWu2mJa58rJIKMqHAcgXbOvIbtm0fVL1+58N+dpDIkDrocdCMAhSzgYZO2qSqmKZOdV0ja/XNqDtLB8D/b/Ec/4JpN/xvSGFUIkbuk7Dg8/QtWojIzSiHRMIRaVp2WdULX05qiz50JnkXXxG7N8Kgebzs+P+x9j0k/sJNrdGneMqyGH2735C2qI5o68dEtCyYZsp+awJblJmTo69/DI0Sa7OPTWz//PEb4csrwyJALKrE5GRZokIwDFOkgiPG8u0yabF4R270RuaDY+lUYOO85j5pN/7Q9SMlFGsdy86V26g8dEXjPsbkyuMQi+EQpT/9V90le7uc1yoCvlXn4eraFxMrY4QAhnW2P2PZ9l4430EG1uizkmYXMjs+24iYcqE0SWBUOgoq8BbZb6GT5szzdRqFIz3sB4M4atrnHujlKq3pmFIlx4aATQN6fWlIuW02CdJlOwM1MJ80+LQhlKk1zdqfSfRsZVMIOO312EtzB15hSbQ/QEaHniKYE0dB9LSpz+EotBVuouKh5+NGugJU4rI++ppAysehABdp/zxF9l4y+8ItbRHnZK6YCaz7roOe2ZqzHX50NstCDS20LalzLQ8ZcYkrMkJA2yI6fibWqdVL/s0tXGI+wFDm4Y1DXS9EMiPeY4uUSdOQKSZzMShsLEBNmpqNYmamkTqHd/FPn/ayKuLgY4PVtH66gf7VeUZf5dIqv/1Gh39N5eEYNylZ+CaMG5g3b4QICXlj7/I5l8+QLjTG3VKzhnHUnLD11Ht1lGzHdL8QZrXmssBnvF5ePJzYgvCSIIt7QV1n60trP34iyFdN+4n2rLgKIMAUk4HmTxQB1pmlCBs0T4yelML4W1lo2YAJywqyT+4BM85x45KfWbQvX4a//4sWls7B/Ls3wNFwVdRS+XjL0YNdE9JEdlnLR68DiFA09n1t2fY/rvH0YOhvsWKwsRvXUj+RaeO3mQmJc1rt5hqouypSSRNnRiTbAJBsLMrub2sYnrZs28MqU3xT2ntXTTt2mRsgMkYv5MgHHYsM6aaFocjBnBiNARgqeM67UiSvvfVMXXq6Px4NR3vruRAFHwHQu2Ly+jctKPvQUWQ99XTsGelDz5zC4EeCrH9vkepMrE5snhcTLvlGlLmTh0deSBiGOera4puikUlbc7U2G6pAjR/QPHVNsy9eMcy/CbyS8zLxn2m1MmYMjcBKWfFPkci0lKwFJsnQAtv3obs6GLEM6muY5mQR8rPvomSmjiyuga65WCI5iWvRBJoHDwQioJvTw3Vz7wRVZY4u4T0Yw6Nz8RBSsKdXjp37DEt9hQXMO3Wa7ClJIx4KSSEwFfbQMd2c8O41NlTsLidseWAsIavoXmWt7bB07Z9d9zXjZ8ARuSyXGBi7A7TUcfno2Sb+LBKaWyAxbBNH1Jn2a0kXfe1MV33g2Hv0/72JwfH2r8/pKT2hXfx7elrJqzYbeScf5LhXhnLkj1CjsTpxcz8zQ0UXXNhzMvknH4shZedPfL2CkG4y0fLenPDuMTi8Tiz0mMbxhkbYhN3Pfd2XsN/1sd92biebOu8BcYGiNRLQA4YEdUydRLCE70Jpbd1EN4ycgM4qWk4T1pEwmWnj7iuQe/7uXcJNRgJ8w42CEWha9tuGt5aEVWWdvR8EqZO7PMW6InyBiROnci0277HopceYNIPLx8wGrRitTDp/y4laeZkGOFSSGo6TWsiVsL94MxKI3FS4YA78KH2zszW0rKSqmWfxi0HxEUA6Q1CKASSOUhiG2ZYLFhmms/KemUN2p7qkRnASYklK43k6y8bm82uXgjuqaHtlQ/G9BpjDT0Uoua5t6M0OfasNDJPOtz4h5RITUOxWkiZP53pd/2Iw1/5KyW3fAv3hHFxKSw8RflM/v5lhs3OSJZCPYZxrVFFqtMRMYyL9VMjUkRXdd3sl1/5G8HWjrguGWceUQlulw0G2QBLTMBSEsMArtQwgBuRBkiC+5LTcBwZ3QytuR3NzLx3mOj8YBWB7XsOzuVPBIYb5UbaTeztM089GkdOOvbMNHLPP4l5D/+aRa/8hUk/vgrXhNhBbjV/MEorBDDuvBPIOmHRiMynDcO42piGcWlzpqLaY0fg0UJh/HVNcx+Q0hZoiW8sxBmZVgdNzwBKYp6jS9TcbJR8882o0PothhmFMkxtiq5jLS4g8ZvnRWl99NYOGr57F+HKOpKvuxT3qUcinHGGWTe7lC9A64vvIcNBDjbtTx8IQbCpjfrXPiS1X/jAlMNmMf/p+7F43HimFqEOEqtVhjWaP9/Ijj//E1d+DtN+8Z0+v7Emepj0nYtpWLHaMM0ezkQnBKG2Dlo2bid9QbSuJXlqEfa0ZLzdCbv7Q9fxN7VO2fXcW+l6WIvLRzLOTMkSBEVImRfzHSQl6uSJKCnJ0UVe38gN4BQFz2VnYJ0a7cvb8fTbdD7/LnowiH9tKe4zjyH5uxfiWDBjWOEM9fZOwnVNoFiQejgiK46yo/tYIZLwztgeEgiLhUBDC1LT+mSIV2xW0o6aP3h1mk77pu3seuR5Kp99C191A9YkD2mLZpPbb08h45hDyT3taHYvfXnYqmk9FKZ5zWbg/Kgy97hsPIV5eKvrY9YfbG3Pa1yzuSjYFl+kiDgJoIMiZgLmOkdJJALEVNOG6XUNaGV7hr/80XWsJRPwXHxaVFFoVzVtf3kGGQwZSSk7vbQ/9Tpd736G55zjSLryLByHTEXY48uBC2DJSGX8I7+ia9VGvF9sxrtmK/5dlYQbmtH8fqTUe8Wr3E/EkLInXn53/EyhqKgeF/bMNFwT80mcO5Wk+TNIPmx2n8EfV/WhMG0bt7Pnn69Q9ezbdFXUGNEpLCqh9k62//mfpB95SJ+8YardRtHXz6fmzeWGg8uw3gLQsn4bwbZObP3M2W1JCaRMn0zdijUxelwQ6vImdlXUzNr5zOsfx3O5QQnQNmU2FpdLBNvbBwjBKxEuJ+o08xWSYQDXZAjAw5GRhMB94clYJo6LKupY8grB9TvYK84Yofi0hhZa//4sHS+8h+vEhSRdfCrOI+egpsSxb6AI7CWF2EsKSb30dPQuH6HaRvw7K/CX7sZfugvf9j0Eq+oIN7UQbu9CDwTRdY3uDDFmUR17B+ON7kEJ6MY3KaPO7eXOglAtKA47aqIba3oKjnHZuIoLcJdMwDO1CFdRPrbMNFSnY8jcDHf5aFm1gcqnXqPm9Y/wVdcbV42kM5IYXmWNH6+h6sV3mfD1vjN12sLZZJ90BLuffHXIpDMetULHrgq8VbXYkor7F5I2dxqKJUagMQFaIIi3tnHu1b6N4spAUFoGWdoNSgCp64Q6O5OFZEbMsSulEQFignnUsvCGrUiff3gWoLrEMj4X9wUnRRWFtu6mc+nrGAPHLICugtbYQttTr9Hx0gc45k3Bc+YxeE5ahK2kECUeOUEIFI8Le3EB9uICkk4+AqRE9wfQ2joJNTQTrG4gVNtAsLqBYG0jocYWws1thNs60bxeNJ8fPRBCD4ZQXA7sedGuFNbUZOzjcpDhMMJmQ9htKE47qtuFJcmDNTUZa3oKtpx07DmZ2HPSsWdnYM1IxZrkQbHbhv2GlbqOv6qO+mWfUf3cOzR9soZgS5uR5skktDqAHghQ9vDz5Jx+LI5eOZtVu43CS8+k6tUPCXd2Db1NiiDQ1ErbljKSp0UrVFJmTsKa6CHY1mFad2RDbEbj6k3JwdaOQbeEB18CGWqtcTBIBIii8SiZ0YkKZChEaMMWQ5AeDgGkxHXqUVinRF++46k3Ce2owJj9YwdQEqjoXh9dH39B14o1NN63BM+JC8n+7fVYsuNPuL23SoHidKA4HViz03HN7Gv6LXUdGQwhg2H0YBDdH0AGQ+ihMMJiwVEQHSg45bgFzH3nEUObZrWg2GwojggRrFaEzRJ31pWhwF/TwPbfPEL9Oyvo3L7HSK6hKFG5faO6QFVpWb2Z6lc/oOjqvm+B9MPnkb5wNjVvfzwsWaDbMG78+dGTXsKEfNx5WZGUSiYEAAItbROq3vtsnB4IjgYBdBBiGhB7pAiwTJuCcERHgJBNLWjbdg178CspibjOOyFq/yC8q5rOZ96J3HI8s4xBBCkl4foGulasRjcxy5aBIDKsGRHjhjmjCkUxMuA47KjE55mmOOy4JhcO63ojgeb1U/PCO3TtrkJYLAg1njimBvRgkPKlrzDu3BP6yALWRDf5559E3fsre/IEDAndhnG+QJQ/sCM9haQpRTRvMHeh7I4U0VFWMa1pQ+mGwS414KhsnTILAgGA2BEgAGw21FgRIHZXotXUDW8w6Tq2+dOxHRK9udb16oeEtpUPdgsxYZ9UiCW73xtL16n/7eOUnfE9qm64n5Zn3sK3aQdaa8c+i5a2r+HIScdTMoHhCPJCUWn5YiP1H66KKss+YRGeovzh9ZsiaNu+G19dY3SR1ULanKmxPQq7I0XU1M855+N/oQ9iejPwG0Dq4HY50fTZsc+RKMlJWCaZmwiFNm9Ddq8FhygAC1XFedrRUZHc9NYOup5bBnqY4erpHTMnRcUFDTe10frs23St3Uj7B58hrHbUtGRshbk4pk/EOaMYx+RCbBPysGamoia4489ueYBCdTlJnDGZ+rdXDP3HAsKdPir+/Sa5px1tyCERuApyyVp8GG2lZUOmlhACX00j7TvK8RTmRZWnzp6CxelA8wdNeauHwvjqGudIKZ0NX2wc0PtqEAJIkDILKScPdI6Sn4eSaxIBQtcJr99sGMApQ9TH6xI1NxOnSSTkwH82Eli9leHO/kKxYJ8ZLWAF99QQqqhDYAEEMhQmXNtAsLaOzs9WG0Kh3Y6amoQlKx1bfhb2CXnYCnKw5WVizc7AkpqEmuRBdTsRdpuxrLCqPVqUAxGJM4oRVsvwPLxUhYaPvqBt805S5u41gxeKIOeUoyhb8hKaLzC0F4xh1kDzuq3knnB4VHHS5EIcmWl0llchzJbWhmHcpNLHns/SQ+HdA10qnlE5CciOWSol6pRJCJMIEHp7B+EtOxgWdB3bIdOwTOynWZKSrlc/Qu/oZHizv0RJ8GAvKYwqCZTuNpY7fZ5WRHbAiIuj+4No1fUEquvoXNO9xFTAYkE47CguB4rHiZqUgOpxoSS6URNcRpndhi0ng5xvX4RtBJkNRxuekglYPG5CMTQrA0EIgb+ukdq3Pu5DAIC0+TNIKC6gZV3pkFNMSU2nec0W9LCG0i/Euysnk8TiAjp3VcacA4NtHTmtW3ZO8tY27B7oOjEJ0FYyE6mFQVFmAwNHgJhuHr1Lr6xBqxhmBDiLiuOYBQhH3w2scE0j/g8+RyCGGadJYslMxToumtP+TTuNex5kuhI9m19789nKsIbs7ELr7ETWy35J+vam4VOTEkk55agDigDO/GzsmakEW9uHFaxM6jq1b6+g+NqvYk3aOxE6stJIXzSXlhixPwfsYyFo3byTQHMrzsy++heL20nqrBKq3/0k1o8JdflcnRU1sz976nfvDJRCaYCRKVGsVguSuQOdIzxu1CkxIkBs3YneOvQdQSklSmoS9oXR9iDBLzYT2lk5gqgSEmtBNmo/RxoZChPYUma6SRU/DFIYWWGMzDB7/yx7vx9gKyFbShLO/JxhB/sSikLrhu209fdAE4LMow/pIxvEDUXQVVljzPImSJszFcVmjZ2cKBjEW9sw51Yp1c6KmtiXid0CidS1FBggAoQuUbKzUMeb+8iHN2w2MsAMFRHDN4tJOiD/h5+PKKqEBGxF46IEYK2tg+Cuqsjs/r8F1eXAPSFv+BUIQbC1nYaPV0cVpcyZajiyDJFcQgiCbZ20xFB3pkwrxp6cOHCkiMbW6ZXvrkhtiuFsDwMRwKi3UEDspFRSohZPQDGJACG9PsKbtjEsSLDOmRqVVlVv7cC/clDV7sAdi8BqYu4brmsmVNvIQWHwNtoQAteEcSMLVqbpNK5YHeXU7hqXTWLJhGGpQ2W3YZzJIPcU5OIZnztApAgItrUX1P9nQ2HdZ2tjXsOUAG1TZhhVSKYDyQN1nGX6FDBJfqzXNRDeVT4szYewWrDNjXasD++qIrR9BEZ1gFCt2EziB4Wq6tDa9lXCjgMPrsK8mMGn4oIiaNu4A29lbZ/DFreT5DlThtetAlo2biNoEjHOlpJI8rRJA0SKgFBHV3LHrsrpO/71WuxmxyoIb9tOxAEmZgQIHA7UaeYbYOEdu5CNzUMXgKVEJHqwToveVwhu3IHeMkxb80ijhdOOJTfaqzNYXoM0CcnxvwJHToZh3z9Mjy6hKPjrGmnfHB3cKmVWCcpw9ksUhY6yyihSdV8vbe5AkSIEYX9A6aqum3tp2XsxN8RiDG6JpWSyB4i5ASalRElLQZ0YIwJEtwHcUKFL1Ox0LCZamuD6bchgiJHM0orHhcXExzW0p3Zsoh8fJLBnpmLxuEekAtD8AVpNND6JkwuxJnqGTC4hDMO41hjpj1JnlmD1uGM794c1/A3Ns7pq6j0Nq8yXzjHoIwE5cAQIXUcpLEDJMokAEQoR3rh1eFoFKbEU5KD0M1uW/gDBGKHz4q4aaWxS9fcnlpJQZR37OFfrAQVrUgKWpKEP0t6QuqR10w70ULjPcWduJo7MtGEF0dICQZpiRI5OLC7AlZsxcKSIlrbi3S++m1sfI1LEAARgCjBwBIgpkxHu6C0CvakFbXvZsIUqS+E4w5isd50t7YTLa0aYVEOipiQg+mmAZCBkeID9D0N1OQeMvxkXhKCrrCIqyrMtORFnXtawJ8TmdVvRTFYTjoxUkiYPLGAH2zozWkt3Tal4x9zUI4oA7VOnRyRrORtiR4AQVivqdPMIcNquCrSa+uGt1RWBZXy0kKrVN6M3tozYnEBJTkDpt7mm+/yEY2RP/F+B4rBhTU4cWU5vIfDVNhLol6pIcdhx5WcPr1JF0L7dPGLcYCmUuiNFdFbUzH7qlb+Zvimi3wBSoloUGwywARaJAKHGigCxpXSvAdxQYbGgjot2GNFqG9E7vSMmgJqUEJW4W/cF0Nv/dzVAAIrFgnWkGXUEhNs78dX2DVEuFIErL2t4GkGh4KttpG3bbtPytDlTB0yhpIXC+Oqb5i6R0ta8MToulekSSErShbEEMoeUKHk5qONMNk90nfCG4UWAkxLDAcRESNVqm5CBYWyq9b0CSpIH0c+2RO/yoXcNQ2D/L4KwqIagOqJKBJo/iL822ozZmZMxZHsgo07DTTNWKtXkKUU40mKnUOqJFPHC2+nNJoEZTN8AGMJv7K1BKVEnTUQkRfvX6m0dhLduH+ZkKg2jseToerX65lEIqyiidoDBELB1f+B/che4N1S3c8R16JqG32S5Yk9PiZp44oXUdZrXbkYPh6PK3LmZJBTlD6jBC7Z15DWu2VJUa7JT3YcAbVO7rR5k7AgQAIpirP/NIkBUVqNXDDMCnAThtKN4TATr5jakrhkCj65FckbpESf0vt/NjnX/mcULksEgMhyMuy45wPfByqU4cFWtRpwf2W0Gb6yZY/zFKpNhjYBJdGZbUoKx0TbMoAitW3YSMJHTrIkeUgdKoYQg1NmV2LG7aubGvz4ZJQdY+p4qkXYhRFAObADncqJOjREBonQHendgpCHfrEQ4bFEaIADrjGLscyKhuCUgI9agkn6Wl71r6x1dwdhhdpp4l1ky03AvmktgV1XPOrX37+hXf6yIDbLPUZPzpMRRNA5bzoDKtf0Gz6RCHDmZfTaN+tyLEP36t+9n973aTdJUWTwuFIsFDT9DXR50R4zr2FWJ08SKNm3OVBSrxVwd2h0poq5h3re1raKrur7PSX2lQQkiJJOAGTFbo0tEZgZq4XjT4vDGLUYc0eFEgIsk2MZkS9590Sk4Tz58SKo02b9ui2IaU9San03Bk/cYO8ExBbWR2YmCMUmqTjvqSNfaY4S8C08h+dAZyH56/J77HmzcSkBVcJt4cSl227CClBnXFQTbDcO4zIVzoopTZ0zGlpRAIEboTRnW8De2zGhatzUp0Nre2rssukWSfMB8exeM9f+E8Yj0aB956fUS3lTK8N5zEVgtpsKSsKio6WOTAA9ATfLAGOQVPpiguhwkTi8eeUUmUCwqyhAc7vtDhsLGhpiUUYPcU5iHJz8bf1NrzEgR/ub2wspln+RrgWBrn3aZXGsqEDsetgB16hTTZYpe24C2e8+IMkAKRRywroNfYvgYsUuogJaNpaaGcfbUZJIHTKEEoY7OtLbt5VPLX/ugT1nPSO2YNi0SAYW5QEzLJWGzx94A2xkxgBvBjY5a/rwvcUChO4TjsKEodOyqpKsi2jBOsaikzZkWW/FiRIqwdtXUz/3Wiqf7yAp7l0BSolhwImMbwCElIiUJtbjItDi8cSvSH4kAN9x7DWujn4g5Hui6aWKGUYeixFQHylB4FDNoxoZQVXOdvJToYW1Es5BQjIC8UVVrxnMVDFcR1G0Yt4OUGZOiylNnT8HqdhL2+szdc0Nh/PVNsxukdDZv2t7jUdVfCM4CYkeA0HWUceNQcky2tYMhQwDW5YgiistgCEz0vWMJvdNL3Z3/wL9xRy9NhxxQ4yGj/t/7wcqY5ytuF7nfvYSkI/oq2lo/WkXFn/5pxN7v9QDN2tADYa6J2Xu+iK5D10maO5Xim75hxA7thapn36LyX6/3Gf99fiv619/vuwRrkodpt1xDwqS+ShI9GDLINQJ0G8ZN+MqpUWVJkRRK7bGCMEuJv7l1cumSF7L0sLa7+3B/qhYD0XH7ekEtmYRIiBYW9aZmtB3DN4ADjMEXCEZMnvcdtI4u2l54B//WnZEEmH0HcG9C9D0eTYBodWnfunQ0nJMKogjQ/N5n1D37CsbsIUwHdvQxEYNovb+Lfu3T6dy+m/HXXNSHADKsUf38O1Q+/2YkLIxJXSKOdimCrMULowgQ9vqjtEtDhoTmdVsJ+/xY+pHXmZ1O0qTxtO0ojymCBts6c5o3biv21jbu7j5mAWifPg00CYKBI0BYVGP9b8IwrbwCvXaYBnC979EfQHaNXib5eCAsFhSbHVARKJHI+n2DLsqe+bRPa/t8i55v6fXrXnEkzE7RJQIVUOPrw3j7uf95mkC121D6LVOkrqP5AihYILJEi1qu9Kor1lJGqIqpujPU3mns5I7Em687YlxtIwkT+kYKt0RSKFW8+VHMfgh1eV1dlbWzP3/qgXe7I0UoAEJKsKAiBjGA83hiR4DYXIocqbGaAOnzRwzT9h2E1YJwOvjf8AeQqC5n1CCVmmYEsBpZ1ShWK/a0pKiiYHNrlJ/AkCEUfHWNtMdIg5o+Z9qAESj0YAhvXePcn8ig2l5WAfRWg+qkAjEjQEgpUbKyUPLHmdQ8fAO4fncIgaBh9rwPIexW1ATXyCs6SGBJcEcNFD0YQuvyjtAgVqI67dhSk6NKfLWNyJGODwHhLj9Na2MYxk0twpGaPECkCA1fY8u0ync/SW3aYBjG9Z4GxjNIBAiluMg8BVJbO1rpcA3get2fABkMo9U0jKyioV7XakVJGtuskwcSrCmJUQ7weiAUySY5kiSGEmtSAnaTDUtfVb2hIBlhhHep6zSt3YweCkfdg3tcDp7CPLpq6k2Tc0gg2NJeUPvZmvHhLl8DgNIV0ekLw/wh9larEKjTpppGgNAqa9ArR5gCtacyjfCempHXMwQIi4olPXmfXnN/wp6RGqWK1bw+gwAjGv8SR1Yatn7mJnowZOrYPhyIAQzjbMkJpM6YFHMlKxAEO7tSOnZXTS974W1jVSOBgFcSWf/HHMHCGTsChLZtO3rbSKI19EV4dyVyH6tCLZmp/E84xAiBPTvaoCzU1km40zsyl1MJ7sI8LP2seUPtXXgrakdlfAhF4K2so8MkYpwQgrQ502KbXQvQ/AHFW9sw79LSd/DVN6GAxOHGA8yMfWM6IjUVdUKhaXF4Q8QAbjQgQCuvRnZ0jU59ccKam3lQ5wSOF0JVcZikaAo2t5r63Q6pbkWQOKUoavnhr2/EV9tomLmM+AYEwfYOmjeYZx1NnTkZW0Js5349rOGrb5rZVdPgaS+r7HniuRh7AObQJer4AkRmtBmv7PKibR5hCtS+vUi4qh7NxKtoLGHNy0DYD+5Y/4NCGjb/jrzoSB6B2kZ0f3BEs7Rit5FkYkzXubMiknNsdN6wekijKUbEuMQJ+bjyMmPvqEciRZQ9/1Zu3X/W9hBgMpDJAFCnliBcJo4qdfVo5SMzgOsDIdCb2whvLx+d+uKENTcz4ojz36wKlVgS3Thyoh+1r7LO1OMq7pp1iT09xQiD2A+tG7dHhUwcEQQ0b9xuJMrrB0dGCslTigaMRRps78xs3bZrctUHK1Eiz3sOA0SAwGpFmWauIdV27kIfoQFc/5uT/gDBYYTUHgksWWlYUpP4ryaALrFnpGIz8bn27qkednRoAKROwuTCqOgPejBEy9otw0u+EQNCUejcVUmXiWCtWK2kz5kae7klBGGv395VXT/nmRf+ioKKHYMA5vclJSIpETVGCqTwxi3gH2IGkEE7UxJcvWWfhipUUxKx5mePgtvLgQuJxDk+Nyr6gx4I4iuPK7H6ABCkLZgZJQD765to27RjdNb/3VcSgkBzKy2bzSPGpc2eisXpiPkktWAIb23DnEeltCtIMhGDRIDIyUHJjY7VQzCItmnL6NswK4LQ5p1olXWjW+9Al3Q7sU8qGHlF8WA/2ny7i8dHbYKF2jrxjURLIyUWt5OMI6Jzqbdt3klXRe0IA5pFwzCM22xallg8HkdaSsw3moxEitj57JuZClDCIBEglOwscwO41ja0YUaAHghCKGg1DQRj3OBYwTGjOGKPMxJ054PpdoTXev2FAR1hM3ENlLLHgV5Kva+z+ShBsVjwTI02ZQ/UNuKvaxr2LC11ibtonBEFuh8aVqwm3DXyeE4m3UzLJnPZwpGWbJhjDNB3wbaOvMb1W0ssAg6RMPA2qNNpnvA4FIJAcPTV5wJkIID/w89xnX/yyCxMhwDHtIkoHidap3fA82SfQd4tNSjGjrLdGskT5kJJMPKD9Xy6XVhSEkk76/ioOj2zSvBMm4LuCxh2OcEQeiCIHgyjh0LIcBip6/RYl8qIaZ2I04NOStQEdyQlal94d1cOKz9Y7x7JPGo+zn7O/qG2TuqXfzFmb7yw14ce1qKmLGFRUazWGAaMxoZYqNOb2Lmn+hALsJDBLPh9vkimx76aHpGailoyCa1sz4h8AMwhCHyyBq22ATU3c+TVxQFbcT7WnAy07bvpbQfabcgsEQiLFTXBjSU9BWtOGtb8HGz5WdjysrDlZmLJSMGSkoia6DGyyTtsCKsVYYlkX48xyDLOPYHko+ej+4PIUBg9EOzZnQ23dRBqbCXY0EygvolAdT2B2iaCDc0Em1oJd3ShBQJGhvruR9yPGN27tC4Th/WOLWXo/sAwQ9lILB43OaceFXVvbZt30LZx+5hkuEcY0aEtJrGMNJ+fcNcAm3oCtEBA6appWGgBDhn4QgK9phbZ0YFI7as9EE4Hjm9cTnj9ZrTq2tFThQIoCqGdFQRWrsd17gmj34EmsGalYZ86Ad/27YCKUC0oSUlYx2XhKBmPY0YxjpJC7EUGUdTkBBSnY3gRz/p3s8USd+I8GdbQ/AG09k4CDc0EqurwllXStW03XTv24N1VSaC2kVBnl5G8D8MPwFVcEBWyRGoa7Zt2IHU5rMcndZ3kmZNIPSw6n1vtO58QbG4dHROZPm3WSZs3nSnXfNV0kHdV1+NrGDiOrG5EijjEwkDrfzAIUFmJtrMMS2q0+sy66FCc111L1233ROz4R1Ed6vPje/0jXGce12OjPpYQdhspF52C1tqBY2oRrgUzcM6ajK0gBzUlcfhhPUa7nRYVi8eFxePCnpsJsyNrbynRA0GCTa34yqvp3FpG+7pS2teX4t1VRcbxi1D6BTMItXbQubVs2EKqUFTyzlqMPS25z/FAUys1b31saBFH8d6lruPKy+TQu64neYq5a279ynUEWtoQYuBMor76pjwLg9jnCSGQbe2E316G5ZBDTNfj9gvOQisrx/e3xw3HmtGCEPg/WEVoxx6sUyaMvL44kHzRKSSddawRQnEsXt1jCSFQHHYceVk48rJIOXwuSEm400uwoRlbZnQoG295Nd7y6mHJWVLXcRfmkXvWcVFljZ+upXXjttFd/kS0TXN++h3yjl9kekqwrYPdLy1DhsOmFqG9OotQpxcFweC2x0IQfP1NwuvMkwwImw3nd6/GdvLiSMjCUYKiEK6oxff68tGrc7BbVRVjR3g0HlwkVKDuD6B1egm3dhBu7YgIs9Hnhts7Cbe2o3V0GcJwODyyzSkw8rgluHEV5Ufp6AFCre3owZBhqz/Ua0nIPfM4EiYX9jmsh8JUPPd2xLp0FPX/isKUb32VSZefG7Pe8peWUffJ6sGJJ0BY1AoLiH+DvJaB1i4ROcD/+z/j+s2dKCY2QUpKMu6f/ACtoprw2k3DiwxnBk2n6/l3cF92BmpG6sjrG0VITUf3+dFa2wk1thKqbyZU10iovplgfRPh5jbCbZ2E2zvR/X60iK3N+F98h9RTjupTl6+sktLv3k6ouQ3FaUc47Fg8LtRED5bkRKzpydjSU7BlpWHLTMOakYItNRnV40YZgQ1T6mGzmfXnn1Lz4jKaP1uHv6bBkAcGkWukLnHmZjD+0jOjBlvbhm3UvvvpqMqEUtcpOOt4Zt30TVSHuddX84ZS1v32H4R9/kEJoFhU3ZWZ9oIFwR+QHAocOtAPhKIQ/vgTAn9+EMfNN0RcCPtCLZ6A+6c/ouP7t6BV149OB6gKwbWl+N7+FM+lp49ahw4VMhAk3NRKsKIWf1kl/tLd+HdWENhTTbCm0Zi5O72G6lLXIjp9iHaw12n/dG0UAUJNLbR9ttpQR5o6xQsQCsJmQXE4sCR6sGak4sjLwlk0DndJIa7i8bgmjMOenW5Eeo5j9lXdTvIvPZO8C06mY+su6l7/kOqX3qNtfamhY48V0EpK8s49gZT+un8p2fPMG/hq6hGKMir76lLTSZs7lUPuuA5HjOiAvrpGVt16Py2bdsSllEgoyP2i4NSj/2KRYbkNwS3AYwwmEEtJ4JnnUQrHY7/ya6bLBNtRC3H/6Dt0/OLeUROKpT9A1xOv4Drj6H3muaV3egmUVeLfvBPv2lJ8G3fg37mHYF0jWocXPRzq2QcwBuxel3gjzHrvN+Bep/ju8CHmMJzyY00cEsNjLhzoINzWga+ihrbVG41CRUV1OrBmpOCcMI6EGZNIOmQ6CbNK8Ewej+oe2OVTsdtIml1C0uwSxl99AfXvfsKepa/Q+PEXxlKm13pa6jqughyKvn5elO19e+kuKp5/Z9Seg9R1XLmZHHLn9Ub0NxOEfX7W3vU3Kt5cjlAHIZ2UuLIzqnOPPvSWFffdsd2CKlCcLNO7uB24H3DH/LEQyEAA3wN/RxlfgPX4Y01Ps194FuGycrwPLhn5GhZAUfB/shbfW5/gvvDkUevcmNB0am9/kMZHX0Rr60ALBdkbF8IY7IbvgFkciH1g5hDR8feeWiQRr67dXry7K2l6/zOExYolJZG8i09n6r0/HtBhvDfsmankX3IG2WccS/27n7LroWdoWP6FsYRTFYQQFF5+Nsmzo2f/3f98hc5dlaMj/EqJxeVk9q3Xknfi4TFOkWx75FlKH/63adzQ/vXZkhK6MubPvP3Yh+5YNvlr56B4NmxB6xJSCvE48BdgYM9loSAbm/Dd/Tu0LeZ+AMJuw/V/V2M/+dhhZQiPrlAgu3x0/P059Oa2kdcXgZEZxiQEiyLQOrsINTYiQ1pPuJLuQX/A+o0JYUSeU1SEoiJ1nUBDE53bdg0r2p410UPeeSdy2L/uZ+4DPyN57lSkppE8ZwoTvn5e1GBr3bid8qdeH72dXyEo+dZFTLoyttBb+eZy1t75N8I+/6CDX3XY9bSZkx9cdM8Nj5U+/oLMO2aBoQJN2LQZNBkAcS/w8qANUxTCpdvx3nU/eoO544qSmoz71h9gmTUNRiPUoariX7GWrueXjagaqWkEtpXT9McnKT/3OqquvQOtpT2q4xNPPQrV6eZgN49WVAuZpxyFapIZJ15YkxMovPJcFj37e2beeR0z77gOV79EhjIcpuzvz9K1u2pUZn+p6Yw7/Rhm3vTNSOKOaLRs3M6qW+7HW9sw6DWFRSVpUuErE79y2j2ljz8fmHLleUb/dJ+QsGULUpeNEnEz8MVgDRSKQujDFfj++GDMhNiWSUUk/Pw6lNzMUXkTSH+Q9r88Q3j30E13pT+I9+M11H7/XspPuZaa635Dxzsf0/bCO3hXbYo6371wNo4ZxQe3ebQuceRmkn7CopHXheHvO+Wmb5B1UvRypGH5avY88+aoWH1KTSd1zhRD6I2h+fPVN/H5rffTsr40LqHXMy5n7bjjD7+l4u2PGxbe+eOe4/2MexTQZSlwE1A1YI2REGeBp54n8OSzMdf6tqMX4vnxtQi3c+SvRlUhuH4b7Q89G/dbRfoCdC37D9VX30bF2T+k+S9PEdxVGYnEZkHv9NLx+vKotlkyUkg+89gDecEz+L2jk3bsobgnj+0mYrC1g9LfPY6/oWnken9dx5mTwbw7f0TyNHMvXc0fYN3dD1Hxxkcw2OCXEkdGak32ojk3ffjbn24+6s+/6FPc59eJWzaBAGeCskwifgkMEqItIhT/6SGC78UOSef46tm4rrxw1DaXOh55Cd9HA7+kZCiM7+M11Fx9G5UXXE/bk6+iNbdFbrl3OwQd73xKqCLa9yDprGOx5mVyUC6DpMTidpFz/slR8XNGG+X/fIXadz8dZOc1vjarLiezb/02eScdEfOcbY88R+k/DKFXDFidxJrg9qbPmfqrxUt+887Fr7xNQn7f0LdRIzJx6xa87YAQS4hLKBboDU147/od4S3bzE+x23D/4GrsJx8z8qWQEGh1TbTe9QhaQ4wIcrpOy++WUnnOdbQ99Rp6awfdQWejqkMQ3FZO57KVUWWO6cUknnxEL3XnwQMpdZLmzyD16ENGXtkAaFmzhW1/eAI9GBx5ZUIw+Ztfofiq82ILvW9/zNo7H4wZBr03VLtNT5lW/LdDfvbdRzf99UlZeObiqHNMp+QtpYUgCSDEvRJeGrThqkJ4y3a8d/4utlCclkLCz3+AddZUc1OAoUBR8L23ivYHnom5FApX1qM1tUQ0OAN1lEAPB2n991tGIu7eJRaV1EvPwJKczMH2FlCsVvIuOQNrStLIK4uBUGsHW+78G507K0Ys+EpNJ++0o5l507diC72bdvD5zffjq4lD6FUUEovyXys86/i7dj7zun/Gdy417yezgwt5DRBIXTYhxC3EIRSjKATf/xjvHx4ykmSYwDK5iITbrkPNyRyhzZAATaftgafpemOFaVtSb7gC9wmL4pq9BQpdK9bS9cm6qDL3otkknriIg4kAUtdJmFVC5hnHjuk1dv7taapf/XBUBn/q7BLm3fEjHJnmQq+/vpkvbr2f5nVb4xJ6XbmZ63KPWXDzntc+aDj8/ltinhezpqTSjaBaQNNLEeJGoJKBIDCSEPzzOfz/fC6mwGs/diEJN1yDcDlHlg1FCLTGFpp/9heCW3dHFVvys8j8/Q04D50Jg5JAoLW307L01ajcBIrTTvo3zkNNTuRgIYFisTDuinNwjKEjUe2bH7Pt90uMiM8jCSYXEXrn3vkjkqfHFnrX3/MQla9/OPjglxJHanJt5vyZP/nwz7/YdPj9Nw+omRqwtuSt60G1YE9NfE+KOIRiIZB+P97fP0Rw2fKY5zgvPQf3VRcaPqgjGlMKwbVbaf7pA2hN0Rtk9ukTyX7gZuyzSxicBArtb3yM9z8bo0o8R88n+YxjDgpZQOoaiYdMJ+eCsdsxb9u0gw0//QP++uYRRXuQUmJxOZh5yzXknXxkrJPY/ujzlP79mcEnTCmxeFze1JmTf33CM39467LXPyRj/swBfzLouyR52wb8TR2GUCzEAwwmFCsKen0jnb/+PeEt201PEXYbnuuuxnHKKAjFKHS++D4tdz+K9EcLYo5Dp5Pz4E9xzCpBDth0QbixmaaHn49+CzhsZHznYmw5B7hGSEpUp4Px134V+xgl4/bXNLDhJ/fTti4+/ftAEEJQfPVXKL7q/JgCbdU7K1h351/jEnoVm1VPmlT495k/vPLhtfc8JAtOO2bQNsR1Byk7NoJOEMRvELw46A9UhfDmbXT++vfoDU3mF05PIfEXP8A6a8rIk+JpOm1/eZq2v/7bNEeBc+Escv7xC5zzB14OCQRtL39A5/LVUWWew2aSdvnZwIFLASl1Mk48guwxciENtXWy8ed/ovatj0c8+KWmk3vq0cy8+VuoTnOht3XzDr64+X681YMLvSiChPF5rxecfuyd5a+855/7k2viakf8d+F2IyWGUCz4fPCaFYLLltP1+7/HDHBlmVJE0u0/RM3JGOGbQKB7/TT96iHa//mGqfzhPHQ6eY/+EvfxC4k9hAXh5hYaH/hXlEYIRSHz2otwHzKdwZdT+wG6xJ6dwYTrr8QyBpnoNa+frXc9RPnSl0e8oSk1nZRZJcy94zocJl5qAP6GZr649Xc0r90Sn9Cblb4+6/C5N1e+9XH9UQ/eHndb4iZAyvqVxkaWJreBuEnGKRT7nngW39LnYwvFixeRcNO3Ri4UI9Bb2mi46fd0PLfMdIzbZxST98gvSb70dLAYyfCia1Fof/Nj2l56P6rMNj6X7J9cjZqYwAH3HlAVCq65iJQjR1/vr/kDbLvvUXb8+Z9GKtmR5IHWdZzZ6cy98zqSTdKddl9vwz1/p/K1wYVeKSW25MTatLnTfrLi4bs2Hv7Hnw7JHGNIW3f3NNdxU1oOCcXjdgWa2tuBxUhs5mqAiOlwMER4wxYsJZOwFJlEXhMC67RJ6K0dhD7fEJ2Ls6eugf6997je2YX/k3VYJuRhn1IY9bDUpATcixegWCz415WiBwL96hPIcJDgnloSTzkCtZ//gaO4gHBTK50r1zMcSCTJxywg+bjD+hwPVNVR+8TLRnuGmCRP6hppJyxiyl0/wuJxD/7bIUDzB9h+/2OU3vMP9MDIokcjJRang1m//B6FF59hPlClZPsjz7Lh7r8PrmEyzKV9qTNLfn7qW488lTNpHgWnDr7u740h713f01LHD6ULFGUTunQDi8w9OCItFwLZ0UVo83ZsCw9BMTFuEhYLtjlTCZXuIly626ST4yWAUaZ1dOL7eA3WvCzs04qi6lMcdlxHzsVeXEBg407Cjc396hWEqhsQNisJxy3os/4Uqopz1mS8a7YS2FXBUHWAo00Aqes4C8cx/c8/wx0jSsJwoXl9lN77MKX3PmzkDhipKYsQTLrmQqbfcDWK1dyNs/rdT/j8+nsJtLQNej3FatWTJo3/27Tvfe3e3c++FZr5wyuG3KRhGW/c21LHTcmZGkJZg6QY0+R6vR6iEOh1TWiVtdiPWWgYxvU/2+3EOnMygU/XotU09hsEQyGAIczqHZ14P1qNkpKIfdakqFepUBUcM4pxHzufcFMbgR17kFq4V90S/9ZduGZNxt4v562a4MY5tYj2Dz8n1NwyaHt6YzQJIKXEkuhhyt3Xk3nmcYP/ZggItbaz5fa/suP3SwzXyHgj0MW6b00n99SjmPebG7ElJ5qe07ZlJyu/ezvt28sHXfoIIfAU5LyRf/oxP25evbn1iAd+Pqx2Ddt66d7Wem5MzPQhlHVIFhLlTtmvs4RA27kHGQphO+JQhCXaQEvNSMVSmIv/g/8YGWKEMK8rrgEn0L1evB9+DkLBMW8qwhY961gyU0k8+QisORkEtpWjNbfSvXzTfT4CZZUknng4ar+8V7a8LOz52bR/sAq9qyvONo0iAQDFaqHohqsp+M4lIzdE6wVfVR0bb7qPXf94DhkK712qDJMAUtNJnjmZQx/4GZ6ifNNz/I0trLruLmo//E9cQq8jM21D5qK532lavbnslDf/wS9/+cthtW1EvXZjZgH4A02o6g6kPB7oRW2TQSsloU3bUdNSsM6dbtqhlqJ8hNNB4KPPI5nFBcMjgAE9EMS3Yg3h+hach0xFSYheIwu7Ddf86SQsPgwZCBHYWYke8AEKoco6dH+AhOMPiwqM5Zw8AWtaMu3Lv0D3++Nq16gQQEqwqBRccxETf3btiJxd+qNt7RbW/t+vqXlxmaG3EH3f5EOGruPITmP+H24l48h5pqdogSDrf/VXypa+FNe9W5MS6tLmTvv+shf/8vElb7yAK3v4ex4jIsC9zdXcmJFP4hlH7A6UVrRFSBBxPDUbtIZQHFq/FevU4phCsW3GJPSWDgKrNhK7rvggEEZ+2DVb8K/dhn1aEdZckw4Toudt4Jo3hXBjuzH4tRD+TTuxZqXhPnRG1G9cMydjSUmk49O1kRxbA7dtxASQEmFRGPf1C5h0xw+xjlKQABkOU/PiMtZ979c0r9yAUBQTUWyIBIhszM38xfcovCS20LvjkefYcPdDxgbkgPcOqtPhS55S9IvT33/iyZyUCbLwnJHteYz4vXlvSw3frwuBRd2ErruRLAKUmINWCPSOLsKbd2A//BCU9AGE4q27CG/bbSJjD3UmMkwugmUVdL33H9QkD/YphabLMGFRsU8eT9KZx+AomYDW2EYw4oGWfN7xUb8RioJ77lRsOZl0rtxAuLNzQCeaERFASoTDRsG1lzDp1z8YNUvPYGML23/zCFt+/id8FbWxlyBDJYAQFH/rQqbdeDWKzVzorVn2KV9cfw+B5tbBY/lYVZkwYdxDU7554d1lz7wRmvfz74343kdl4fibtlpu9GRqKMoapCxGMm2gWVsIgVbbiFZVh/2Yw0yFYsXtxDZzEv5P1qLV9Pc0GmYcSwRaSyud73xGuKoB+7Qi1FTzQaQ47DhnTybpzGNxL5xF0pnHYC/INb20UBTcs0twzZiEd8N2gnUNPVfsj+ESQEoNa1oKE396LRN+8s1R2eySuk7Lp2vZ8MO72bPkJbTBAkoNgQBS08k95Ujm/uYGbCkxhN6tZYbQu2334Ot+IXDnZr6Ve8Lh1zdv2NZ69D/uGPH9wygGNb8xpxAZCPlQlLVIFiIHF4rDO/cgQ2HsR843F4ozU7GMz8P//mBC8VAgkKEQvtWb6fzgc9QEN7bifEQMtZzicuCYMgFbXuYg2leBo7iApOMWEG7uwL+jHBkORbV1yASQEgQkHjKDKb+7mdwrzo47vMlACNQ3Ufanf7LppvtoXbM5Pi1PnASQmk7yjEnMf+DneCaaC72BxhY+v+5uaj9YGZfQa09L2ZS+YOZ3mj7fuHP+3T/itw8/NOI+gFEkwG+aqrghJRdCejOKuh3J8UCv6dVkVtMhtGEbanoKtnnmQrF1Yj7CYcf/4UBC8VBh1BGua6TjrU8IlO7Gmp+NJSd9xLbt1vQUkk8+AvuEcQT31BJsaELKve2OmwDSyBZjz85g3LUXM/m3N5K0YNaI26f5AtS//iEbr7+HiideItzWEVnvD23zLRakruPISuOQP9xCxlHmu9JaIMiGOx6kbMmLcQi9YE1w1afMmPSDD954+KOzHv4b4044gtHCqMYc/01bLTekjSPxa6fsDqzf0YaUi+nJPmnujihDIYLrtmKdNgmLmYqsRyhuJ9ATvWG0HNUFhML4N26j/bXlaA0t2ApysKQljUjnrdiseOZOJeX0Y7DnZaG1dBBqbkMPB5FopBy7MJoA1fXULn0Rze9DqBachePIvvRMJt19PTlfOwtr6sjW+3ooTMtnayn9+Z/Yfu/DdJbu6ptEYzQIICWq087MX3zXiBkaQ+jd+egLbLzzb+iDCb1IVIfNnzhp/G1nfPL00gxXniy5+isj6oeoWxrV2iKoz58HqmqTgeBtUtNvRKJKaQiiMpJwxfg0YmDKsI511hRSH74La4zwd1pdE43fuA3va8uRQt1bB90xN2XPd7Nje4/3jdW595ix1LAVFZDytdNJueRU7MUFo+LIH2pooX3lOlqXfYZvezl5P7yclH6hSkINzey4+XfoPj/Jxy4g5ZhDcRblR4UeHCr0YIi21ZupePR5al56j0BdoxGzs3snuftEYRaPtG9/9j4nqizyWXzNRcy55/qYqtnaZZ/yyddvxVtVh1CEaR09UFXpGZ/74KSvn/fjzl2V3sOHYOQWL8Ys5kfduHkgRKoMhR9E078yEAGQBgkcpx9H6l9uQ4kRADW4cQcNX7uZwLrtINRRJkD3dx0pBPYJ40g6/wRSLjwZ56zJpptoQ4aU6MGQoRExmfn0YMhYjoxCMpBwZxetn66j6slXqXtzOYG6pj7r/KgBN0ICSE0n55QjWfDwr3Fkm2e6aS/dxYrLbqLpi00I1bwdvdvjyE5/K+eYBVcFmlprTnx9dNb8/TFmBGg5+lwC23YhVGWSDIWXSp0FAxJAN5rj+e6lJN32fUSMENje1z+m4erb0GqbkBFj1tElQPfvjOjOlsx0EhYvIPn8E/EcORdrVtqoxrwfTUhNw1deQ+O7n1D7/Du0fLbOiDYdifA80Ow9EgLomk7S9GIWPnEPybNLTNsWaGpl5bd/QcUL70beqtHPq/enLSVxc9r8GZc2r9269vytb2AdAxNvGIPUdt24p3wrN2YXoXd0NQurdQeSxcjeQjFEaUikJLR+O2pGKrZ508yF4uJ8hN2O/8MvegnFY4GIOUSXF+/GbbS98gHtb63Av9OwAlcT3YYjx34mgwxrBCrraHz3U3b/fgk77niQ6idfpWvbLuONMkBivr63O7xzpC5xZKUy7/c3k3H0fNOf6YEgG+94kLLHXxxc2JZg8TgbkiZP+MHn7y/58Ph77yFrDEy8e25pzGqOoK7ocDJ3rqA2e95VaPofpC4TTN8A3W8GTaJkZ5D20K9wxAjpJ30Bmm76A21/ftr4DWPxBoiuq9snWHG7sU8ej2fRbDxHzMU9Zwq2cdmoCa4xJ4TUdCM0+q5K2r7YRMvHq2lbtQHv7iq0bnMMZe+bMa6ZPd7z+r8BpESx25h5xw+Z9H+XxtRQ7fzHs3zx43sId/l61WH+BhA2ayChKP+Ws9e//Pt1v3xAn3PbyDe7BsI+mb5qxy0Aq8Umu3y/kJp2EzpqTAJIgQzr2OZMIe2xu7DGMPHV6pqov+o2ut74GFD2CQF6f+8mhGKxoWak4iguwDmjGNfMSThLCrGNy8aSmoTqcaHYbEPOwSU13UiV2tlFsL4Z/54auraW0bFxG50bd+DdXWVolrotWHsP+t73N5YEACZ+60Jm3/vj2ELve5/x2VW34K2q69fG6D4WqiJdeVkPFZx/8vXe6rquY5b+dkh9Nhzss/d3dc4hCFVNkYHgg4T1CwcigPEm0HGeeRxpf/1FbKF4/XbqLr2VwMbt9E5Q0f0ZiwBmx4ZCgOhj3VneAaGgOJ2oKYlYM1OwZqcbfxmpWNKSUBM9qC4nwm7r2QDSu/OIdfmMnMBNrQQamgnWNhKobSTY0Ey4tcPIBSyN6wihmg7afUUAqelknXyEIfTGcMBvL93Fp5ffRNPnm/okrjAlgBA4MlLeyTxi3pX++ubqUz54YjSG3aDYZwSoKToK2dWFUJRiGQz/U2r6ggEJYPQ4Cf93Kcm3/x8ixu5n12vLqf/6LwnXN0G/1EJj9QYYvH7Z5/vefwtAMd4GQkRUkRIpjQ0kY3D3vc7eDTTR87S6B2P/9vT93dgRQGo6idMnctiSe0junyIpgkBTK6uuvY09z7/TszQaiADWRM/W5Fkll7RtLVtzYfXyUYkyHQ/2WR7QnLLlKBlp6F7/DizqjShiz2C/kbpOx0PP0rkktiO2+9QjSbnlaoTTTt9Ht/8genarFQRqvwQbkcGuachw2EhkrWmR+zMyzwih9vwhDA3OAaN40iX2zFRm3vHDmINfDwTZ+ttHqHzpvbh2rlWno9FdmHfze+8vWTPr5m/ts8EPY6gFMsNv68v4cXYxOZUryzvv+3srOscj6RcTo5/RWyBEYM1WbDMnYy0aF12pENhnTUJvbMX/+eZ9eTtjh9HS2ozBeYrDxrSfXcv4y86KOVB3LXmRTXf8zQiYO1gsH6sl4B6X9avFz//5sUyRLufc9n+j1o3xYJ8SAOC+tgquefhtFJdzswyGnUj9cPq8iaKN5vS2LkKbduI4+hBUE3lAWC045k0lsHEnoR3l7MOV3djgACbAhKvPZ8rN30S1mS9J695fyZof3Y2/sSWOWD6KdGSlPZpzwuG/3vPye8EjH7t7tHowbuxzAgDc117JdY5sDatlDZo+EV1O31tqam+MVt1AuKoB5/GHGVnc+0HxuLDPLMa3fA3hhiYOahIcgASQmk7WSYcz57c3YYthl9SxbTeff+/XtG8pi8PCU2BLSXwvde60H3ZsL286adljo9uHcWKfyQD9YcnORAZCLcJmuxVFWTnoDxQF7ysf0nbvo8iAeSx6++zJZNz9fSyZqRwo8sB/A6SmkzhtIjPvvA5HrrnGJ9jcxvqf/ZHmzzfGZd5s8bhKE4ryb2r+YlNVwbkn7rd72y9vAIDf1m7jhtwphJvamoXDvh1NLkbKpNgxhgBdEly3DTUrDfu8qaazlq04H2Gz4v3wcyOI08GIA+gNIHWJPSOF2b+/mYxjF5ieowdDbL7zIXY99nxcl1Lttib3+JwfvvrF8++d+atfMuPGb456F8aL/UYAgPuad3FD4Qxy9ywv77jv4VZ03UQoht7xeggECawpxT4rtlDsmDUZrbEV/+ebOChxgBBASonqsDH1Z9cy/oqzYwq9u5e8xOY7HkSLI3CWsKhBZ07GHXPv/NGjhfZceci9N4xpVw6G/UoAMEjwrUfeQ030bNL9QSdaf6EYomIMtXUS2lyG8+hDUNOTo+rcKxTvILhzDwedPHCAEACg8OvnUXLLNagx9mHqP/gPa350N4GGlkFNx4UisKelPJZ19KG/ql/+eeDY5/44Zl0YL/abDNAbeRXLCbd1hYTbeZ+wWJ4bvNUKgS+20HTLn9EaW01PseSkk3nPD7BPm8gBGcz2AIfUdDKPX8SUn12LxcRnG6Bjeznrb/4d3j21cen7rQme9xMmjb+tZX1p5+I3xsa8eag4IAgAkLt8KbLT3yKc9p+iqoMIxQKEQtfLH9B672MDCMUlZN71A9SML4XioUBqOglTi5hx13U4Y2SZCTa3sfFnf6R51Yb4hF6Xc7urIOem5lUbKyd98yv7dLNrIBwwBFAnF2HJzyHc3LEDu+1GFGXQnWIjL8C/6Vjyaszx7TnjKNJvvjriX/AlCQZDt9A7/Y4fkjxvmuk5ejBE6f2PUfXiu3HN/IrN2uzITrv1vdXPr5r8vUso+d6lg/5mX2G/ywC9cV99KT+eOI/PKt4vH5cwvhVNiwjFsUKsCAgFCawuxTZnMtaivOhKhcA+ezJaQwv+Lzb1+fUBi/0lA0iJarcy5WfXMv7Kc2LO0uVPvMzmX/01rmjRQlWDjszUO6f+6Kp/5HsK5MKHRt+tcSQ4oAgAcH/TDu7PX4yakrhZ9/odaPrhPa5fPehrLqF3dBLcVIbzmNhCsXPeVII7Kwls24WUWsTobK9ZM30M12Ifi/W7kdZFv++DlknjT8b4HHKZLhEWlcJvfIXJN38zptDb8OEq1l53N4GG5sH9pYXAlpK4JG3BzNubVq73Hyjr/lgj6YDCnqyjEDZLit7a+Vc9EL4otsVo9/DQ8Jx3ApkP/Qw1zXynMlzXROvjL9O17D9oXb6e3+616zQ3m479Gf274ddFrxroa/lper6IOm76vb/ze4zzLIkeMk88nILLz8YaI5BV5449/Ofym2haucHEvDm6D6wJ7g8TJhdeHmrv3HPG5tc4EHHAEgCgPOVwhN1arLd7l8pQ+LCBCSBBFaRcfzlpt38HYY/hxC4l0h+MuFP2K9qP9zrka4/yk1OsFhS7PWa9wZZ21nzndir+/WaU840ZARSnfYe7IPdrbZt3rjz5P0+TNki2xv0Fy8irGDvYD52O9+1Pd6jpKTfKTt8ThLWCAX+g6bT+5WmskwpI+sa55ucIgXDaI+bTXyIe6MEQ2+9/jKoX3okrTIxitbTY01N++sHGV1aee9mNB+zghwNQBuiN3+5czY+nLOTyPe+Un+spbJFh/XikjD1NIZDByE7x7BhC8ZcYGiTsWToUoVcJ2VOT7y668ty/FySM14969g/7+w4GxAFNAIDfNZbyUdGpWLLTt+jtXQ7C2hFIqQxEAq29Yy8J8rP39y0ctJC6TvWL77Lhxt8SiMO8WQiBJdHzz6SpE29r37LTd/z7S/b3LQyKA54AAL9r2cEPRLamuF1rZCBUJDV9xkCLZoEgXN9opEhK8vQYyH2J+BFsbKHsL/9i88/+iL/WiCY32Oyvup3L3eNzv++vbaw/fdOr+/sW4sIBLQT3Ru151+N791OEy1Gst3YulYGIUMxAPrs6wuXAddwCEr96Ms7DZmLJSjM2xQ6QncixRE+okX7/NoWuo/kC+CprafzocyqffoPmleuNTI3dIQwHCK6l2m1ljpyMr3n31Hw64/b/Y9pN39jftx8XDqpRUDH7KwQ37ERJSThab/c+IUOGUDyw03pED2+1YcnJwJKfZahJLZYBVZfm6kx6lcb/u/jq6vVdDFDWAzFIeV81aKxzuz/1YIhAQwvePTUE6pvQw1q0qjMGAYRFbbWnp3xnacX7T33/gh9w5AG+7o/uxYMIFXMuIn/t0+xKOvoKrdP7JzQ9If6oDTrd4UtiR4QABjg29EgR8f2u92f/6BYM4bzo8+OrqyfqRL+lzmAEEIoSsiYn/DrvnOPv7CjdFV78wYG/7u+Ng44AAOVFZ6KkJFhDpeW/0Lv8N0kpLfsyMNZg9Q92zUEJEGeIkgHrIHrQjlZYlJ4yIbB4XEsTJo3/XrjL13bqxpdH+GT3PQ4YY7ihYHzZK2g1TSE1M+0+4bA9d3DS+OCH6rCtcGSn/9y7p6btkL8ML0/v/sZBSQCA8VVvEm5pb1FSEm8VNuvgPsVfYlSh2Ky7bKlJN3Vu270rbdEcMmMExj3QcdASQAiB88i5hKqrdipJCTcKq2Vw8+kvMSoQqtpuTfT8/Hu7l63IO+s4jnx+/3t2DRcHLQEAcl/5Ha7FR3BB/bsfKR7Xz1GVjv3dpv92CEWELR7n71PmT3/6H/Mv4Ijn/7S/mzSy+9nfDRgN7J5+AZaMFJt/9Zafa53em9Cl5UsheAyEYEVBdTmfco3P/Y7m9bWetv3N0X6U+xz/FQQA2Jl7EkqCOylUWfdz6Qt8Q+p64pcEiLOuOM7DogYsbteLtoyUGzSfv+L03csOGLfGkeDgv4Ne2JG5GOGw2bXWzqMJa6fqwdA4GQ5/SYDB6hrgPFQVi8fVZEn0vOcsyHkr2NjcfvJBYuYQD/6rCNCN5r89i5qUQPM9jyr+NVuQfTaDviRAvNeUusRTUsiUm6+R7eu3yZm//fFYP7ov8SW+xL7E/wMhkCJbg68ngAAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMS0wOC0yMFQxMDoxMDowMyswMDowMKtAq1sAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjEtMDgtMjBUMTA6MTA6MDMrMDA6MDDaHRPnAAAAV3pUWHRSYXcgcHJvZmlsZSB0eXBlIGlwdGMAAHic4/IMCHFWKCjKT8vMSeVSAAMjCy5jCxMjE0uTFAMTIESANMNkAyOzVCDL2NTIxMzEHMQHy4BIoEouAOoXEXTyQjWVAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - endpoints + - services + - pods + - namespaces + verbs: + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - list + - watch + - apiGroups: + - externaldns.k8s.io + resources: + - dnsendpoints + verbs: + - list + - watch + serviceAccountName: coredns + - rules: + - apiGroups: + - "" + resources: + - endpoints + - services + verbs: + - get + - list + - watch + - apiGroups: + - k8gb.absa.oss + resources: + - '*' + - gslbs + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - externaldns.k8s.io + resources: + - dnsendpoints + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - list + - apiGroups: + - networking.istio.io + resources: + - virtualservices + - gateways + verbs: + - get + - list + - watch + serviceAccountName: k8gb + deployments: + - name: k8gb-coredns + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: k8gb + app.kubernetes.io/name: coredns + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + annotations: + checksum/config: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + creationTimestamp: null + labels: + app.kubernetes.io/instance: k8gb + app.kubernetes.io/name: coredns + spec: + containers: + - args: + - -conf + - /etc/coredns/Corefile + image: absaoss/k8s_crd:v0.1.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: coredns + ports: + - containerPort: 5353 + name: udp-5353 + protocol: UDP + - containerPort: 5353 + name: tcp-5353 + protocol: TCP + readinessProbe: + failureThreshold: 5 + httpGet: + path: /ready + port: 8181 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /etc/coredns + name: config-volume + serviceAccountName: coredns + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + items: + - key: Corefile + path: Corefile + name: k8gb-coredns + name: config-volume + - name: k8gb + spec: + replicas: 1 + selector: + matchLabels: + name: k8gb + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: k8gb + creationTimestamp: null + labels: + name: k8gb + spec: + containers: + - env: + - name: WATCH_NAMESPACE + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPERATOR_NAME + value: k8gb + - name: CLUSTER_GEO_TAG + value: eu + - name: EXT_GSLB_CLUSTERS_GEO_TAGS + value: us + - name: EDGE_DNS_ZONE + value: example.com + - name: EDGE_DNS_SERVERS + value: 1.1.1.1 + - name: DNS_ZONE + value: cloud.example.com + - name: RECONCILE_REQUEUE_SECONDS + value: "30" + - name: LOG_FORMAT + value: simple + - name: LOG_LEVEL + value: info + - name: NO_COLOR + value: "true" + - name: SPLIT_BRAIN_CHECK + value: "false" + - name: METRICS_ADDRESS + value: 0.0.0.0:8080 + image: docker.io/absaoss/k8gb:v0.14.0 + imagePullPolicy: IfNotPresent + name: k8gb + ports: + - containerPort: 8080 + name: metrics + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 100m + memory: 32Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + serviceAccountName: k8gb + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - gslb + - dns-lb + - kuberneters-global-balancer + - kubernetes-operator + - balancer + - multi-cluster + links: + - name: Home + url: https://www.k8gb.io/ + - name: Source + url: https://github.com/k8gb-io/k8gb + maintainers: + - email: andre.aguas@protonmail.com + name: Andre Baptista Aguas + - email: dinar.valeev@absa.africa + name: Dinar Valeev + - email: jiri.kremser@gmail.com + name: Jiri Kremser + - email: kuritka@gmail.com + name: Michal Kuritka + - email: yury@upbound.io + name: Yury Tsarev + maturity: alpha + minKubeVersion: 1.19.0 + provider: + name: k8gb.io + url: https://github.com/k8gb-io/k8gb + replaces: k8gb.v0.13.0 + version: 0.14.0 +status: + cleanup: {} diff --git a/operators/k8gb/0.14.0/metadata/annotations.yaml b/operators/k8gb/0.14.0/metadata/annotations.yaml new file mode 100644 index 00000000000..ef26318b969 --- /dev/null +++ b/operators/k8gb/0.14.0/metadata/annotations.yaml @@ -0,0 +1,16 @@ +annotations: + categories: Networking + certified: "false" + containerImage: docker.io/absaoss/k8gb:v0.14.0 + createdAt: "2021-09-24 12:00:00" + description: A cloud native Kubernetes Global Balancer + operatorframework.io/suggested-namespace: k8gb + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: k8gb + operators.operatorframework.io/builder: operator-sdk-v1.12.0+git + operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 + repository: https://github.com/k8gb-io/k8gb + support: cncf-k8gb-maintainers@lists.cncf.io diff --git a/operators/keycloak-operator/25.0.5/bundle.Dockerfile b/operators/keycloak-operator/25.0.5/bundle.Dockerfile new file mode 100644 index 00000000000..fb219f2abde --- /dev/null +++ b/operators/keycloak-operator/25.0.5/bundle.Dockerfile @@ -0,0 +1,16 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.channel.default.v1=fast +LABEL operators.operatorframework.io.bundle.channels.v1=fast +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=keycloak-operator +LABEL operators.operatorframework.io.metrics.builder=qosdk-bundle-generator/6.6.7+c4db039 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=quarkus.javaoperatorsdk.io/v1-alpha + +# Copy files to locations specified by labels. +COPY manifests /manifests/ +COPY metadata /metadata/ diff --git a/operators/keycloak-operator/25.0.5/manifests/keycloak-operator.clusterserviceversion.yaml b/operators/keycloak-operator/25.0.5/manifests/keycloak-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..b3779117df2 --- /dev/null +++ b/operators/keycloak-operator/25.0.5/manifests/keycloak-operator.clusterserviceversion.yaml @@ -0,0 +1,326 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + containerImage: quay.io/keycloak/keycloak-operator:25.0.5 + repository: https://github.com/keycloak/keycloak + capabilities: Deep Insights + categories: Security + certified: "false" + alm-examples: |- + [ + { + "apiVersion": "k8s.keycloak.org/v2alpha1", + "kind": "Keycloak", + "metadata": { + "name": "example-keycloak", + "labels": { + "app": "sso" + } + }, + "spec": { + "instances": 1, + "hostname": { + "hostname": "example.org" + }, + "http": { + "tlsSecret": "my-tls-secret" + } + } + }, + { + "apiVersion": "k8s.keycloak.org/v2alpha1", + "kind": "KeycloakRealmImport", + "metadata": { + "name": "example-keycloak-realm-import", + "labels": { + "app": "sso" + } + }, + "spec": { + "keycloakCRName": "example-keycloak", + "realm": {} + } + } + ] + support: Red Hat + description: An Operator for installing and managing Keycloak + createdAt: "2024-09-17T15:42:53Z" + name: keycloak-operator.v25.0.5 + namespace: placeholder +spec: + customresourcedefinitions: + owned: + - kind: KeycloakRealmImport + description: Represents a Keycloak Realm Import + displayName: KeycloakRealmImport + name: keycloakrealmimports.k8s.keycloak.org + version: v2alpha1 + - kind: Keycloak + description: Represents a Keycloak Instance + displayName: Keycloak + name: keycloaks.k8s.keycloak.org + version: v2alpha1 + description: | + A Kubernetes Operator based on the Operator SDK for installing and managing Keycloak. + + Keycloak lets you add authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box. + + The operator can deploy and manage Keycloak instances on Kubernetes and OpenShift. + The following features are supported: + + * Install Keycloak to a namespace + * Import Keycloak Realms + displayName: Keycloak Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAWMlJREFUeNrsvQmUXOV55v91d3VVL9XV+6JuLS0JbYAlgVlsBxvFYJ/zd2wBMYpNTJAwcAY7ZtCcE0gC42MRThIS5sSQ+UOYwYBALGYwNhKeccbYDmCcmQQSJKEFtRFqqbW31Iu61d21T72lLmi1uqruVvc+997ndw5HNkjqW9+9db/nfb/3ed+ydDqtCCGEEOIvyrkEhBBCCAUAIYQQQigACCGEEEIBQAghhBAKAEIIIYRQABBCCCGEAoAQQgghFACEEEIIoQAghBBCCAUAIYQQQigACCGEEEIBQAghhBAKAEIIIYRQABBCCCGEAoAQQgghFACEEEIIoQAghBBCCAUAIYQQQgFACCGEEAoAQgghhFAAEEIIIYQCgBBCCCEUAIQQQgihACCEEEIIBQAhhBBCKAAIIYQQQgFACCGEEAoAQgghhFAAEEIIIYQCgBBCCCEUAIQQQgihACCEEEIIBQAhhBBCKAAIIYQQQgFACCGEUAAQQgghhAKAEEIIIRQAhBBCCKEAIIQQQggFACGEEEIoAAghhBBCAUAIIYQQCgBCCCGEUAAQQgghhAKAEEIIIRQAhBBCCKEAIIQQQogVBLgEJB+rV69uyPzyUOaftVwNQlzH/sw/67ds2fIKl4LMRFk6neYqkHyb/+uZf1ZwNQhxNddRBJCZ4BEAycd6bv6EeIKHuASEAoBojf67JwUAIcT9zMt8pzdwGQgFANGCvCzquQyEeIb1k8KeEAoAkjf6X6VY9EeI16ifFPaEUACQvPC8kBBvsnZS4BNCAUDOif7XKRb+EeJlmAUgH0EbIMlt/mL761U8+yfE69y8ZcuWjVwGwgwAybGemz8h/sgCTAp+QgFAGP1nq4O/x5UgxBfMU7T5EgoAMslGLgEhvuJ7tAUSCgBG/6syv1zJlSDEd9DxQwFAGP0TQnzINbQFUgAQ/0b/cg44jytBCLMAxH/QBujfzZ+2P0KIQFsgMwDEZ2zg5k8IkSwAbYEUAMQ/0f/KzC93ciUIIYpzAigAiL8UP5eAEDKFO2kLpAAg3o/+r1W0/RFCzmUjl4ACgDD6J4T4jytpC6QAIN6N/jco2v4IIcwCEAoAX23+UuXL/t+EkELMm+wPQigAiIeQ1D9tf4SQYnBaIAUA8VD0vyrzy1quBCFEA/WKtUIUAMQ7ip5LQAjRwdrJfiGEAoC4OPpfp2j7I4Toh1kAj8NZAN7e/OUcb6ti5T8hxBjXbdmy5RUuAzMAxH1w2h8hhFkAQgHgs+i/W9H2Rwgxx7zJ/iGEAoC4TLnT9kcIMct6zgmgACDuif5XZX65hitBCLEATgukACAui/4JIcQq1nJOAAUAwY/+12V+WcGVIIRYDLMAHoM2QG9t/mL761U8+yeElIabt2zZspHLwAwAwWM9N39CSCmzAJwTQAFA8KL/7swv3+NKEEJKyDxFezEFAIFjI5eAEGID36MtkAKA4ET/qxT7/RNC7INOIwoAwuifEOJDrqEtkAKAOB/9s98/IYRZAKIb2gDdvfnT9kcIcRLaApkBIA4qcG7+hBDH3kG0BVIAEPuj/5WZX9ZyJQghDsI5ARQAxKHonxBCnOZO2gIpAIh90f+1irY/QggOG7kEFACE0T8hxH9cSVsgBQApffS/QdH2RwhhFoBQAPhq8+9W7MNNCMFk3mRfEkIBQEqARP+0/RFCYN9RtAVSABDro/9VirY/Qgg2EqCwRokCgJQg+ieEEHTWTvYpIRQAxILof52i7Y8Q4h6YBXABnAWAv/nLedpWxcp/Qoi7uG7Lli2vcBmYASDG4bQ/QgizAIQCwGfRf3fml+9xJQghLmTeZN8SQgFAqKAJIT5jPecEUAAQ/dH/qswv13AlCCEuhtMCKQAIo39CiE9ZyzkBFABEe/S/LvPLCq4EIcQjMAsACG2AeJu/2P56FVv+EkK8xc1btmzZyGVgBoAUVsrc/Akhnnu3cU4ABQDJH/13Z365kytBCPEg0s+E0wIpAEgeNnIJCCEehrZACgAyQ/S/SrHfPyHE23BaIAUAYfRPCPEp19AWSAFAPo7+2e+fEOInmAUAgDZA5zd/2v4IIX6EtkBmAKiEufkTQvz47qMt0FkCXAJHo/+VmV/WciWM09e+UJ2sb1djVWGo66ofHVT1YwNq9tG9vEkmGJ+9SCXmL1PRuUuwIqfouArt36Nq336NN8nE10SdsQVu4FI4A48AnBUArytW/htm6+LPZAUAKsFgULWruFr5y2d4s4yIu6WfUgNXf1211oVhr7HyeJ9qfu5BVT4xxhtmnPlbtmzp5TI4IGS5BI5t/tdy8zeORP3Im78QW3BhdhPbc9nv8Ybpvb9di9XWq25SB9JBlQLeXONtc9TpS6/mDTPHRi4BBYDfYBWsCd5d8jvQ1xdoaFYqGMr+730rPq/G6pp503Sw44rrP/rfB2LY13r60i+oZH0Lb5pxrqQtkALAT9H/BkXbn2H2zFuhxkO1sNdXmU6pRNeCj6PEYLXqYRZAM5I1OdUy++NsgAqo+Mgw7PWmQtVq5LOreeOYBaAAIEU3/27FftiGiQeCal/nMuhrTHVmbnFF4JxNTdLapMj9zWymOz+75px//0F5DfR1j33iM3CFii5j3mQ/FEIB4Gkk+qftzyA7F1ySEQGVsNcXKlMq2do1439jLUBxei79cjZjcs4Gm0yroeFh6Gs/9YWv8waafDfSFkgB4OXof5Wi7c/4C7a2Cb7wLzr/grz/7WTnomwmgOSJouua1Ycrfjfvf+8tzwiDOG5BgBQEji3/Hd5I49QrWgIpADwe/ROD7Fh4CfT1hUIhpcKRgr9nz2Vfzqa5yblsvfqmgv89mVbqcCyFLVKv/rpKVdXwZhrnzsn+KIQCwFPR/zpF259hjjbPyVr/UKlIJQtG/znG65oyUe7neUOnIfURkiEpxpFkObQtUAoCaQs0DR1SFACe2vwb+FAbRwr/diy8FPoay5raPrL9FYO2wHN596qbNP/eD1JB6M8ycsVq2gLNceVknxRCAeAJpLqVhX8G+bBrGb7tb672Cn8pcpup0t239zcjiCQzonmDTaRUdHQE+jMNfvlm3lhmASgAGP1nbX/f40oYQ3r8w9v+ZusvTDw6fzltgeqM7c9Ij4QeVQX9uWJzl9AWaI55k/1SCAUAlaxf6Zm7HN/219xh6M9O7XbnV3ZesWZG21/RDTaVVv0jo9CfbejL3+QX2BzraQukAHBz9L8q88s1XAljuKHff/S85Yb/rHS787Mt0OznP6SCSiXisJ8vWd+cbRNMDFPPAIoCgNG/T5GWv8hkbX/V5moTpBbAr7bAHSbrIMQW2DeRgP6M0iKYtkBTrOWcAAoAN0b/Uvi3githDIn8oW1/6ZSp6D+HpL/9aAs8umCFJttfMY6nKlTyNG5BYHZOwBWcE2CSDVwCCgA3bf4NfGhNbIqBoNq5ANv2p9rnnNPv3yg9l/6er2yBkvHYcYV1Loi9ZdgZFOkLEJfnhRjlysk+KoQCwDWKlbY/g4jtD7nwT2x/yY65lv6dfrIF6rX9FUNsgWPgtsDhqzknwOw7lQWBFABuiP67M7/cyZUwhtj+pPIfOoJd+AnL/06/2AIl07GvBEcee8UWCDwnQGyBE4sv4hfcODI+ndMCKQDg2cglMBEJL8Du9x+sqCja798oerrhuRXx/Bux/RXdYMUWOBGD/uzMAphm/WSARSgAIKP/VYr9/g0jRX/S8x+Z2KLS1XV6fU6AZDhKaXsUWyDynACxBYorgBiGtkAKAEb/XuXdJdijVIO1dZr7/ZuKkD1qC9xjoOOfrg02nREBiTLoNZC+AJwTYIpraAukAECM/jeoM+dUxADo/f7F9hfrXlrynyPp8Z5Lv+y5+yuRvxW2v2KILTA+Mgy7DllbILMAZmEWgAIAavOX6lQWqBjd9AJB1TMXvGVCZ7dltr+iYmjF73rKFigZDTtdDh+UYzfeGfvEZzgnwBwraAukAEBTpLT9GUQ2f2TbX1ClVbK1y9afufVq7xQESl1DKQr/8m6wybQaHR6CXhNmAcy/c2kLpABAiP5XZn5Zy5Uw+LKuCqsPu5ZCX2NswYW2/0xJl3vBFiiZDGl0ZDfZLAC4LXBs+e/wBWAcCbiYdaUAgIj+idFId/FnoK8vGAyWzPZXDC/YAp1qcCQFgei2QGkRzDkBpvgebYEUAE5G/9cq2v4MI5Y/5H7/TkX/OcQWWOrK+VIiGQxpcOQUB9L4tkBpE0xMsZFLQAHgxObfwOjfHDsWYvf7DzQ0l9z2VwzpmudWW+COK653/BoOYCcBslkA2gJNcSVtgRQATiDnT7T9GURG/SLb/qTff6JrgePXIcVzO69w35wAKfw71TLb8es4qQIqij4n4AvsEMgsAAWAm6L/bsUCFOObWiCo9nUug77GlI22v2KIhx5hM9V8f0PV2YZGKPTInABgJhatpC3QHPMmx68TCgBb2KBo+zOM9PtHtv2FypTttr9i7HDRtEBpZGSn7a8YMidgaHgYes1OMQtg+p1MWyAFgB3R/ypF259hpOivr30h9DVG51+At26di9TRBSvg76/Y/qSRERq95dXQtsB425xsm2BiGM4JMECAS2Ao+icGkbN/ZEKhkIo6ZPsrxtH5K1THh9ug1w9VpIgt8HAspTpxE0/Z5kDV7/1GlQM7F8BZO3k8K0JgiMtRkKEtW7ZsLUun01wKjdx6663f/sM//MNHFi1axMWYgVOnTqmamvy+5h/1nlB3v9MLe/3VgQo1ft4Kxyv/83F5dVq9MCcB/Qw8fLIi8w9uYvGK+ko1nsYdGPSlmrhaVxfN+9/HxsbUxMSEqq2tVRUymtrFxONxVV5erkq5B8l6VVVVKTIzPALQyOOPPz7vtttu+3tu/jMjX+JCm/+peFI9vOsw9GcItM6C3fyFL4RT8M8B+jVuO52Evr7/NVap+pNnv5aHhobU6OioSiaT2cZUkUiEm79GYrGYIhQApmlra3u6s7OzgiuRP/ovxFO/PaYOjeF+GeuqQmqkdQ7s9XVVptX19fgC4PxQOpupQGUkkVnDFLYI+PuBgBocHMxu+IlEQoXD4WwU65VsrV2bv9DQwLpACgCTPPHEE1dcfPHF7PiXh9OnT2dTkvk4eDqqnswIAGQSs7qhr+/O5pSKuOTb+mAH9gb73hi2kNqTCqq+qkblxeNZOzf/HGVlZYpQABhm/vz5P+EqzIx8kaVwrhD3b+tTI3HcTaG1PpJtu4uKRNTXR1KueSZmV6azggUVsQWOJrBFymOj3psR4MTmLxTLTlIAkLy8+uqr9y1atIi9OvMwMlK4y9r/7R9Rrx3GLsjtb0OP/pOuey5ubkyqOuC3ywfjSRVQuBH2iVS5ennMO8VrTm3+QnagF6EAMEJm87+XqzAz0Wi0YOFfNvrf2gf9GZraO5Sqxm1J/NVM5P+pGvelguW44rttuMJFbIEHo9jC6mcTITWWdn/62snNX6iurlaEAkA3P8lQV1dXwTOkc5EvsxQpFUJsf7uHcT3NVYEKNdCCW/gnETRyKr0YcmyxLIQrXg5FU6pK4a6vbP7PnHb35uX05p9DrJOEAkAzP/jBD+YtX778GvnfAwMDXJBpSOq/UGpNbH9y9g8tYtrnwPT7n4lvNqay5+lu5rut2FH2dvCCwDejQbU/4U7zEcrmL9AOSAGgi66urleqqqqyoT8zAGejJfUvtj/kwj+x/UWbZ+E+f9lCuqTrnxU5vkDuDSC2wDJwW+AzY+7LAiBt/gLtgBQAmvn+97//pUz0vzL3/wMBdkyeSipV+IUutj/0pj8jneeBR84pzzwv8lmQCwIlCxAsw8207I4HspkAbv7mYCBHAaAtavnUp56b+v+l8xY5g1hqKisLN1S/C7jdr9Ao9zOMe0/F9vfFsHcEgBxjyHEGKmILHIhjr/ePxqpcURCIuvnn3l2EAqAgL7zwwl/PnTuX+aIZKNbuVxDb37/0j0B/jkH06L8t6blnR2yBXcD1DGILDJVh2wJ/Nh6CvsfIm79AOyAFQFGWL1/+J/kebr8j/ciLcdfb+6A/Q92s2dD9/sX2d37Iex3gIuCOBrEF7hvHtwX2pzBf2eibv0A7IAVAQV599dXXGxoaAkY3Py8j7X6LfYGeBO/3HwpUqJEm3MK/unJvRv85xBaIPCfgSAzfFojYHMgNm38O2gEpAGbk/vvvX37++ed/Lu9Clft3qbS0+3XDtL+yzvnQtj+p+o94/DFDdza8Cz4tUIoBd8WxnmG3bP4C7YAUADPy6U9/+sc529+M0WMo5Nu10VI8c//WA9C2v6ZwjZpoaIW9vi7wQjmrEFvgV4HnGowl0/C2wE1AtkCxBLtpaBHtgBQA5/Doo4/eumzZsoWFfk+x4jevUmzSn7BraEy9vP8k9OcYaJsPfX0Ptid980zJMQeyLVCyAJXAcwKkMRCCLVA2/4oK9zUpoh2QAuAsLrroogf54JyLKHstnxm9419jYyO87c+N/f6NIsccyNkOKQg8DD4nQFoEO2kLdOvmL9AOSAHwES+99NIPtNr+xsbGfLU2xdr9Cj8/PARt+6sOVKjBdvDovyPpu++d1AIg2wIPRFMqBJwFkM3fKVugmzd/gXZACoAs0u///PPPX6v19/upgERLu99s9L/1APTnCLTOgrb9iTXO7f3+jYLe7fC9MWxh9vJ4le22QLdv/tmggHZACgChvb396Xy2v5ko1gLXS2j5rFL1j2z7k37/6LY/aZDjV6TbIbItUOYEBNLY3/nHRu2rTfLC5p+DdkCfC4CnnnrqimXLll2p64VdV+eLtdHS7lf6/YvvH5l4G/a0PymGi/j8EA697wG6LVDmBNhhC/TS5i/QDuhzAdDZ2fm83lSQH86OtKb+JfpHtv211kegbX/LQulsYxy/I10PbwafExBPYouAUmcBvLb5C7QD+lgAPPvss+svvPDCOUb+rNedAFqUsfT7R7f99TfPgb6+77b6N/U/HSkIRLYF7hxLqoACnxMwUZo6Fy9u/n55l1MA5Is6zj//r4z+WamM9yqS+teSFUHv+NfS0gpt+/tCOOUr218xzswJwBVEYgs8CG4LfLkE0wK9vPnn3ncUAD5DbH/t7e2Gy0ATiYQn10XLpD/hR70noG1/VYEKdaK9G/b6sv3+W5n6n470BUC2BR6K4s8J+JGFcwK8vvkLtAP6TACI7e/iiy/+ptmN0q9q2A39/ivF9gdc+CcbnV9tf8VA74a4fQxbuP3jRCjbJZCbvzZoB/SZAGhubn6xUL9/jX+H59ZFS7tf4SnwaX9Z218r7tm/RLh+tv0VQ45F5HgEFbEFloFbgZ8xOSfAL5t/Dr/bAX0jAMT2d9lll13O1+zZaJn0J4jtDz36T8zqhr4+afoTYfPtgqAfj2wfS6pgGW4GR2yB78QquflrxO92QN+8jrq7u39i1d/lperRoaEhTb8Pvd+/2P7G65pgr08a3tD2Vxw5HhGhBLthpNJqIAaeBTitPwvgx81f8Lsd0BcCQGx/ixcvbrHq7xsYGPDEusiXXktzI7H9vXZ4CPqz9LehR/9M/WtFjkmQbYEfTCSh5wSILfBlHQWBft38vRjQUQDMgNZpf356YCT1n9TY4OT+rdjRf1N7h1LVtbDX99UIbX96kGMS5A6BYgvcD24LlL4AWuYE+H3zF/xsB/S8APhJBj39/rUQCARcvy5aJv0J0u539zDuFESx/Q204Bb+1ZXjt7tFRI5LpFsiKoey0wKxbYHFsgDc/M/gZzugpwWA2P6WL19+jeURSiTi6nXR2u7XDba/dPsceNsfC/+Mgd4t8T1wW+Cb0WDeOQHc/D/Gz3ZAT7+aOjo6fmbW9udFtE41RO/3L7a/aDPutL+ubEEbo3+jyLHJVyPotkD8kcHc/IvjVzugZwXA97///S9ddNFFy0r197u1DkCq/otN+hPE9vcU+LS/kc7zwCNYVv2bRRwByAWBMi2wUmHbAiUTwM2/MH61A3pWAHzqU596rpR/vxudAFL4Fw6HNf3eu97phf4sjXIMA9zvX2x/XwxTAJhFbIE31uJGZ1IQOBjHvs8/mpwTwM0/P361A3pSALzwwgt/PXfu3JLe0fJy9y3d6Oiopt8ntj/kfv/CIHj0/2AHU/9micfjanx8XH2zKa06A7hR9p5xfFvgq6MBbv5F8KMd0JMCYPny5X9S6p+hpXseEtLuV2uxy11v74P+LHWzZisVxF3/m9nv3zKxKo6bSHla3dEYh77efRPYQ8I2x2ozQoACoBB+tAN6TgC8+uqrr1tt+5sJLVX0KGht9ytI4R9yv/9QoEKNNOEW/tWVs+mPFVH/9Of198MJdVkVbqr9SCwNbQsUnp2o5QNWAD/aAT0lAO6///7l559//ufs+nluSRlpVbZi+3sSvPCvrHM+tO1PNn/a/sxH/TNxTzN2odbW09jC79/jQbU7UckHLQ9+tAN66lX16U9/+sd22v7cUDmqddJfVkBtPQBt+2sK16iJhlbY6xPbn/j+iTVR/3SWBVPqujBuqn0smVbxJLYIeI5ZgIL4zQ7oGQHw6KOP3rps2bKFtn7hx8ag10RS/1qzFLuGxtTL+09Cf56BtvnQ14c+z96NUf+5WYC4qivHra/YOYZtCzyQDKj/Ha3mg+fioI4CYAas7vevhRT4bHCt7X6z0T/4tL/GxkZo25/MsWe/f+uj/ulIQeDaCG4WQGyBh8HnBPwkWpO1BZJz8Zsd0BMC4KWXXvpBqW1/M6Flkp5TaG33K/z88BC07a86UKEG27Gjfzb90Rf1S2bK6EwNcQQg2wIPZOcE4F6fbP4iAsjM+MkO6HoBIP3+zz///LVO/GzkqlGt2Qkp/JOzf2QCrbOgbX/SrY62v+JIelWEqUT9cjxlhnvBCwLfG8POAsgxAG2Bed6JPrIDul4AtLe3P22H7c9NalEeYC3tfgVp94ts+5N+/+i2P5lfT4pH/dI8y6oGWlfXJKFtgWfmBGBnhf77eJgPpssCOwqAqZvXU09dsWzZsiudvAa0QkA9qX/p949u+4u3YU/7k1G/tP3ZE/VP54HWKPRn3w6eBXg/UUlb4Az4yQ7o6ldXZ2fn807fLHm5ob1wtYI+7a+1PgJt+5N59ddHePZvV9Q/na5AWt0EXBAYS6XVaBxbBDw+XscHdQb8Ygd0rQB49tln11944YVznL4Oq6MaM0jqX6sgkn7/6La//uY50NeHPq/ei1H/dKQgENkW+MFEUgXA5wT8ZIIFgWYCKQoAJ6KvZcv+CuE6mpubIdZDXrR62hPfvxXb9tfS0gpt+5M59bT92R/1Twd9ToDYAg+C2wL/d6yatsBp+MUO6EoBsGnTpudbW1urpcsd+Tj618qPek+o3cO4TYyqAhXqRHs37PWd6ffP1P907Ir6pyN9AZBtgYeiKVUFPCdANv9nJ1gQOB0/2AFdJwAef/zxeZdffvnXsxtFVZVCEAFOPyh62v1mbX/gTX8qxfYHXPj3TU77OyfqTyQSjo7I/ptW7JTt9jFswfhWLJTtEkiMBVUUADbR1NT04tR+/wgiQDruOYWeSX+C2P6QC/+ytr9W3LN/6fdP29/Z4tOJqH86l1Ul1VU1uPfljC0Q+7nhtMCz8YMd0FUC4Iknnrji0ksvvXz6v3daBEj04xRDQ0Oaf6/Y/qTyH5nErG7o65OOf7T9fRz1I70k0ZsDSRYgWIabORJb4K9jVXy4J/GDHdBVr7Lu7u6f5PtvTooAoy1NzSJnrnraEaOn/sX2N17XBHt9l1en1RfDPPtHifqnI7bA7zTgFgSKLXAghv38cE7A2XjdDugaAbBp06b1ixYtain0e5wSAZGI/dXq8vJN6hg9Kra/1w4PQd/j/jbw6L/N36l/xKh/OmvrE/C2wBC4LZDTAqeINo/bAV0jAFasWKFp2h9KYWCp0TPpT7jr7X3Qn6epvUOpatwzSLH9nR/yb+EfatR/jhjPbP4yMhgVsQXum0hAr6HYAjkn4AxetwO6QgD88Ic//Ec9/f6dEAF2OgH0tPsVngTv9y+2v4EW3MI/sf35Nfp3Q9Q/nd8PJ9TSIG6q/UgsrULgtsAfc1qgI+92CoBpiO3v4osv/qLuTcVmETAwMGDbz0rpGDIitj/0wr90+xx4258fC//cEvXPxL3AWQBh62lsQSm2QM4JmHyHetgOCP9aa29v/9lU2x+qCLDLAy1V/1on/Qno/f7F9hdtxp32J7a/O5v9Ff2Pj4+7LuqfjtgCrwvjptrHkml4W+BztAVm8bIdEFoA/N3f/d2XVq5cuczM32GXCNDjxTccKWcisXBYe8euXUNjWd8/MiOd50Ff34Pt/tr8pbZEXC1ujPqngz4n4N3TSVUJXBAojYFoC/S2HRBaAFx++eXPWfH32CEC9JzJG0XOY/WAbvtrFPcEcL9/sf35pd9/LuqX74pXEFvgWuBpgVIQOBjHzwLQFuhdOyCsAHj++ef/es6cOZaVYNohAkpZLCLXrkeJ/vzwkPqX/hHoh28QPfrv8Ef076WofzpiC0SeE7BnPAVfEEhboDftgLKnQAqA1atXN1x44YV/YvXfW2oRUKqHRG+732z0v/UA9MNXN2u2UsEQ7PXd3JhSbekoo36Xgz4tUHhvDL85kN9tgV6zA46NjWVrGyAFwC233PKKHtsfigiQRS0FeqtQpfAP2fYXClSokSbcwr8z0/6Snm4C4uWofzpiC7ysCneTlTkB5Uns3gCcE+AdO2A8Hv+okBxOAPzFX/zF8mXLln2ulD+jVCJAjz1PK3om/WXFQjyZ9f1Df5E650Pb/mTzF9ufnoJLRv3Y3AM+J2DbOLYQ+/d40Pe2QC/YASWomSpk4ATA5Zdf/mOjtj+nRYCevvxakOhMr+qU1D+y7a8pXKMmGlphr29ZKJ31/U+NlL2CFJH6Jeo/574GU9C2QJkTEEtgZwEeH69TfsYLdkAJUqd+/6EEwCOPPHJrJvpfaNfPs1oEWP2A6G33K/3+X95/EvoBHGibD319321NllTUOYGk/CTyt8Oqip0FwLYF7hpPqQBwQaDMCXh81L8FgW63A8p+UlFxdi0HlABYuXLlg3b/TKtFgFXnRHrb/QroHf9aWlqhbX9fCKdmtP2VqrbDrqhfcGpiJRJSEIhuCzwcxRUAVRlx8sRwQI2k/GsLdKsdUPa4mY79YATAiy+++AMrbX9OiQCrNgu99QQ/6j0BbfurDlSoE8D9/s9E/6mSijpG/c4hrboHBwfVtyMTqrMCd5PtywiAUBrzCG/7WCq7+T9yyr/PlBsLg3MV/zMBIQCk3//SpUtvdlTdWiQCrHhApNhET7tfN/T7D7TOgrb93dmcUrMrZ04Puy315/eoX8SPbPbDw8PZgkf5/3KUI0WdIqz/tAE7insPsCCwLJnMuhWETSNBdShR7stny212QHn2Cx0jQ9zFtra2pxsbGx2/FitEgFkngJHU/1Pg0/6k3z+y7U/6/d/cWDjqkg2FUT9uhCMRvqRnE5OFdLLZy/dopoLHq6rj6pIQ7lFAdqMFmhMQVGm1ffzs99q9A/6tBXBTRlCutVDRr+Ob7hNPPHFFJvq/EmXBRATobbk7lebmZlszCAdPR+Ftf/G2OeC2v+LT/jIClVE/CLl0fjITleY8zRLhS4GTVofDXzaOY2cBgJoDDcSTWZfCVN6OVmT+8WeGyS12QBHExb4PjguABQsWvISWYpXIwYmzHnmw9K6F9PtHtv211kegbX/S7//6iLaXrUTXjPrt/3yF0vlG6Qqk1I1h3E6PsuGOxJ3PUkib4g8mZl7newb8OSjIDXZAyWRPr/iHEwCbNm1av3Dhwg60xRPVJJGUURFgJEUkP1Nv6l9sf68dHoJ+EPvbuqGvT8+oXzT/vBejfr3pfDP8cSSqwsC2wL2ZjTfosC1w30Qy606YicOJcvXIsP8KAtFrggoV/UEJgKVLl/4V6iKaEQFGmscYSSvdvxV72l/W9leN20L0q5GUrml/dkx81BQdZp5JqRXxQtRvRTrfKNITQEQAKrLxHphwTgCIG+FIrPA92DQa9KUtENUOKNelp4DcMQGQif6fb29vh5ZSRkVAQmdHL73tfgWx/e0exvWnV4ntrx03+j/T71//y9XpzoAS9ZeXl2f/cRulSueb4Y/CUWhb4KFYSgUdsgVu1VCHIJv/Xw/57ygA0Q4o3ye92UBH3iJi+7v88su/7oYbbUQE6LkJRib9ie1Pzv6RqRTbH3Dhn7T7zWf7KygcHOoMODXqd0srXzvT+Wb4yybsgsAdTtgCkwk1ltT2czefrlTvx/01LRDRDijfMb3fK0cEQFNT04t29Pt3SgREItq73Q0N6T/DF9sfcuFf1vbXitv0R2x/es7+Z4rCGfWfi5PpfDNcGkqoz1fjjgzO2gJtnBZYqdKaov+pPDDovywAkh1QxLaRWiDb3yhi+7v00ksvd9vNNlsYOBMS0emNKMX2h970JzGrG/r68nX804pdZ+/IUT9iOt8Mf1qP3xxINmZbhFw8f+FfPsQW+Mtxf9kC5dlHQI6Q9Zz7OyoAli5d+qpbb7geEVBMHcrfJZGSXu56pxd6jRojETVe1wR7fWL7+2LY3AYlX7ZSnwGiRf1uSecbRWyB345g2wIHbMj6ieugZ9zY9+OBoSpfFQQiFOHqqfh3XACI7c+pfv92iwB5WRZC76Q/QWx/yP3+hcHO87Cj/zZrXqISmXs56ndrOt8MUhCIbAuUjbnUtsAdJhoQiS3wv/enfDNu2mk7YLE2v3ACYMWKFQ964cZrEQGFMgBG2v1mo/+390GvS1N7B3S//5sbU+r8kDUvp1IUA0oqz4mo32vpfMP3NLP5/xn4UcC+8dJlASpSH/f7N8r/iEfUgWgqW9tUKpGMhJN2wGJtfqEEwA9/+MN/bGho8MwhUTERMNPoxRxGXqpPgvf7F9vfAPC0vzO2P2tfnlZaAmXzFzVvR/Tk9XS+Ga6tjakllbgFtkfj6ZLZArda0H54NF2m/mG0JmtrFiEr/U2sHLeOhohlp4SHFd9VWwSA2P4uvvjiL3rt5hcSAfkifFHGegs23DDtL92O3u8/WbTfv27RU2W+8lnO+mUTLmV7UT+m883wZ+DTAreVYE5ALPMMTu/3b5RXx0PqndiZd5ykyeXZludO3n1ee97q6+tt/5kSeGhp8wsjANrb23/mJtufVSJg+jGA/F6JtPRy/9YD8La/aDP2tD/x/VuN2WJAiYysPutnOt88Ygu8pgY32yb+/FjCOltgQKXVrnFrn41/GD33fFyyAvJMyrPppeMBO+2A8s6wIvCwTQBs3LjxaytXrlzm5RdGPhEw/f8b8Y/vGhpTL+8/Cf35R8AL/x5sL514MiIArIz6JRpgOt96vg0+J0A2bKtsgQcn9Nv+ivFvsUq1ZXzmeiB5NuV4QI6iZENz+3Nqlx0wd0xoJSUXAIsWLXrMDy+MmUTA1A1fbp6RqlH0jn/ZMbnhCOz1ie1PT79/vejN6JiN+iWNevLkyY/S+RINMJ1vPWILvCmMmwWQDftQ1LywlX7/0m64FPztqdqCtkDJoMmGJsJVnmm3Pr922AHlu16Kn1NSAfDUU0/9vdttf2ZEQK6a20i7X+Hnh4fwbX/t87Gj/47SH51Iyr0UUX8unZ/7s/L/JY0qnSaZzi896HMC+qLmbYHvlbDNsBQEPjemLeiRZ1qeccloue14wA47oJE2v44KgNWrVzd88pOf/JbfXhpTRUBuwI+RSX/Z6H/rAejPWjdrNrTtT4b9GOn3bygLYkHUny+d76b+/15CbIHIzYEEM759ZYHtrxiPjVarw0nt24xktHLHA/LedMtzX0o7oAiiUo38LpkAuOWWW17xku3PiAjIPch6J/0JUvWPbPsLBSrUSBNu4Z/Y/m5utK9wUu7zdMbHxwtG/Uzn4yO2wEtCCdjrkw1c/PuGov8xe7IbchSgFzkekMg6dzyAnvEqlR0w1xukVJRkg5Z+/5/97Gc/5+cXhzywsinIr3r94kcmEuqJnqPQn6+scz607U86/kVs7KczvRJY7rls6LmNXF4QksqXF1vu3+eEIdP52Igt8PpjYdjrE//+J8L6bGEjcetsf8V4PRrM2gIvCRrbJOV4QESybIbyPTPipCo1Yge0+ntsts2vYwJg9uzZG71q+ysW+UsqSFJX8tCKcpOHVm/XuL/8oE+NJnA3hYaaKjXU0Ap7fctCaXV9xN71y50DStQvm7xs+PIFlornXPou9+JidO8ullYms7bAzWNByOuTjVw29LpKba9zqRvYO2Hv9+NvT9Wo/9Firlo+Z3+T75UcscqmizSRz4rOfFMzCkYH/DgqAKTf/5VXXrnQTy8IUacnTpzIbgJy06aOA9Y78OdfT4yqV/oGoT/vUAf27f3zxmjmBXH2uptNo8nGXqw4SVL38gzIy0leVrkXFjd8b2QBfjlRqUZBh93Ihn5JZVolVPHrO5D5vUmbH8meREA9d7pKfaPW/Fm5vGPlHzkeyLmrEAbziB1Qzyj4vIIu8/6Q95Ud7w3LBUB3d/f9fnghSLpHbrjcJHkA8914vef//3XPMejP3dLSok4A2/6uqkmqy6qSM94vM8gLptBLRjI/IhDkhSRCoNSpO2IvUhAotsBHT2EWvcqGLn7+jqrCr/RgCW1/xZAWwauro9m1tIqphdbyvTNSb2UVVokQeVfZldmw9JT0xRdf/MG8efPCXn0JyGYvD5oUpcjLXiK8YhYQPWmcn2Qi/7dP4vbNrg5UqBMtc6Ff0vc0OVO1nXse5H6LepcaAEb+3uLbkQloW6Bs7KEicwJ2jDv3TIot8LHRmpL83VNbDjvVU8AKO6CVbX5tFQDS73/p0qU3e3HTl/TvsWPHslGevOD1TvLTUiEq/f7/6/vY0X+gdRa07W9tJKG6AvZ/8eW5yKX7c/daXgby7820CiZ4/Cn4nICCvv5kouS2v2I8N1alyxZohFxPASdaDpuxA1rd5tdWAdDW1vZ0Y2NjuVe+6HJ2L5t+roLfzNmOlmlYz3x4Qh0ex90s6qqC0La/zszGf1PEmclciSl92afaAZkN8B5XVcfhbYFqBlugtA3eOoaRvfjusD1JYidaDhu1A9pR8V8yASC2v4suuuhKt3+55exFOq9JMxaJ3GTTt6ISs9jZkPj9/3/ws/94G/a0vzsaMvfLgd7tOWtfoXvNbIC3+MvGcewswNi5cwIG4knbC//yIXMCctMC7cDOlsNGpgOKaHCqZsgSAbBgwYKX3PplNnKur5dif99f7cAe9dsSqVMTDW2w13dpVVJdF0448uxMF4j57jWzAd5B5gTcGMbtECi2wIEp00PF9tczjlW7YFcWYDp2tBzWW8BnpX3QdgEg0/4WLlzY4bZNX871xbpn9FzfKnYPj6tfHj0FvV4nwPv939HgTOpfOvkZEYPMBrifPwZvESy2wNycgH3jeKPEjyTL804LtINSthzWMx1Q3gVOBgSmBUBjY6Nr+v3nzvVzhRp2WkbyDYz5V+Cq/2z039KS2bVqYa9PKv9nsv3ZISLzicZinR+ZDXA/8tx9vjoOe32S7he/f2U6qY7GMZ+xX004b5Wd2nJYBL0V3fy02gFzlmEn8Xyv/pxfXxZ6epMeW5VWnkY0I/Ek7NpVtbSrmu6F6pNVlbDXWF/mTGpTBF0+Aam16VAuG8C+Ae6k4sh+pQZwMwGHMsK9v2s+b5RG5PtsRcth+V4XExJOFf1ZLgAyL8J/yPwCVQAoUZVEV3Izp3Zkc3SjylMcclkzaHRdEVDpzm7Vn4kemjKCtgK0sfNwulz1p8pVa7l9QkC+3IWyR/Li0BrZ52oI5HmVP4fU2pQU5v8cPqkUcMvuxnnnqcEUbobp0iBmBmWqpVfEgJGWw1OtwTP9Nzva/GoKTM3+BevWrXtx7969jk+umelcH2HjL8ZlLWF1KaAIkFG/0czjIbbiU7E49Bq+PF5t68/TO9xJTzaAtQHuYNO+Aeh5HaGWdjVYgduzI1yWznYFdENWIHc8oKdoMJ8dUP59qUb76kH2SsliWuIC+PDDD9c49UGcPNfXy0wjY4U7lrRjXWgwdJbn/8NoWo0lcSOJX0eDanfcni9VIWVvViSwNsAdyLHdI789jnuBYtft7IZew2+FxyxtCWyHEJDvphQMaukpkC/jK2LCru92bpMX8SLXLT9bBIgEGbm2yZYIgFtuueWtd9999w27bkbOry8fKufXdwP5ojvJAlw7pxHmOhu6zzv3pccswEeCU+szymyAN3nkt/3Q0X94Vlc2e4fKrIqUJUOBnCDXclhLT4HpxwYSAFod/WvZ5KVYWYIWeSdNv17LnpLjx4+vzby0SiZtcn59+bBT+667iULVoZIFqKusAHh7RNRQ1bmC6mBm/x9P4BYs7k4E1JvR0hbVSNMfrV/ghoYGUz9rajaA4PD+qQn1bO8A7gUGQ2q0qRN6De+vH/XEs1Cs5fBUO6BkDYzuV2Y3+UJYJgBuu+22/e++++6TVm/6bjzXL6Qe89FVE1RrF7Q4fo2NM0T/OQ5Hk9DrK1mAsbS3iuhy2QC7e5qTmXlg11Ho62uYhz2q+5PBuLokGPfUMzG15fDUngK5gE9LxX8pN/lClFl9HvHrX/96xOxEQEmzyqbvltS+HuSmFlKCn3/tfcdmAoTau1S0vfC0v4VV5aohiOse/f3qCfXVautbtcqXU2+zKMkYWFmTIi+Juro67sIO8ctjI+rOf+vDvUAZ073gAug1/F+tg9ATFa1CNvGmpqaPigFzwayIeTkaEMEg7xP5965uBDSd3t7e7xr5c24919dLvkLAHPd8wqH0XUVAlbXPLvrbjsRS2VajqPx4vCprC7SSQk1/ij3TzAZ4h78Bj/7r5i+Gvr7bw+O+2PwF2b9kL5NNX/azUkfyMALgj/7ojx7avXv3Xq0vVjnjlOE7bj3X173gRZrEXN0RccQW2DinW01oeBxkoNjpeAJ6jTeNWdvWWU9rz+kvAauRGgR5kbA2wF4e/W2/OjyOm7oOtXWqkTLcd6fY/r5RM+6LZ0Wiftn4JdKXbDbyd7UkpaIHDx5cl68gMJcKkQpKiWbkhWb18B1ola4hhXvPhTZnAYIhNRhp1fzbxRY4AlwFLdPGrLIFikpHfD6ZDbAPsf09s+8k7gVK9q5jDvQa3h057Srbn+FnZbIB3dT9Ts7/5TjQNwJAbIG7d+9+c+q/m+7Xd2r4jhtYVl9tqy2wceES3X9mDDwL8IxFWQAjA3+mImK3VDAbYA8P7D4Gbftr6JqrKXvnFIsDCVc0/TG78YsYl+/kTGl9VBFQsqdGbIHDw8NJifS9fq5v5GHRkgWwxRYYjqjBSv1HDmILRJ5jcCBZYdoWKGLVbBFfvo5gzAa4g7dPnlabDw7hXmB1rRpqaIdew7sjY559PuT7nfP3T6/5mb7hI4qAkgkAsQXu3r37UYn0vX6urxctxWGRzOb/HRs6BNbNX2L4zx6YSCrgBoHZWgAztkArNlS7Ml3MBpQGafqDTHM3tu1vVSjmOdvf1A1eMtv55gSIlQ89E1DSvNEf/MEf/MdDhw4NKWJoU5C+AJ3VpWtuUze7W42UGT8rlyqPEeCjANn8jXYIlC+pFT0n7Ba/zAZYxyuZyP+dAdzotaqxWZ2sxG19LoV/cvbvxY0/N8VTTydARBFQ8oOjvXv33s5XifFN4YGLZpfmIioCKt5kPsOwdwLbFviPEyHLbYF6KWUdALMBpUGOtx4Fj/4rZ2OP+r2xdsJTtj/5HktHv2Ibf45CmV4UEVDyN+Ntt932Yk9Pz15Fzo5Ox7RFFqWaFtgy/zzLCoeGYtgFgf9tVN/6yRfTysjdjjoAZgOsZVPvALTtLzx7HrTtL9vv3yO2P/n+5jbrYjbuqRTL9CKIAFtCo76+vqtKOSfAjegZ9PLARRZbfKpr1Yka61wGfTFsW6DMCdBqCxRlb3Xa3knHC7MB+jmU2fjRbX+Jpg7oNXTbtL9CwYCc88t3SPdt0vBnnBYBtgiAb3/72/t7enre5KvlYwoNBpqOzAm4ycI5ARL9W80weBbgsdPasgBmbX8zgVAEy2yAdqTjH7LtTwr/kG1/0u/f7bY/SfXLd0Vrut8MTooA256iNWvWrBoeHk4o8tELWQ/fsWhaYHVTizoRsD4iPZa5s4MxXFvgiVR5th6gEHJmV6po3aljAGYD9CG2v18dA16fcESdrG2CXsO769xr+8t18ZNUv9lW3nqEg1MiwFYZuWPHjrv4ijGG2AJNdwisCKhAV+kKh45EsW2BxaYFliL6z6G15sMu8SkvG6f7kCMiTX+QaZ7TDX19X8lE/ksq3RnnScvvqV387Bb8TogAWwXAN7/5zYdoCzz7gdPDdXMa1dKIcWta3azZpmx/xRgXW2AMt3CqkC1Q1L6Vk/umo+fIxw7E4ojep9xuxPa359QE7PWFWtrxbX917rP95br4yQZslSiWIwQj2C0CbD9I6unp+QpfNR9vOnoxnAUIhmwpHNobTcPbAvcnK2Z8CZQ66kaE2YDJ+x9PqgeQp/1VBFRwFna/f7H9uanwr1AXP9Mba7nxrdVOEWC7ALj99tvf2rlz51Zu/0o1NuqvxBdb4FUd+lsqt8ydr8ZVmS2f60QUu/PXptNnn/NLcZwVTX+0vHAQYTbgjO0PufAvPKsL3vZ3e9g9Z/+5oT35mvWYxexRgogAOwp2HSklPXr06LW0BRpHdxYgHLHU9leMIzInANwW+E6s0rIvq1Zyg7BQ8Ws2QGx/0E1/bMremcEtqf9cF798Q3usQv5+s4g4KbUIcEQAiC1w165dm7mVGysOE1ugnjkBEv3bzfEodiHQpslpgfJCsOLLqunLVl4O/zz6MRtw77ZD0NfXMA/f9ve7VTHoNdTbxc8KMW0FpRYBjj1VN9xww3X9/f3eaBVlAj0NgaYifQG02AKrWtpLYvsrxlASu0Og2AKNzgkwSjgcds1z6ZdsgNj+kPv9S/ZuqLoeeg3vrx+FvbZcFz/ZSN0gwO0WAY6uSE9Pzz1+FwBGK8812QIrAird2e3YZzscTUHbAn82HlTxQEgR/2YD7t1+GPr6GuedB31936jB7fc/tYuf3ULW6p9XKhHgqAAQW+C+ffuOKh9jpkuc2AILzQkQ21/UwVsstsBTwLbA8czavBCrs/VnunEz9Wo2YNM+7H7/YvsbrMAVqGL7Qyz8k3S/XV383J4JcDwn0tvbu8bvkZaZ6vA78tUCBENqpGmW45/tw2hajQGnAX6TqFbvJ4O2/Ty3piG9lg0Q298jvz2Oe4EVAaUczN5pAa3f/9ShPVbb+vRmHtwiAhx/G4ktcPv27W/4WQAYbRohiC3w2jnnVvg3dOOkDpGbAwmb4/adzbupDsDL2YBHftsPbfur75rraPauGNlpf7U4rpZcFz8jQ3usJpEobe2TlSIA4gnr7+9fm/lA3hkcrVfsm3xo75g+J0AKh6oiMJ/vYGb/H0/gzgnYkwxmMwHEH9mA909NqGd7B3AvMBhSww3t0GuIUviXG9pjZRc/KzZoO36GFSIAQgCILXD79u1P+fWFWldn7hxabIFrp0wLrJu/BO4zHgafE/BKLKzG0vZ8HcxkfJgNMA90x78MDQuWQF/fqlBMXRJ0NquX6+JnxdAeq7HreqwQATA5phtvvPFWzgkwjtgCO6uDKtTeVdJ+/0YRW+BIHNcWeDJdoV6L13jqBWFnNgBp2FEhfnlsBN/2F6yFXsO7I84K2FJ38TOLZCPszDaYEQFQh0y9vb33+XUDN5tOzdoCP9Gpytpnw37GI7EU9JyAnydq1Yl06c8QI5GI555feemdOnUKPhvwN+DRP2L2biq3h8cds/3lhvaUuoufWewe/GVGBEAJALEF9vT07PWjALAiKry6I6I+UYX7xRjLfMTTwFmA8XSZeiEaUcQYNTU10NkAafcLbftr64TM3n2UnChLq2/U2N+7LdfFrxRDe7yCUREAV2Z66NChdX6cE1Bfb023r3uasFtyii0QeU7Au8mQLbZAr9QBuCUbILa/Z/adxF20ioAq68Ce9iepf7ttf27s4ufUc29EBMCtqtgCe3p63qSmM8ayYEpdG8buwz8cw76+F2KlzwJ4PZJBywY8sPsYtO2veT5+v//V1VHbfl5uaI/XmvmgiQDIJ27NmjWrhoeHE367eVa9LCULgDyX+1jiTESGSl8qUHJboFXDQpgNKI70+998ELi+uLpWnaxpgr6P3wrbk/p3exe/oSHnnzMRAVrXDlZy7tq167/4TQAYHQw0nUhm818bwdZPByawbYHPxyIltQWaaQHNbIA+HkEe9ZuhZT52v/+vZCL/Utv+ULr4mQXlqEKElBYRACsA1q1b9+d+swVaWT36nYaY6gzg7rBS5TECXhBYalugfEn9hBPZgFcykT+y7a+qsdmRaZ1akcK/b5W43z9SFz+zyOdAQAomtYgA6MqKvXv33u6nF6TVaeF7mqLQn3fvBLYtUFoEl9IWaGYGBLMBxZFjpkfBo//K2Qugr+/G2tJN+0Ps4ucltIgAaAFw2223vehXW6AVXF2TVJdWJaGvcQi8IPCJaOlmsctm6FfsyAZs6sWe9lc3ex607S/b778Etj8RvrIxIXbxMwtaj49iIgDeW9HX13eVn2yBkg6zkgdasLMAfTFsW6DMCSiVLdBPdQB2ZwMOZTZ+aNtfMKQSTR3Q9+fuOuttf7kufl4FMZNRSATACwCZE7Br167NfnkpWl1E0hVIq5si2Knm41H/ZgH8VgdgVzZAOv5B2/7mdqtxcNvf71ZZ11PELV38vCgACokAV3RXuOGGG67ziy3Q7GCgmfhOQxzaFihzAgZjuFHBmTkBpenPbpXzg9mAjxHb36+OAU8qDEfgbX9311mTlZFNR+4pu/hhigDXtFfasWPHXbyFxhBboIgAZI6gTwuMl2ZaoN19w92QDZBo0UwkJU1/kGmZOx/6+sT2t6TSfLyV6+KHOrTHatyQzZsuAlwjAGROgF9sgaWYs742Eoe2BY6LLTAWB76+sqwrwGr80hBI75pIFzgj2RGx/e05NQH72UIt7fC2Pzn7N7vx+7GLn9nRvE6IgHI3LXBPT89X/PAglapIBr0gcG80DW0LlL4AB1LWF+750Q5YDCmQlHoYPdkAsf09gDztryKgVGc39LqL7c/ocWFuaI9f2/e6KdOREwGuEgAyJ2DPnj3/4vUHqba2NOfNl1Ul1VU12BW4J6LYm+ELMetrNFCn57ktGyC2P+TCv7pZXSoK/MoV29/tBpr+TO3i56ahPVbjthoHEQGuu1sHDx78mtdtgaW0h6E3BzqS2f/HE7giRWyB/56ssvTvZB2A+WyA2P6gm/4EQ2qkqRN6ne+vH9X9Z2Tj90oXP9O3OBh03TW7TgCILfC999570usPU6nSwmILRC8IPBzFzlK8ELU2C8A6APPZgHu3HYK+9oZ5C6GvT2x/evr957r4cVqfu4W8K/M1N9544639/f2eNlCXcl689AVAtwUidwgUW+DmWFgRjGyA2P6Q+/2L7W+ouh56XbVG/17u4udHXHtg09PTc4+Xb0wpU2piC5SRwdhZgBS0LfDniVpLbYGlcH74JRtw7/bD0NfaOA972t83arT1+88N7SEz48ZMiGsFgNgC9+3bd9SrD1MpGgJN5bpwAnpOgNgCT4HbAq0sCPRz8ZSZbMALfcPQ/f5DbZ1qsAI3NSy2v2KFf7kufhzawwwAFL29vWv8NCfAau4ArwX4MJpWY8BpgN8kqi2bExAO80hBLzJD4h/2Avf7rwioso450Gsoo37zHQdKup9d/LQxNOTOFjWuFgBiC+zp6XnTqw/V4OBgSf9+sQVeG8busIzcHEgoRXMgoo3HPjgJbftrnNOtJoBfsYsDCfWN2om8Ub+k+/3Sxc/0RurSDJ7r8479/f1rvTonwI6H6o6GGHRB4MH4mQYvqIgtUDIBlogd1gFoX/eRqHruwCDuBQZDajDSCr2Gd0fOTf3nuvh5fWiP1bi1NsL1AkBsgT09PU978aGqry995bDYAtdGsPXT8Rj4nICYNXMCmGbVzt++fxz6+hoWLIG+vlWh2Fm2P7938fMrnqg8ElugX+YElIKbwOcEiC1wJI5tC5Q2waY3jYYGPowa+Kfjo+rfBoFdwGL7C9ZCr+HdkTM241wXP0n1sxDVOJFIhALASXp7e+/z4oNlR5vYM7ZA8A6BsRT0nACxBZ5IsxuaLdH/nn7o66ubjx393x4ez9r+cuf8jPrN49b184wAEFtgT0/PXq89WHbNi7+6JgltCxxLYTcHytoCo+ajgFI2gPICj+09qY4A2/7qZs9TI2UB2OuTfv/fqBn/qNMoN35/46mcT19f31VeswXa2V4SvTlQXyydtX6h8m4yZNoWyDqA/Mi9f3Y/cOFfRUDFmzqg1zBn+8u18eUkSmYAPMNkQaCnbIF29olfFkzB2wKHYujTAs1lAdx6lmgHUviHbPtrnr8Q2vYn/f5XV0fVqVOnPjrvZ2c/80gBJTMAIKxZs2aV12yBdqp0yQIg2wKPJ8rUKWBbYF8qYJktkHyM2P5ePXwKWKnXqpM1TeDR/3h2s5o6bZSTKM0j2RQKACB27dr1X7z0eeycFy8FgejTAvsmsG2Bz8cipmyBbo4oShn9I9MyH7vf/1cykb/Y/iTyn56ulh7/xDhubpbkSQGwbt26P/eSLdBue85acFugVHmMgM8JMGML5Lns2WzJRP7Itr9QS7s6EaiBvT7p9y9n/5L6nynlz2Mnc7i5bsezxs+9e/fe7pXPUurBQDPxQAt2WmtvNA1tC5QWwUZtgTU1NYqcwQ39/oOz5kKv4Y21E6oxdvqs1P85onpigg+bQWRIEgUAGLfddtuLO3fu3MrH0xgyJwDZFiicmMCOlJ+IGuvkWOhF7Tee2z+Ibfub1QVv+5NpfzOl/qdCO6Bx3FxH4enWT0ePHr3WK7ZAJ/rEo2cBjiQUtC1Q5gQYtQWyDkBlx/xC2/6CIZUAt/3dXXc6b+p/KlVVVdzJfYinBYDYAnft2rXZC5/FiXMmmRMgbYKROe7RLADrAFQ29Q9t+5vbrcbBbX+fSg9rzihJS2CiHzdnTzzf/PmGG264zgu2QKfOhcURgGwLHEqVqcEY7lHFmTkBta653yi8MzCGbfsLR+Btf3fXjWUr1LVuULW1tYowA+A5duzYcZfbP4NT58Jn5gRgdwg8Ek1gTwuM658W6Pc6APR+/43z8G1/XdEh3ZlDOy3HXmBoyN1mM18IAJkTsG/fvqNu/xxOpYWvCyfU0iBuKlZsd+i2QHEFuOV+O43Y/npGcOtPxPY3WIFb+CW2vz8uP27IPswCVGYAPElvb+8at38GJwfFoGcBxBY4BpwGkL4AB1L6Xq5+jMakqBO66U9FQKnObug1FM9/Q6WxV3sgEGD9iQ7c3ATIVwLg9ttvf2v79u1vuPkzOGk3EVvgVTXYtsBTUWyR8kKszjX32ynE9odc+Bee1aWiwK9Nsf1dkz5hqmjYrgmkXsDtw7vK/XSz+vv717rZFmjnYKCZswDYtsBDiTI1lsAVKWIL/PdklWvut92I7e8x5KY/wZAabeqEXsN7gv2mO4eyEZV23N5F0VcCQGyB77333pN8bI0htkD0OQFHJrANHy9E9WUB/JSORS/8a5i3EPr6xPZ3acia55/zAbTh9gZK5X67YTfeeOOt/f39ru2yMjjobGOUm8DnBIgtcCiKu2mKLXBzTHtBoF9atIrt7/XjwD70cEQNVddDr+GfBY5blpLmfAB/UO7HD93T03OPa29YubO3TGyBdzRgnxEejqWgbYE/T9RqtgU6fb/t4rs7j0FfX938xdDXd0volOoKWHsezfkAzAB4ErEFZkTAXjdee32981GI2AKR5wSI7Q65IFCuT2tBYDgc9vz3Eb3ff6itU42U4drjxPb39ZD12RPOByjyPfZAu+5yv968Q4cOrfPKnAAnuAO8FuDDGPacgN8kqg3PCfASbpj2V9YxB3oN76waVLXKekHO+QCFiUajrv8MvhUAYgvs6el5043XjuAPF1vgtWHsgrvTMWyRorU5kBODoOzisQ+w+/03zpmnJoBfk+eVx9TvVZauPwjnA+TH7T0AfC0ABLEFunFOAIpPV5oDIc8JEFvgqTi2LVAyAUW/pB6tAxDb33MHsKf9DUbaoNfwP1WXtlqf8wHy4/YeAL4XAGIL7Onpedpt143ypZSCwLURbP3Ujz4nIFZ8ToBX6wC+uwO7O3fDgiXQ1/fZwLi6qKL0hXqcD5BHHwbdf4RX7vebKLbAQ4cOuWqiA1K/7u80xOBtgchzAs5MC/Rf45V/Oj6q/m0Qt4iqqrFZDQVxo99wWUqtr7LntcX5ADPjhU6d5byNSu3du/d2t10zUoMY9A6BMicglsIVKWILPJERAoVwcg5EKUBv+lM5ez709X0tOKpmlduTfeN8AO9CAZDhtttue9FttkCktNzVNUloW6AwGMWeFvhCtHDjFS+cN+aQdr/Itr/w7HnQtr+OzMb/taC9haGcD3AuXrBJUgBM0tfXd5WbbIFohWHo0wIPxrFtge8mQwVtgV7pzCb34Nn9wIV/FQGVaOqAXkNp+iNHAHbC+QDMAHiayYJA19gC6+rqoK5nWTCVbROMzBC4LfCFmPfbr8qoX2TbX3P3Qmjb30WBaEltf4WgJdB7a0EBMIU1a9ascqMtEAUZFIRsCzwObgvsSwUK2gLdXgewZySqXj18CvcCwxF1srYJO/oPOjekh5bAj0kkvLFNUABMY8eOHXe55VrRGsSILRB9WmDfRBLaFvh8LJLXFuj2OgCJ/pFpntMNfX1fykT+FwecLbj1QvtbK/BCEyAKgBmQOQFusQUibghrwacFSpUHsi1QCgLz2QKrq6td+73akon8kW1/oZZ2dbKStj+/bHxefPdSAFhET0/PV9xwnaiFOQ+00BZoBmkRPJMt0K1+bDf0+w/Owu73f236pO2FfzMKJQ9437387qUAsACZE7Bz586t6NeJuiHInICrarBtgScmsI8qnojOPPXRjSlY9Gl/4Vld8La/W0LD6tQpjPqJ4eFh5XcqKiooALzM0aNHr3WDLRC1TSd6c6AjCWxboMwJmMkW6LaGLNLvH9r2FwzB2/7uDA1+FH0jTKDziiWVUADkRWyBu3bt2ox+nagNOroC+AWBx12YBXBb6lFS/8i2v4Z54La/iqj6XODjrI9UnyM0oPH7fAAvNAGiACjCDTfccF1/fz90zhX5TE76AiDbAmVOwGAM96jizJyAswvT3FQH8M7AGLztb6i6HnoN7606edaxj7TlRXD/+Hk+gJfaIlMAFKGnp+ce5OtDrgwXW+D6auzzwiPo0wLj504LdEsdAHq//8Z550Ff3x8ER7L9/qen/RGOAvw8H8BLczkoAIogtsB9+/Yd5UroR6wy10dSakklbpQttrtT0Rj09YkrYCpu6Msutr+eEdw6ELH9DVbgZs+k4r9Y0x+n09B+nQ/gJSskBYAGent71yBfH2pV7tDQGd/y3RHs88IPM++xMeA0gPQFOJCqPCsCREaKK6Gb/lQElOrsxg48Mpt/Mduf064Av84H8NJgLgoADYgtcPv27W/wgdTOxMTER61DLwnG1epqbFcAchZAeCH28ewH9IZAYvtDLvwT218U+NWnddpfVVWV4yLAj/MB5PiDAsBn9Pf3rz1y5AhkLruxsRHumqafUX6rbjwT0eBG2YcSZWosgXtUMd0WiHr+Kra/x5Cb/gRDarSpE/pd85+rBjT/XskGORkA+LExkJs7clIAGERsgZs2bfqPO3fu5GJoiP4lOplKZ0VK3Vg7AX3dRyawB3xMHRSEasP6p+PYEWHDgiXQ1/fZwLi6qELf98TJojSJhjkfwL2UecXPaBerV69+PfPLlVwJ/cRD1eqNr92rxutwJ651qZjqiIQxg9cDe1TLcw9C3+M981aonrnLMS8uHFFqwQXQ63fVM99VNSMn+bIwjhzVPpT5Z4hLUZChLVu2bA1wHXSzQQIdLoN+KqPj6sK3XlJv/3//AfYajyWUakqlVbAcr9K3uge+O7WadaIPVgBUzpqrkI1ri9/+n9z8zbE5s6ldy2XQDo8AdJJ5wCQD8DRXwhgdH25TzYd/C3t9iUBQHR3Aa11bMXxSVb/3G/j7Gzk9oJqHj+GtX1ObilfX4Yrj2LhasO1XfEEYR6xQ67gMFAB2ZQE4EcMgF/76Jejr6w+G4eYE1L21RZVPuKP96sqefwbb/QNKtc+GXrMLMt8JyZARwzyUCc6Y9qcAsCUL0KvOnDMRI1HiiYNqzvv/F/oajwFlAeTsv2b7b1xzf2smRtXiA9thrkea/iQrQ/w+eJf9mXfyBi4DBYCtilMePC6DwYjnrZeyaU9Uhqvq1MAYhmuh/hc/dN39XXBot6pMAJy4V9eqaPtc6LW68K0f8YVgjvVcAgoAu7MAQ3zwjCPpzvngZ5590aTjcwJq3vtnVXmsz333NxFTF3z4NkT0j4xE/s2HevhCMM4bmXfxK1wGCgAnRIA8eG9wJYyx5F//p6oeGYC9vkRFpeofcc7XXp4RSREXRv8fbW7H9qrIaeeOUirCERVtxBUAkgFbnPkOEEb/FAB8AH3JRb98Bvr6DqmgiqWcSQPUvv2aawr/8nHhXueyAOWzsFP/kgGj7c8UD4uXnctAAeBkFkAeQNoCDSLpT2RbYFYEDNpv+BDbX92vt7j//g4fUx0n7T/CCLS0Q9v+JPNF258p5Eu5gctAAYCSBaAt0CArf4GdBRiorLHdFljv4tT/dC748B17CwKDIZVu7YJekyX/+lPa/syxgbY/CgCULMAQ1ahxJA26YBt2c0U7swBi+6vqedc793diVM0/vNu2nxdqbIG2/UnGi7Y/U4jtjzZsCgAoEUBboAkWv/1TaFvg6VCt6rfJFtj406c8d3/FFlgdtWFojRT+odv+wBthuYB1XAIKAD6YHkLSoReAvxgPT5TeFlj79i9UxfAJ793fREwt2b/NlugfGYn8pfEPMcwbk+3YCQUAXBZAHkzaAj36ckwEKtXRodIdO4rtT1r+evb+Httb0jkBFfVN8LY/aYBFGGRRAPABJTOA3hXtaEVNyWyBUvXvdttfMUqWBagIqPK2TujPLrY/Fv6Z4r7JNuyEAgA2CyAP6MNcCWOILbBj33boazwwYH1BoNj+xPfv+fs7fCybCbCaQGMzvO1vCZv+mEG+dCz8owBwBRsUbYGGQa8FGA5abwts+OmT/rm/VtsCgyGV6FwA/ZnRG165gPW0/VEAuCULwDkBJhBb4OK3saOlA0Mjlv1dVb/dqkIH9vjm/kpBoJW2wGDrLOjPK7Y/9vs3xbbMO3Ujl4ECwE0iQB7YbVwJY0iXNOQ5ARPBanX0lDVzAupf+6Hv7q/UAlhiCwxHVKwZWwCgN7pyQ/TPJaAA4IPrI6RYSrqlIXMsUWbaFihV/160/WnBijkB6NG/NLhiv39TbKbtjwLArVkAeXA3cyWMkR2VCjwnQGyBh04az1KI7U98/35FZgSYsQVWNLWpWF0TroiVaX9v/5RfZOMMM4iiAGAWwMegV073B8NqzGAaQEb9et32VzwL8I7B3T+gVPts6M8mo35p+zPFQ7T9UQC4PQsgD/B9XAljSPEUet/0wwayAJXH+1TN9t/4/v5GTg+oBYfe1/3ngk2t0P3+paEVp/2ZQtqq0/ZHAeANJas4J8BcJAU8J2C4qk4Nj+ubExDxYeFf3vt7YJs+W2AwpGKzuqE/E3pDKxfAaX8UAJ7JAnBaoAmkiGo+eDR18HRUc0FgzXv/7CvbXzHEFigiQPP+3zEH+vNIIyva/kzxBm1/FABeEwHyQHNOgEGkFgDdFtg/UtwWmO33/+stvKHT0DwtUGx/Da3Qn+UCTvszC+umKAA8CbMAJrgQfJDKsYQqOidA2v361fZXjIv2FK+JqJyFPepXGljR9meKpzPB0lYuAwWAF7MAr8sDzpUwRseH28BtgUF1dGAw738/0+//F7yReRBLYCFbYKClHbrfv9SpsPDPFLT9UQD4IgvAOQFGswDg6VWxBeabEyBNf/xu+yvGyp5/zqOeAird2gV97ZL6p+3PFA+x8I8CwOtZgF5Fe4thztir/gn6Gg8Nnqvvggf20PangZqJUbX4wLnTIEOZ6B/Z9ieZKXS7Kjj7M+/GDVwGCgA/iAB50GkLNIh0V0O2BZ4O1aqBsbNtgfW/oO1PK1IQeJYtsLpWRduxz/456tc0TP1TAPCBJ8WRNOti8BduXzT5kS1QbH+Vx/p447Te30RMXfDh22dF/8hkW1bT9mcGsf29wmWgAPBTFkAeeNoCjUaJ236VPQ5AJVFRmbUFSse/CKN//Zvqsb3ZfyrCERVtxBUAkom64C3a/kyyjkvgDAEugeNZgHe5DMb4zCvfVzuvWKNOdC1W42BDYUScBAaPqOY3X2Thn0GkIDAUrlODVUF1snMR3MYvrhT2+zfNw+z37xxl6XSaq+Agq1ev3pj5ZS1XghDiM6RatpuV/87BIwCMLABtgYQQv8F+/xQA/oZzAgghPkRsf7RDUwCQyS8CbYGEEL+wjktAAUD4hSCE+IvNk23RCQUAmcwCyBeCtkBCiNdhDxQKAMIsACHEZ9xH2x8FAJk5CyBfjIe5EoQQDyJuJxb+UQCQAmxQtAUSQrzHetr+KABI4SyAfEF4RkYI8RLbMu+2jVwGCgBSXATIF2UbV4IQ4pXon0tAAUD4hSGE+IunafujACD6sgDyhdnMlSCEuBipZ9rAZaAAIMwCEEL8xUO0/VEAEGNZAPni3MeVIIS4EGlvTtsfBQAxo6AV5wQQQtwHp/1RABCTWQBOCySEuI03aPujACDWiAD5InFOACHELbB+iQKAWAizAIQQNyC2v61cBgoAYl0W4HX5YnElCCHADDP6pwAgpWG94pwAQgguD7HwjwKAlCYLIF8s2moIIYjsz7yjNnAZKABI6USAfMFoCySEoMHUPwUA4ReNEOIzxPb3CpeBAoCUPgsgXzTaAgkhKKzjElAAEGYBCCH+4mH2+6cAIPZmAcRn+zBXghDiIJz2RwFAHGKDoi2QEOLgO4i2PwoA4kwWgHMCCCFOsS3zDqItmQKAOCgCOC2QEOIErEOiACAArOMSEEJsZPNke3JCAUAczgLIF5G2QEIIo39CAcAsACGElIT7aPujACBYWQD5Qt7HlSCElBBxHbHwjwKAAPKQoi2QEFI61tP2RwFAMLMA8sXk2RwhpBRIv/+NXAYKAIIrAuQLuo0rQQixmA1cAgoAgg+zAIQQK3matj8KAOKOLIB8UTdzJQghFsB+/xQAxIVZABYEEkLM8hBtfxQAxF1ZAPnC0q5DCDHDfr5HKACIS5W74pwAQohxaPujACAuzQJwWiAhxChi+3uFy0ABQNwrAjYqzgkghBiI/rkEFADE/TALQAjRg9j+tnIZKACI+7MAr8sXmitBCNHAMKN/CgDiLWgLJIRo4SEW/lEAEG9lAeQLTTsPIaQQ+zPvig1cBgoA4j0RIF9s2gIJIflYxyWgACDehWd7hJCZeIP9/ikAiLezAOLrpS2QEMLonwKAMAtACPE5D7PfPwUA8UcWQPy9D3MlCCGK0/4oAIjv2KBoCySEZN4FtP1RABB/ZQE4J4AQsi3zLqA9mAKA+FAEcFogIf6G9UAUAMTHrOMSEOJLNtP2RwFA/J0FkBcAbYGEMPonFACEWQBCiMe5j7Y/QgFA1OSL4D6uBCG+QNw/LPwjFADkIx5StAUS4gfW0/ZHKADI1CyAvBB4JkiIt5F+/xu5DIQCgEwXAfJi2MaVIMSzbOASEAoAkg9mAQjxJk/T9kcoAEihLIC8IJ7mShDiKdjvn1AAEE1sUCwIJMRLPETbH6EAIFqyAPKioE2IEG+wP/OdZvRPKACI9ohBsSCQEC/Auh5CAUB0ZQHEFrhKsR6AENdG/pl/rst8l1/hUpCZKEun01wFQgghhBkAQgghhFAAEEIIIYQCgBBCCCEUAIQQQgihACCEEEIIBQAhhBBCKAAIIYQQQgFACCGEEAoAQgghhFAAEEIIIYQCgBBCCCEUAIQQQgihACCEEEIIBQAhhBBCKAAIIYQQQgFACCGEUABwCQghhBAKAEIIIYRQABBCCCGEAoAQQgghFACEEEIIoQAghBBCCAUAIYQQQigACCGEEEIBQAghhBAKAEIIIYRQABBCCCGEAoAQQgghFACEEEIIoQAghBBCCAUAIYQQQigACCGEEEIBQAghhBAKAEIIIYQCgBBCCCEUAIQQQgihACCEEEIIBQAhhBBCKAAIIYQQQgFACCGEEAoAQgghhFAAEEIIIYQCgBBCCCEUAIQQQgihACCEEEIIBQAhhBBCKAAIIYQQop//J8AAA9VhqqoIvUQAAAAASUVORK5CYII= + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - config.openshift.io + resources: + - ingresses + verbs: + - get + serviceAccountName: keycloak-operator + deployments: + - name: keycloak-operator + spec: + replicas: 1 + selector: + matchLabels: + name: keycloak-operator + template: + metadata: + labels: + name: keycloak-operator + spec: + containers: + - env: + - name: RELATED_IMAGE_KEYCLOAK + value: quay.io/keycloak/keycloak:25.0.5 + - name: QUARKUS_OPERATOR_SDK_CONTROLLERS_KEYCLOAKREALMIMPORTCONTROLLER_NAMESPACES + valueFrom: + fieldRef: + fieldPath: "metadata.annotations['olm.targetNamespaces']" + - name: QUARKUS_OPERATOR_SDK_CONTROLLERS_KEYCLOAKCONTROLLER_NAMESPACES + valueFrom: + fieldRef: + fieldPath: "metadata.annotations['olm.targetNamespaces']" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: keycloak-operator + image: quay.io/keycloak/keycloak-operator:25.0.5 + imagePullPolicy: Always + name: keycloak-operator + resources: {} + serviceAccountName: keycloak-operator + strategy: {} + permissions: + - rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + - services + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - k8s.keycloak.org + resources: + - keycloakrealmimports + - keycloakrealmimports/status + - keycloakrealmimports/finalizers + verbs: + - get + - list + - watch + - patch + - update + - create + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - patch + - update + - delete + - create + - apiGroups: + - k8s.keycloak.org + resources: + - keycloaks + - keycloaks/status + - keycloaks/finalizers + verbs: + - get + - list + - watch + - patch + - update + - create + - delete + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - patch + - update + - delete + - create + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - patch + - update + - delete + - create + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - patch + - update + - delete + - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - delete + - create + - patch + serviceAccountName: keycloak-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - Keycloak + - Identity + - Access + links: + - name: Documentation + url: https://www.keycloak.org/guides#operator + - name: Keycloak + url: https://www.keycloak.org/ + - name: Keycloak Discourse + url: https://keycloak.discourse.group/ + maintainers: + - email: keycloak-dev@googlegroups.com + name: Keycloak DEV mailing list + maturity: stable + nativeAPIs: + - kind: Secret + group: "" + version: v1 + - kind: Secret + group: "" + version: v1 + - kind: Service + group: "" + version: v1 + - kind: Service + group: "" + version: v1 + - kind: StatefulSet + group: apps + version: v1 + - kind: Ingress + group: networking.k8s.io + version: v1 + provider: + name: Red Hat + replaces: keycloak-operator.v25.0.4 + version: 25.0.5 + apiservicedefinitions: {} diff --git a/operators/keycloak-operator/25.0.5/manifests/keycloakrealmimports.k8s.keycloak.org-v1.crd.yml b/operators/keycloak-operator/25.0.5/manifests/keycloakrealmimports.k8s.keycloak.org-v1.crd.yml new file mode 100644 index 00000000000..d698101d041 --- /dev/null +++ b/operators/keycloak-operator/25.0.5/manifests/keycloakrealmimports.k8s.keycloak.org-v1.crd.yml @@ -0,0 +1,3151 @@ +# Generated by Fabric8 CRDGenerator, manual edits might get overwritten! +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloakrealmimports.k8s.keycloak.org +spec: + group: k8s.keycloak.org + names: + kind: KeycloakRealmImport + plural: keycloakrealmimports + singular: keycloakrealmimport + scope: Namespaced + versions: + - name: v2alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + keycloakCRName: + description: "The name of the Keycloak CR to reference, in the same\ + \ namespace." + type: string + realm: + description: The RealmRepresentation to import into Keycloak. + properties: + accessCodeLifespan: + type: integer + accessCodeLifespanLogin: + type: integer + accessCodeLifespanUserAction: + type: integer + accessTokenLifespan: + type: integer + accessTokenLifespanForImplicitFlow: + type: integer + accountTheme: + type: string + actionTokenGeneratedByAdminLifespan: + type: integer + actionTokenGeneratedByUserLifespan: + type: integer + adminEventsDetailsEnabled: + type: boolean + adminEventsEnabled: + type: boolean + adminTheme: + type: string + applicationScopeMappings: + additionalProperties: + items: + properties: + client: + type: string + clientScope: + type: string + clientTemplate: + type: string + roles: + items: + type: string + type: array + self: + type: string + type: object + type: array + type: object + applications: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + adminUrl: + type: string + alwaysDisplayInConsole: + type: boolean + attributes: + additionalProperties: + type: string + type: object + authenticationFlowBindingOverrides: + additionalProperties: + type: string + type: object + authorizationServicesEnabled: + type: boolean + authorizationSettings: + properties: + allowRemoteResourceManagement: + type: boolean + clientId: + type: string + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + id: + type: string + name: + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + description: + type: string + id: + type: string + logic: + enum: + - NEGATIVE + - POSITIVE + type: string + name: + type: string + owner: + type: string + policies: + items: + type: string + type: array + resources: + items: + type: string + type: array + resourcesData: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + type: string + type: array + scopesData: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + type: object + type: array + policyEnforcementMode: + enum: + - DISABLED + - ENFORCING + - PERMISSIVE + type: string + resources: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: object + baseUrl: + type: string + bearerOnly: + type: boolean + claims: + properties: + address: + type: boolean + email: + type: boolean + gender: + type: boolean + locale: + type: boolean + name: + type: boolean + phone: + type: boolean + picture: + type: boolean + profile: + type: boolean + username: + type: boolean + website: + type: boolean + type: object + clientAuthenticatorType: + type: string + clientId: + type: string + clientTemplate: + type: string + consentRequired: + type: boolean + defaultClientScopes: + items: + type: string + type: array + defaultRoles: + items: + type: string + type: array + description: + type: string + directAccessGrantsEnabled: + type: boolean + directGrantsOnly: + type: boolean + enabled: + type: boolean + frontchannelLogout: + type: boolean + fullScopeAllowed: + type: boolean + id: + type: string + implicitFlowEnabled: + type: boolean + name: + type: string + nodeReRegistrationTimeout: + type: integer + notBefore: + type: integer + optionalClientScopes: + items: + type: string + type: array + origin: + type: string + protocol: + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array + publicClient: + type: boolean + redirectUris: + items: + type: string + type: array + registeredNodes: + additionalProperties: + type: integer + type: object + registrationAccessToken: + type: string + rootUrl: + type: string + secret: + type: string + serviceAccountsEnabled: + type: boolean + standardFlowEnabled: + type: boolean + surrogateAuthRequired: + type: boolean + type: + type: string + useTemplateConfig: + type: boolean + useTemplateMappers: + type: boolean + useTemplateScope: + type: boolean + webOrigins: + items: + type: string + type: array + type: object + type: array + attributes: + additionalProperties: + type: string + type: object + authenticationFlows: + items: + properties: + alias: + type: string + authenticationExecutions: + items: + properties: + authenticator: + type: string + authenticatorConfig: + type: string + authenticatorFlow: + type: boolean + autheticatorFlow: + type: boolean + flowAlias: + type: string + priority: + type: integer + requirement: + type: string + userSetupAllowed: + type: boolean + type: object + type: array + builtIn: + type: boolean + description: + type: string + id: + type: string + providerId: + type: string + topLevel: + type: boolean + type: object + type: array + authenticatorConfig: + items: + properties: + alias: + type: string + config: + additionalProperties: + type: string + type: object + id: + type: string + type: object + type: array + browserFlow: + type: string + browserSecurityHeaders: + additionalProperties: + type: string + type: object + bruteForceProtected: + type: boolean + certificate: + type: string + clientAuthenticationFlow: + type: string + clientOfflineSessionIdleTimeout: + type: integer + clientOfflineSessionMaxLifespan: + type: integer + clientPolicies: + x-kubernetes-preserve-unknown-fields: true + clientProfiles: + x-kubernetes-preserve-unknown-fields: true + clientScopeMappings: + additionalProperties: + items: + properties: + client: + type: string + clientScope: + type: string + clientTemplate: + type: string + roles: + items: + type: string + type: array + self: + type: string + type: object + type: array + type: object + clientScopes: + items: + properties: + attributes: + additionalProperties: + type: string + type: object + description: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array + type: object + type: array + clientSessionIdleTimeout: + type: integer + clientSessionMaxLifespan: + type: integer + clientTemplates: + items: + properties: + attributes: + additionalProperties: + type: string + type: object + bearerOnly: + type: boolean + consentRequired: + type: boolean + description: + type: string + directAccessGrantsEnabled: + type: boolean + frontchannelLogout: + type: boolean + fullScopeAllowed: + type: boolean + id: + type: string + implicitFlowEnabled: + type: boolean + name: + type: string + protocol: + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array + publicClient: + type: boolean + serviceAccountsEnabled: + type: boolean + standardFlowEnabled: + type: boolean + type: object + type: array + clients: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + adminUrl: + type: string + alwaysDisplayInConsole: + type: boolean + attributes: + additionalProperties: + type: string + type: object + authenticationFlowBindingOverrides: + additionalProperties: + type: string + type: object + authorizationServicesEnabled: + type: boolean + authorizationSettings: + properties: + allowRemoteResourceManagement: + type: boolean + clientId: + type: string + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + id: + type: string + name: + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + description: + type: string + id: + type: string + logic: + enum: + - NEGATIVE + - POSITIVE + type: string + name: + type: string + owner: + type: string + policies: + items: + type: string + type: array + resources: + items: + type: string + type: array + resourcesData: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + type: string + type: array + scopesData: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + type: object + type: array + policyEnforcementMode: + enum: + - DISABLED + - ENFORCING + - PERMISSIVE + type: string + resources: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: object + baseUrl: + type: string + bearerOnly: + type: boolean + clientAuthenticatorType: + type: string + clientId: + type: string + clientTemplate: + type: string + consentRequired: + type: boolean + defaultClientScopes: + items: + type: string + type: array + defaultRoles: + items: + type: string + type: array + description: + type: string + directAccessGrantsEnabled: + type: boolean + directGrantsOnly: + type: boolean + enabled: + type: boolean + frontchannelLogout: + type: boolean + fullScopeAllowed: + type: boolean + id: + type: string + implicitFlowEnabled: + type: boolean + name: + type: string + nodeReRegistrationTimeout: + type: integer + notBefore: + type: integer + optionalClientScopes: + items: + type: string + type: array + origin: + type: string + protocol: + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array + publicClient: + type: boolean + redirectUris: + items: + type: string + type: array + registeredNodes: + additionalProperties: + type: integer + type: object + registrationAccessToken: + type: string + rootUrl: + type: string + secret: + type: string + serviceAccountsEnabled: + type: boolean + standardFlowEnabled: + type: boolean + surrogateAuthRequired: + type: boolean + type: + type: string + useTemplateConfig: + type: boolean + useTemplateMappers: + type: boolean + useTemplateScope: + type: boolean + webOrigins: + items: + type: string + type: array + type: object + type: array + codeSecret: + type: string + components: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subComponents: + additionalProperties: + items: + properties: + config: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + providerId: + type: string + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + subType: + type: string + type: object + type: array + type: object + defaultDefaultClientScopes: + items: + type: string + type: array + defaultGroups: + items: + type: string + type: array + defaultLocale: + type: string + defaultOptionalClientScopes: + items: + type: string + type: array + defaultRole: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRole: + type: boolean + composite: + type: boolean + composites: + properties: + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + realm: + items: + type: string + type: array + type: object + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + scopeParamRequired: + type: boolean + type: object + defaultRoles: + items: + type: string + type: array + defaultSignatureAlgorithm: + type: string + directGrantFlow: + type: string + displayName: + type: string + displayNameHtml: + type: string + dockerAuthenticationFlow: + type: string + duplicateEmailsAllowed: + type: boolean + editUsernameAllowed: + type: boolean + emailTheme: + type: string + enabled: + type: boolean + enabledEventTypes: + items: + type: string + type: array + eventsEnabled: + type: boolean + eventsExpiration: + type: integer + eventsListeners: + items: + type: string + type: array + failureFactor: + type: integer + federatedUsers: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientConsents: + items: + properties: + clientId: + type: string + createdDate: + type: integer + grantedClientScopes: + items: + type: string + type: array + grantedRealmRoles: + items: + type: string + type: array + lastUpdatedDate: + type: integer + type: object + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + createdTimestamp: + type: integer + credentials: + items: + properties: + algorithm: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + counter: + type: integer + createdDate: + type: integer + credentialData: + type: string + device: + type: string + digits: + type: integer + hashIterations: + type: integer + hashedSaltedValue: + type: string + id: + type: string + period: + type: integer + priority: + type: integer + salt: + type: string + secretData: + type: string + temporary: + type: boolean + type: + type: string + userLabel: + type: string + value: + type: string + type: object + type: array + disableableCredentialTypes: + items: + type: string + type: array + email: + type: string + emailVerified: + type: boolean + enabled: + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + type: string + userId: + type: string + userName: + type: string + type: object + type: array + federationLink: + type: string + firstName: + type: string + groups: + items: + type: string + type: array + id: + type: string + lastName: + type: string + notBefore: + type: integer + origin: + type: string + realmRoles: + items: + type: string + type: array + requiredActions: + items: + type: string + type: array + self: + type: string + serviceAccountClientId: + type: string + socialLinks: + items: + properties: + socialProvider: + type: string + socialUserId: + type: string + socialUsername: + type: string + type: object + type: array + totp: + type: boolean + userProfileMetadata: + properties: + attributes: + items: + properties: + annotations: + additionalProperties: + type: object + type: object + displayName: + type: string + group: + type: string + multivalued: + type: boolean + name: + type: string + readOnly: + type: boolean + required: + type: boolean + validators: + additionalProperties: + additionalProperties: + type: object + type: object + type: object + type: object + type: array + groups: + items: + properties: + annotations: + additionalProperties: + type: object + type: object + displayDescription: + type: string + displayHeader: + type: string + name: + type: string + type: object + type: array + type: object + username: + type: string + type: object + type: array + firstBrokerLoginFlow: + type: string + groups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + subGroups: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + id: + type: string + name: + type: string + parentId: + type: string + path: + type: string + realmRoles: + items: + type: string + type: array + subGroupCount: + type: integer + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + type: object + type: array + id: + type: string + identityProviderMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + id: + type: string + identityProviderAlias: + type: string + identityProviderMapper: + type: string + name: + type: string + type: object + type: array + identityProviders: + items: + properties: + addReadTokenRoleOnCreate: + type: boolean + alias: + type: string + authenticateByDefault: + type: boolean + config: + additionalProperties: + type: string + type: object + displayName: + type: string + enabled: + type: boolean + firstBrokerLoginFlowAlias: + type: string + internalId: + type: string + linkOnly: + type: boolean + postBrokerLoginFlowAlias: + type: string + providerId: + type: string + storeToken: + type: boolean + trustEmail: + type: boolean + updateProfileFirstLoginMode: + type: string + type: object + type: array + internationalizationEnabled: + type: boolean + keycloakVersion: + type: string + localizationTexts: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + loginTheme: + type: string + loginWithEmailAllowed: + type: boolean + maxDeltaTimeSeconds: + type: integer + maxFailureWaitSeconds: + type: integer + maxTemporaryLockouts: + type: integer + minimumQuickLoginWaitSeconds: + type: integer + notBefore: + type: integer + oauth2DeviceCodeLifespan: + type: integer + oauth2DevicePollingInterval: + type: integer + oauthClients: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + adminUrl: + type: string + alwaysDisplayInConsole: + type: boolean + attributes: + additionalProperties: + type: string + type: object + authenticationFlowBindingOverrides: + additionalProperties: + type: string + type: object + authorizationServicesEnabled: + type: boolean + authorizationSettings: + properties: + allowRemoteResourceManagement: + type: boolean + clientId: + type: string + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + id: + type: string + name: + type: string + policies: + items: + properties: + config: + additionalProperties: + type: string + type: object + decisionStrategy: + enum: + - AFFIRMATIVE + - CONSENSUS + - UNANIMOUS + type: string + description: + type: string + id: + type: string + logic: + enum: + - NEGATIVE + - POSITIVE + type: string + name: + type: string + owner: + type: string + policies: + items: + type: string + type: array + resources: + items: + type: string + type: array + resourcesData: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + type: string + type: array + scopesData: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + type: object + type: array + policyEnforcementMode: + enum: + - DISABLED + - ENFORCING + - PERMISSIVE + type: string + resources: + items: + properties: + _id: + type: string + attributes: + additionalProperties: + items: + type: string + type: array + type: object + displayName: + type: string + icon_uri: + type: string + name: + type: string + owner: + properties: + id: + type: string + name: + type: string + type: object + ownerManagedAccess: + type: boolean + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: + type: string + uris: + items: + type: string + type: array + type: object + type: array + scopes: + items: + properties: + displayName: + type: string + iconUri: + type: string + id: + type: string + name: + type: string + type: object + type: array + type: object + baseUrl: + type: string + bearerOnly: + type: boolean + claims: + properties: + address: + type: boolean + email: + type: boolean + gender: + type: boolean + locale: + type: boolean + name: + type: boolean + phone: + type: boolean + picture: + type: boolean + profile: + type: boolean + username: + type: boolean + website: + type: boolean + type: object + clientAuthenticatorType: + type: string + clientId: + type: string + clientTemplate: + type: string + consentRequired: + type: boolean + defaultClientScopes: + items: + type: string + type: array + defaultRoles: + items: + type: string + type: array + description: + type: string + directAccessGrantsEnabled: + type: boolean + directGrantsOnly: + type: boolean + enabled: + type: boolean + frontchannelLogout: + type: boolean + fullScopeAllowed: + type: boolean + id: + type: string + implicitFlowEnabled: + type: boolean + name: + type: string + nodeReRegistrationTimeout: + type: integer + notBefore: + type: integer + optionalClientScopes: + items: + type: string + type: array + origin: + type: string + protocol: + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array + publicClient: + type: boolean + redirectUris: + items: + type: string + type: array + registeredNodes: + additionalProperties: + type: integer + type: object + registrationAccessToken: + type: string + rootUrl: + type: string + secret: + type: string + serviceAccountsEnabled: + type: boolean + standardFlowEnabled: + type: boolean + surrogateAuthRequired: + type: boolean + type: + type: string + useTemplateConfig: + type: boolean + useTemplateMappers: + type: boolean + useTemplateScope: + type: boolean + webOrigins: + items: + type: string + type: array + type: object + type: array + offlineSessionIdleTimeout: + type: integer + offlineSessionMaxLifespan: + type: integer + offlineSessionMaxLifespanEnabled: + type: boolean + organizations: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + description: + type: string + domains: + items: + properties: + name: + type: string + verified: + type: boolean + type: object + type: array + enabled: + type: boolean + id: + type: string + identityProviders: + items: + properties: + addReadTokenRoleOnCreate: + type: boolean + alias: + type: string + authenticateByDefault: + type: boolean + config: + additionalProperties: + type: string + type: object + displayName: + type: string + enabled: + type: boolean + firstBrokerLoginFlowAlias: + type: string + internalId: + type: string + linkOnly: + type: boolean + postBrokerLoginFlowAlias: + type: string + providerId: + type: string + storeToken: + type: boolean + trustEmail: + type: boolean + updateProfileFirstLoginMode: + type: string + type: object + type: array + members: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientConsents: + items: + properties: + clientId: + type: string + createdDate: + type: integer + grantedClientScopes: + items: + type: string + type: array + grantedRealmRoles: + items: + type: string + type: array + lastUpdatedDate: + type: integer + type: object + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + createdTimestamp: + type: integer + credentials: + items: + properties: + algorithm: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + counter: + type: integer + createdDate: + type: integer + credentialData: + type: string + device: + type: string + digits: + type: integer + hashIterations: + type: integer + hashedSaltedValue: + type: string + id: + type: string + period: + type: integer + priority: + type: integer + salt: + type: string + secretData: + type: string + temporary: + type: boolean + type: + type: string + userLabel: + type: string + value: + type: string + type: object + type: array + disableableCredentialTypes: + items: + type: string + type: array + email: + type: string + emailVerified: + type: boolean + enabled: + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + type: string + userId: + type: string + userName: + type: string + type: object + type: array + federationLink: + type: string + firstName: + type: string + groups: + items: + type: string + type: array + id: + type: string + lastName: + type: string + notBefore: + type: integer + origin: + type: string + realmRoles: + items: + type: string + type: array + requiredActions: + items: + type: string + type: array + self: + type: string + serviceAccountClientId: + type: string + socialLinks: + items: + properties: + socialProvider: + type: string + socialUserId: + type: string + socialUsername: + type: string + type: object + type: array + totp: + type: boolean + userProfileMetadata: + properties: + attributes: + items: + properties: + annotations: + additionalProperties: + type: object + type: object + displayName: + type: string + group: + type: string + multivalued: + type: boolean + name: + type: string + readOnly: + type: boolean + required: + type: boolean + validators: + additionalProperties: + additionalProperties: + type: object + type: object + type: object + type: object + type: array + groups: + items: + properties: + annotations: + additionalProperties: + type: object + type: object + displayDescription: + type: string + displayHeader: + type: string + name: + type: string + type: object + type: array + type: object + username: + type: string + type: object + type: array + name: + type: string + type: object + type: array + organizationsEnabled: + type: boolean + otpPolicyAlgorithm: + type: string + otpPolicyCodeReusable: + type: boolean + otpPolicyDigits: + type: integer + otpPolicyInitialCounter: + type: integer + otpPolicyLookAheadWindow: + type: integer + otpPolicyPeriod: + type: integer + otpPolicyType: + type: string + otpSupportedApplications: + items: + type: string + type: array + passwordCredentialGrantAllowed: + type: boolean + passwordPolicy: + type: string + permanentLockout: + type: boolean + privateKey: + type: string + protocolMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + consentRequired: + type: boolean + consentText: + type: string + id: + type: string + name: + type: string + protocol: + type: string + protocolMapper: + type: string + type: object + type: array + publicKey: + type: string + quickLoginCheckMilliSeconds: + type: integer + realm: + type: string + realmCacheEnabled: + type: boolean + refreshTokenMaxReuse: + type: integer + registrationAllowed: + type: boolean + registrationEmailAsUsername: + type: boolean + registrationFlow: + type: string + rememberMe: + type: boolean + requiredActions: + items: + properties: + alias: + type: string + config: + additionalProperties: + type: string + type: object + defaultAction: + type: boolean + enabled: + type: boolean + name: + type: string + priority: + type: integer + providerId: + type: string + type: object + type: array + requiredCredentials: + items: + type: string + type: array + resetCredentialsFlow: + type: string + resetPasswordAllowed: + type: boolean + revokeRefreshToken: + type: boolean + roles: + properties: + application: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRole: + type: boolean + composite: + type: boolean + composites: + properties: + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + realm: + items: + type: string + type: array + type: object + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + scopeParamRequired: + type: boolean + type: object + type: array + type: object + client: + additionalProperties: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRole: + type: boolean + composite: + type: boolean + composites: + properties: + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + realm: + items: + type: string + type: array + type: object + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + scopeParamRequired: + type: boolean + type: object + type: array + type: object + realm: + items: + properties: + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientRole: + type: boolean + composite: + type: boolean + composites: + properties: + application: + additionalProperties: + items: + type: string + type: array + type: object + client: + additionalProperties: + items: + type: string + type: array + type: object + realm: + items: + type: string + type: array + type: object + containerId: + type: string + description: + type: string + id: + type: string + name: + type: string + scopeParamRequired: + type: boolean + type: object + type: array + type: object + scopeMappings: + items: + properties: + client: + type: string + clientScope: + type: string + clientTemplate: + type: string + roles: + items: + type: string + type: array + self: + type: string + type: object + type: array + smtpServer: + additionalProperties: + type: string + type: object + social: + type: boolean + socialProviders: + additionalProperties: + type: string + type: object + sslRequired: + type: string + ssoSessionIdleTimeout: + type: integer + ssoSessionIdleTimeoutRememberMe: + type: integer + ssoSessionMaxLifespan: + type: integer + ssoSessionMaxLifespanRememberMe: + type: integer + supportedLocales: + items: + type: string + type: array + updateProfileOnInitialSocialLogin: + type: boolean + userCacheEnabled: + type: boolean + userFederationMappers: + items: + properties: + config: + additionalProperties: + type: string + type: object + federationMapperType: + type: string + federationProviderDisplayName: + type: string + id: + type: string + name: + type: string + type: object + type: array + userFederationProviders: + items: + properties: + changedSyncPeriod: + type: integer + config: + additionalProperties: + type: string + type: object + displayName: + type: string + fullSyncPeriod: + type: integer + id: + type: string + lastSync: + type: integer + priority: + type: integer + providerName: + type: string + type: object + type: array + userManagedAccessAllowed: + type: boolean + users: + items: + properties: + access: + additionalProperties: + type: boolean + type: object + applicationRoles: + additionalProperties: + items: + type: string + type: array + type: object + attributes: + additionalProperties: + items: + type: string + type: array + type: object + clientConsents: + items: + properties: + clientId: + type: string + createdDate: + type: integer + grantedClientScopes: + items: + type: string + type: array + grantedRealmRoles: + items: + type: string + type: array + lastUpdatedDate: + type: integer + type: object + type: array + clientRoles: + additionalProperties: + items: + type: string + type: array + type: object + createdTimestamp: + type: integer + credentials: + items: + properties: + algorithm: + type: string + config: + additionalProperties: + items: + type: string + type: array + type: object + counter: + type: integer + createdDate: + type: integer + credentialData: + type: string + device: + type: string + digits: + type: integer + hashIterations: + type: integer + hashedSaltedValue: + type: string + id: + type: string + period: + type: integer + priority: + type: integer + salt: + type: string + secretData: + type: string + temporary: + type: boolean + type: + type: string + userLabel: + type: string + value: + type: string + type: object + type: array + disableableCredentialTypes: + items: + type: string + type: array + email: + type: string + emailVerified: + type: boolean + enabled: + type: boolean + federatedIdentities: + items: + properties: + identityProvider: + type: string + userId: + type: string + userName: + type: string + type: object + type: array + federationLink: + type: string + firstName: + type: string + groups: + items: + type: string + type: array + id: + type: string + lastName: + type: string + notBefore: + type: integer + origin: + type: string + realmRoles: + items: + type: string + type: array + requiredActions: + items: + type: string + type: array + self: + type: string + serviceAccountClientId: + type: string + socialLinks: + items: + properties: + socialProvider: + type: string + socialUserId: + type: string + socialUsername: + type: string + type: object + type: array + totp: + type: boolean + userProfileMetadata: + properties: + attributes: + items: + properties: + annotations: + additionalProperties: + type: object + type: object + displayName: + type: string + group: + type: string + multivalued: + type: boolean + name: + type: string + readOnly: + type: boolean + required: + type: boolean + validators: + additionalProperties: + additionalProperties: + type: object + type: object + type: object + type: object + type: array + groups: + items: + properties: + annotations: + additionalProperties: + type: object + type: object + displayDescription: + type: string + displayHeader: + type: string + name: + type: string + type: object + type: array + type: object + username: + type: string + type: object + type: array + verifyEmail: + type: boolean + waitIncrementSeconds: + type: integer + webAuthnPolicyAcceptableAaguids: + items: + type: string + type: array + webAuthnPolicyAttestationConveyancePreference: + type: string + webAuthnPolicyAuthenticatorAttachment: + type: string + webAuthnPolicyAvoidSameAuthenticatorRegister: + type: boolean + webAuthnPolicyCreateTimeout: + type: integer + webAuthnPolicyExtraOrigins: + items: + type: string + type: array + webAuthnPolicyPasswordlessAcceptableAaguids: + items: + type: string + type: array + webAuthnPolicyPasswordlessAttestationConveyancePreference: + type: string + webAuthnPolicyPasswordlessAuthenticatorAttachment: + type: string + webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: + type: boolean + webAuthnPolicyPasswordlessCreateTimeout: + type: integer + webAuthnPolicyPasswordlessExtraOrigins: + items: + type: string + type: array + webAuthnPolicyPasswordlessRequireResidentKey: + type: string + webAuthnPolicyPasswordlessRpEntityName: + type: string + webAuthnPolicyPasswordlessRpId: + type: string + webAuthnPolicyPasswordlessSignatureAlgorithms: + items: + type: string + type: array + webAuthnPolicyPasswordlessUserVerificationRequirement: + type: string + webAuthnPolicyRequireResidentKey: + type: string + webAuthnPolicyRpEntityName: + type: string + webAuthnPolicyRpId: + type: string + webAuthnPolicySignatureAlgorithms: + items: + type: string + type: array + webAuthnPolicyUserVerificationRequirement: + type: string + type: object + resources: + description: "Compute Resources required by Keycloak container. If\ + \ not specified, the value is inherited from the Keycloak CR." + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + required: + - keycloakCRName + - realm + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + message: + type: string + observedGeneration: + type: integer + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/keycloak-operator/25.0.5/manifests/keycloaks.k8s.keycloak.org-v1.crd.yml b/operators/keycloak-operator/25.0.5/manifests/keycloaks.k8s.keycloak.org-v1.crd.yml new file mode 100644 index 00000000000..8e6ae1e905d --- /dev/null +++ b/operators/keycloak-operator/25.0.5/manifests/keycloaks.k8s.keycloak.org-v1.crd.yml @@ -0,0 +1,3210 @@ +# Generated by Fabric8 CRDGenerator, manual edits might get overwritten! +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: keycloaks.k8s.keycloak.org +spec: + group: k8s.keycloak.org + names: + kind: Keycloak + plural: keycloaks + shortNames: + - kc + singular: keycloak + scope: Namespaced + versions: + - name: v2alpha1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + additionalOptions: + description: |- + Configuration of the Keycloak server. + expressed as a keys (reference: https://www.keycloak.org/server/all-config) and values that can be either direct values or references to secrets. + items: + properties: + name: + type: string + secret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + value: + type: string + type: object + type: array + cache: + description: In this section you can configure Keycloak's cache + properties: + configMapFile: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + type: object + db: + description: In this section you can find all properties related to + connect to a database. + properties: + database: + description: "Sets the database name of the default JDBC URL of\ + \ the chosen vendor. If the `url` option is set, this option\ + \ is ignored." + type: string + host: + description: "Sets the hostname of the default JDBC URL of the\ + \ chosen vendor. If the `url` option is set, this option is\ + \ ignored." + type: string + passwordSecret: + description: The reference to a secret holding the password of + the database user. + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + poolInitialSize: + description: The initial size of the connection pool. + type: integer + poolMaxSize: + description: The maximum size of the connection pool. + type: integer + poolMinSize: + description: The minimal size of the connection pool. + type: integer + port: + description: "Sets the port of the default JDBC URL of the chosen\ + \ vendor. If the `url` option is set, this option is ignored." + type: integer + schema: + description: The database schema to be used. + type: string + url: + description: "The full database JDBC URL. If not provided, a default\ + \ URL is set based on the selected database vendor. For instance,\ + \ if using 'postgres', the default JDBC URL would be 'jdbc:postgresql://localhost/keycloak'. " + type: string + usernameSecret: + description: The reference to a secret holding the username of + the database user. + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + vendor: + description: The database vendor. + type: string + type: object + features: + description: "In this section you can configure Keycloak features,\ + \ which should be enabled/disabled." + properties: + disabled: + description: Disabled Keycloak features + items: + type: string + type: array + enabled: + description: Enabled Keycloak features + items: + type: string + type: array + type: object + hostname: + description: In this section you can configure Keycloak hostname and + related properties. + properties: + admin: + description: The hostname for accessing the administration console. + Applicable for Hostname v1 and v2. + type: string + adminUrl: + description: "DEPRECATED. Sets the base URL for accessing the\ + \ administration console, including scheme, host, port and path.\ + \ Applicable for Hostname v1." + type: string + backchannelDynamic: + description: "Enables dynamic resolving of backchannel URLs, including\ + \ hostname, scheme, port and context path. Set to true if your\ + \ application accesses Keycloak via a private network. Applicable\ + \ for Hostname v2." + type: boolean + hostname: + description: Hostname for the Keycloak server. Applicable for + Hostname v1 and v2. + type: string + strict: + description: Disables dynamically resolving the hostname from + request headers. Applicable for Hostname v1 and v2. + type: boolean + strictBackchannel: + description: DEPRECATED. By default backchannel URLs are dynamically + resolved from request headers to allow internal and external + applications. Applicable for Hostname v1. + type: boolean + type: object + http: + description: In this section you can configure Keycloak features related + to HTTP and HTTPS + properties: + httpEnabled: + description: Enables the HTTP listener. + type: boolean + httpPort: + description: The used HTTP port. + type: integer + httpsPort: + description: The used HTTPS port. + type: integer + tlsSecret: + description: "A secret containing the TLS configuration for HTTPS.\ + \ Reference: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets." + type: string + type: object + httpManagement: + description: In this section you can configure Keycloak's management + interface setting. + properties: + port: + description: Port of the management interface. + type: integer + type: object + image: + description: Custom Keycloak image to be used. + type: string + imagePullSecrets: + description: Secret(s) that might be used when pulling an image from + a private container image registry or repository. + items: + properties: + name: + type: string + type: object + type: array + ingress: + description: |- + The deployment is, by default, exposed through a basic ingress. + You can change this behaviour by setting the enabled property to false. + properties: + annotations: + additionalProperties: + type: string + description: Additional annotations to be appended to the Ingress + object + type: object + className: + type: string + enabled: + type: boolean + type: object + instances: + description: Number of Keycloak instances in HA mode. Default is 1. + type: integer + proxy: + description: In this section you can configure Keycloak's reverse + proxy setting + properties: + headers: + description: The proxy headers that should be accepted by the + server. Misconfiguration might leave the server exposed to security + vulnerabilities. + type: string + type: object + resources: + description: Compute Resources required by Keycloak container + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + startOptimized: + description: Set to force the behavior of the --optimized flag for + the start command. If left unspecified the operator will assume + custom images have already been augmented. + type: boolean + transaction: + description: In this section you can find all properties related to + the settings of transaction behavior. + properties: + xaEnabled: + description: Determine whether Keycloak should use a non-XA datasource + in case the database does not support XA transactions. + type: boolean + type: object + truststores: + additionalProperties: + properties: + name: + description: Not used. To be removed in later versions. + type: string + secret: + properties: + name: + type: string + optional: + type: boolean + required: + - name + type: object + required: + - secret + type: object + description: In this section you can configure Keycloak truststores. + type: object + unsupported: + description: |- + In this section you can configure podTemplate advanced features, not production-ready, and not supported settings. + Use at your own risk and open an issue with your use-case if you don't find an alternative way. + properties: + podTemplate: + description: |- + You can configure that will be merged with the one configured by default by the operator. + Use at your own risk, we reserve the possibility to remove/change the way any field gets merged in future releases without notice. + Reference: https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + creationTimestamp: + type: string + deletionGracePeriodSeconds: + type: integer + deletionTimestamp: + type: string + finalizers: + items: + type: string + type: array + generateName: + type: string + generation: + type: integer + labels: + additionalProperties: + type: string + type: object + managedFields: + items: + properties: + apiVersion: + type: string + fieldsType: + type: string + fieldsV1: + type: object + manager: + type: string + operation: + type: string + subresource: + type: string + time: + type: string + type: object + type: array + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + type: object + type: array + resourceVersion: + type: string + selfLink: + type: string + uid: + type: string + type: object + spec: + properties: + activeDeadlineSeconds: + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + type: object + weight: + type: integer + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + type: object + type: array + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + matchLabelKeys: + items: + type: string + type: array + mismatchLabelKeys: + items: + type: string + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + type: object + weight: + type: integer + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + matchLabelKeys: + items: + type: string + type: array + mismatchLabelKeys: + items: + type: string + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + matchLabelKeys: + items: + type: string + type: array + mismatchLabelKeys: + items: + type: string + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + type: object + weight: + type: integer + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + matchLabelKeys: + items: + type: string + type: array + mismatchLabelKeys: + items: + type: string + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + type: string + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + type: object + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + type: string + hostPort: + type: integer + name: + type: string + protocol: + type: string + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + type: object + type: array + resources: + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + type: object + type: array + workingDir: + type: string + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + type: string + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + type: object + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + type: string + hostPort: + type: integer + name: + type: string + protocol: + type: string + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + type: object + type: array + resources: + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + type: object + type: array + workingDir: + type: string + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + type: string + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + type: object + type: object + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + sleep: + properties: + seconds: + type: integer + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + type: integer + hostIP: + type: string + hostPort: + type: integer + name: + type: string + protocol: + type: string + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + type: object + type: array + resources: + properties: + claims: + items: + properties: + name: + type: string + type: object + type: array + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + type: integer + grpc: + properties: + port: + type: integer + service: + type: string + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + type: integer + periodSeconds: + type: integer + successThreshold: + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + type: integer + timeoutSeconds: + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + type: object + type: array + workingDir: + type: string + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + os: + properties: + name: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + type: object + type: array + resourceClaims: + items: + properties: + name: + type: string + source: + properties: + resourceClaimName: + type: string + resourceClaimTemplateName: + type: string + type: object + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + schedulingGates: + items: + properties: + name: + type: string + type: object + type: array + securityContext: + properties: + fsGroup: + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + type: integer + runAsNonRoot: + type: boolean + runAsUser: + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + type: object + supplementalGroups: + items: + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + matchLabelKeys: + items: + type: string + type: array + maxSkew: + type: integer + minDomains: + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + type: integer + readOnly: + type: boolean + volumeID: + type: string + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + type: object + configMap: + properties: + defaultMode: + type: integer + items: + items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + type: object + downwardAPI: + properties: + defaultMode: + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + type: object + mode: + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + type: string + type: object + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + creationTimestamp: + type: string + deletionGracePeriodSeconds: + type: integer + deletionTimestamp: + type: string + finalizers: + items: + type: string + type: array + generateName: + type: string + generation: + type: integer + labels: + additionalProperties: + type: string + type: object + managedFields: + items: + properties: + apiVersion: + type: string + fieldsType: + type: string + fieldsV1: + type: object + manager: + type: string + operation: + type: string + subresource: + type: string + time: + type: string + type: object + type: array + name: + type: string + namespace: + type: string + ownerReferences: + items: + properties: + apiVersion: + type: string + blockOwnerDeletion: + type: boolean + controller: + type: boolean + kind: + type: string + name: + type: string + uid: + type: string + type: object + type: array + resourceVersion: + type: string + selfLink: + type: string + uid: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + type: integer + pdName: + type: string + readOnly: + type: boolean + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + type: object + hostPath: + properties: + path: + type: string + type: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + type: object + projected: + properties: + defaultMode: + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + type: object + mode: + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + type: string + type: object + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + type: integer + path: + type: string + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + type: object + secret: + properties: + defaultMode: + type: integer + items: + items: + properties: + key: + type: string + mode: + type: integer + path: + type: string + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + type: object + type: object + type: array + type: object + type: object + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + message: + type: string + observedGeneration: + type: integer + status: + type: string + type: + type: string + type: object + type: array + instances: + type: integer + observedGeneration: + type: integer + selector: + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.instances + statusReplicasPath: .status.instances + status: {} diff --git a/operators/keycloak-operator/25.0.5/metadata/annotations.yaml b/operators/keycloak-operator/25.0.5/metadata/annotations.yaml new file mode 100644 index 00000000000..69bf396d8e8 --- /dev/null +++ b/operators/keycloak-operator/25.0.5/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: fast + operators.operatorframework.io.bundle.channels.v1: fast + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: keycloak-operator + operators.operatorframework.io.metrics.builder: qosdk-bundle-generator/6.6.7+c4db039 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: quarkus.javaoperatorsdk.io/v1-alpha diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoapps.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoapps.yaml new file mode 100644 index 00000000000..eccd4903473 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoapps.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberoapps.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoApp + listKind: KuberoAppList + plural: kuberoapps + singular: kuberoapp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoApp is the Schema for the kuberoapps API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoApp + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoApp + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberobuilds.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberobuilds.yaml new file mode 100644 index 00000000000..149ce798637 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberobuilds.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberobuilds.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoBuild + listKind: KuberoBuildList + plural: kuberobuilds + singular: kuberobuild + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoBuild is the Schema for the kuberobuilds API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoBuild + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoBuild + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberocouchdbs.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberocouchdbs.yaml new file mode 100644 index 00000000000..891d8539e9b --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberocouchdbs.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberocouchdbs.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoCouchDB + listKind: KuberoCouchDBList + plural: kuberocouchdbs + singular: kuberocouchdb + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoCouchDB is the Schema for the kuberocouchdbs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoCouchDB + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoCouchDB + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoelasticsearches.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoelasticsearches.yaml new file mode 100644 index 00000000000..09907f99b5c --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoelasticsearches.yaml @@ -0,0 +1,51 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberoelasticsearches.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoElasticsearch + listKind: KuberoElasticsearchList + plural: kuberoelasticsearches + singular: kuberoelasticsearch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoElasticsearch is the Schema for the kuberoelasticsearches + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoElasticsearch + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoElasticsearch + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoes.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoes.yaml new file mode 100644 index 00000000000..2e7c8dd6dd7 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoes.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberoes.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: Kubero + listKind: KuberoList + plural: kuberoes + singular: kubero + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Kubero is the Schema for the kuberoes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Kubero + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of Kubero + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberokafkas.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberokafkas.yaml new file mode 100644 index 00000000000..39d604bf313 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberokafkas.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberokafkas.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoKafka + listKind: KuberoKafkaList + plural: kuberokafkas + singular: kuberokafka + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoKafka is the Schema for the kuberokafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoKafka + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoKafka + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomails.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomails.yaml new file mode 100644 index 00000000000..31874da9f00 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomails.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberomails.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoMail + listKind: KuberoMailList + plural: kuberomails + singular: kuberomail + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoMail is the Schema for the kuberomails API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoMail + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoMail + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomemcacheds.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomemcacheds.yaml new file mode 100644 index 00000000000..76d214a3cd4 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomemcacheds.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberomemcacheds.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoMemcached + listKind: KuberoMemcachedList + plural: kuberomemcacheds + singular: kuberomemcached + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoMemcached is the Schema for the kuberomemcacheds API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoMemcached + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoMemcached + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomongodbs.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomongodbs.yaml new file mode 100644 index 00000000000..b882ed1b034 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomongodbs.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberomongodbs.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoMongoDB + listKind: KuberoMongoDBList + plural: kuberomongodbs + singular: kuberomongodb + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoMongoDB is the Schema for the kuberomongodbs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoMongoDB + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoMongoDB + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomysqls.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomysqls.yaml new file mode 100644 index 00000000000..bae74c7529e --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberomysqls.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberomysqls.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoMysql + listKind: KuberoMysqlList + plural: kuberomysqls + singular: kuberomysql + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoMysql is the Schema for the kuberomysqls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoMysql + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoMysql + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberopipelines.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberopipelines.yaml new file mode 100644 index 00000000000..a84a796fb15 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberopipelines.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberopipelines.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoPipeline + listKind: KuberoPipelineList + plural: kuberopipelines + singular: kuberopipeline + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoPipeline is the Schema for the kuberopipelines API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoPipeline + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoPipeline + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberopostgresqls.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberopostgresqls.yaml new file mode 100644 index 00000000000..20423be40c8 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberopostgresqls.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberopostgresqls.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoPostgresql + listKind: KuberoPostgresqlList + plural: kuberopostgresqls + singular: kuberopostgresql + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoPostgresql is the Schema for the kuberopostgresqls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoPostgresql + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoPostgresql + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoprometheuses.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoprometheuses.yaml new file mode 100644 index 00000000000..79759ed978e --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoprometheuses.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberoprometheuses.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoPrometheus + listKind: KuberoPrometheusList + plural: kuberoprometheuses + singular: kuberoprometheus + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoPrometheus is the Schema for the kuberoprometheuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoPrometheus + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoPrometheus + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberorabbitmqs.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberorabbitmqs.yaml new file mode 100644 index 00000000000..10bbbf6026e --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberorabbitmqs.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberorabbitmqs.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoRabbitMQ + listKind: KuberoRabbitMQList + plural: kuberorabbitmqs + singular: kuberorabbitmq + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoRabbitMQ is the Schema for the kuberorabbitmqs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoRabbitMQ + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoRabbitMQ + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoredis.yaml b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoredis.yaml new file mode 100644 index 00000000000..8150877cb79 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/application.kubero.dev_kuberoredis.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: kuberoredis.application.kubero.dev +spec: + group: application.kubero.dev + names: + kind: KuberoRedis + listKind: KuberoRedisList + plural: kuberoredis + singular: kuberoredis + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KuberoRedis is the Schema for the kuberoredis API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of KuberoRedis + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of KuberoRedis + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/kubero-operator/0.1.3/manifests/kubero-operator-controller-manager-metrics-service_v1_service.yaml b/operators/kubero-operator/0.1.3/manifests/kubero-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..7e1fc9358d1 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/kubero-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: kubero-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/kubero-operator/0.1.3/manifests/kubero-operator-manager-config_v1_configmap.yaml b/operators/kubero-operator/0.1.3/manifests/kubero-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..131f184eba4 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/kubero-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + + leaderElection: + leaderElect: true + resourceName: 811c9dc5.kubero.dev +kind: ConfigMap +metadata: + name: kubero-operator-manager-config diff --git a/operators/kubero-operator/0.1.3/manifests/kubero-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/kubero-operator/0.1.3/manifests/kubero-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..b62340c079f --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/kubero-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: kubero-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/kubero-operator/0.1.3/manifests/kubero-operator.clusterserviceversion.yaml b/operators/kubero-operator/0.1.3/manifests/kubero-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..82b5eb17977 --- /dev/null +++ b/operators/kubero-operator/0.1.3/manifests/kubero-operator.clusterserviceversion.yaml @@ -0,0 +1,2130 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "Kubero", + "metadata": { + "name": "kubero" + }, + "spec": { + "affinity": {}, + "fullnameOverride": "", + "image": { + "pullPolicy": "Always", + "repository": "ghcr.io/kubero-dev/kubero/kubero", + "tag": "latest" + }, + "imagePullSecrets": [], + "ingress": { + "annotations": {}, + "className": "", + "enabled": true, + "hosts": [ + { + "host": "kubero.lacolhost.com", + "paths": [ + { + "path": "/", + "pathType": "ImplementationSpecific" + } + ] + } + ], + "tls": [] + }, + "kubero": { + "auditLogs": { + "accessModes": [ + "ReadWriteOnce" + ], + "enabled": false, + "limit": 1000, + "size": "0.1Gi", + "storageClassName": null + }, + "auth": { + "github": { + "callbackUrl": "", + "enabled": false, + "id": "", + "org": "", + "secret": "" + }, + "oauth2": { + "authUrl": "", + "callbackUrl": "", + "enabled": false, + "id": "", + "name": "", + "scopes": "", + "secret": "", + "tokenUrl": "" + } + }, + "config": { + "buildpacks": [ + { + "build": { + "command": "npm install", + "repository": "node", + "securityContext": { + "runAsUser": 1000 + }, + "tag": "latest" + }, + "fetch": { + "repository": "ghcr.io/kubero-dev/fetch", + "securityContext": { + "runAsUser": 1000 + }, + "tag": "v1" + }, + "language": "JavaScript", + "name": "NodeJS", + "run": { + "command": "node index.js", + "repository": "node", + "tag": "latest" + } + }, + { + "build": { + "command": "composer install; chown -R 1000:1000 /app", + "repository": "composer", + "tag": "latest" + }, + "fetch": { + "repository": "ghcr.io/kubero-dev/fetch", + "securityContext": { + "runAsUser": 1000 + }, + "tag": "v1" + }, + "language": "PHP", + "name": "PHP", + "run": { + "command": "apache2-foreground", + "readOnlyAppStorage": false, + "repository": "webdevops/php-apache", + "securityContext": { + "allowPrivilegeEscalation": true, + "readOnlyRootFilesystem": false + }, + "tag": "8.1" + } + }, + { + "build": { + "command": "python3 -m venv .venv \u0026\u0026 . .venv/bin/activate \u0026\u0026 pip install -r requirements.txt", + "repository": "python", + "tag": "3.10-buster" + }, + "fetch": { + "repository": "ghcr.io/kubero-dev/fetch", + "securityContext": { + "runAsUser": 1000 + }, + "tag": "v1" + }, + "language": "Python", + "name": "Python", + "run": { + "command": ". .venv/bin/activate \u0026\u0026 python3 main.py", + "repository": "python", + "tag": "3.10-buster" + } + }, + { + "build": { + "command": "go mod download \u0026\u0026 go mod verify \u0026\u0026 go build -v -o app", + "repository": "golang", + "tag": "alpine" + }, + "fetch": { + "repository": "ghcr.io/kubero-dev/fetch", + "securityContext": { + "runAsUser": 1000 + }, + "tag": "v1" + }, + "language": "GoLang", + "name": "GoLang", + "run": { + "command": "./app", + "repository": "golang", + "tag": "alpine" + } + }, + { + "build": { + "command": "hugo -D", + "repository": "klakegg/hugo", + "tag": "latest" + }, + "fetch": { + "repository": "ghcr.io/kubero-dev/fetch", + "securityContext": { + "runAsUser": 1000 + }, + "tag": "v1" + }, + "language": "GoLang", + "name": "Hugo", + "run": { + "command": "caddy file-server --listen :8080 --root /app/public", + "repository": "caddy", + "tag": "latest" + } + }, + { + "build": { + "command": "export GEM_HOME=/app/bundle; bundle install --jobs=4 --retry=3", + "repository": "ruby", + "tag": "2.7" + }, + "fetch": { + "repository": "ghcr.io/kubero-dev/fetch", + "securityContext": { + "runAsUser": 1000 + }, + "tag": "v1" + }, + "language": "Ruby", + "name": "Ruby", + "run": { + "command": "export GEM_HOME=/app/bundle; bundle exec ruby main.rb", + "repository": "ruby", + "tag": "2.7" + } + }, + { + "build": { + "command": "echo 'Buildpack not required'", + "repository": "busybox", + "tag": "latest" + }, + "fetch": { + "repository": "ghcr.io/kubero-dev/fetch", + "securityContext": { + "runAsUser": 1000 + }, + "tag": "v1" + }, + "language": "HTML", + "name": "Static", + "run": { + "command": "caddy file-server --listen :8080 --root /app", + "repository": "caddy", + "tag": "latest" + } + } + ], + "clusterissuer": "letsencrypt-prod", + "kubero": { + "admin": { + "disabled": false + }, + "banner": { + "bgcolor": "#8560A9", + "fontcolor": "azure", + "message": "Welcome to Kubero!", + "show": false + }, + "console": { + "enabled": false + }, + "readonly": false + }, + "notifications": [], + "podSizeList": [ + { + "default": true, + "description": "Small (CPU: 0.25, Memory: 0.5Gi)", + "name": "small", + "resources": { + "limits": { + "cpu": "500m", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "memory": "0.5Gi" + } + } + }, + { + "description": "Medium (CPU: 1, Memory: 2Gi)", + "name": "medium", + "resources": { + "limits": { + "cpu": "2000m", + "memory": "4Gi" + }, + "requests": { + "cpu": "1000m", + "memory": "2Gi" + } + } + }, + { + "active": false, + "description": "Large (CPU: 2, Memory: 4Gi)", + "name": "large", + "resources": { + "limits": { + "cpu": "2000m", + "memory": "4Gi" + }, + "requests": { + "cpu": "2000m", + "memory": "4Gi" + } + } + } + ], + "templates": { + "catalogs": [ + { + "description": "Kubero templates", + "index": { + "format": "json", + "url": "https://raw.githubusercontent.com/kubero-dev/templates/main/index.json" + }, + "name": "Kubero", + "templateBasePath": "https://raw.githubusercontent.com/kubero-dev/kubero/main/services/" + }, + { + "description": "Kubero templates", + "index": { + "format": "json", + "url": "https://raw.githubusercontent.com/kubero-dev/templates/main/index-frameworks.json" + }, + "name": "Kubero Frameworks", + "templateBasePath": "https://raw.githubusercontent.com/kubero-dev/kubero/main/services/" + } + ], + "enabled": true + } + }, + "context": "inClusterContext", + "debug": "", + "namespace": "kubero", + "sessionKey": "randomString", + "webhook_url": "https://kubero.example.com/api/repo/webhooks" + }, + "nameOverride": "", + "nodeSelector": {}, + "podAnnotations": {}, + "podSecurityContext": {}, + "prometheus": { + "enabled": false, + "endpoint": "http://kubero-prometheus-server" + }, + "registry": { + "account": { + "hash": "$2y$05$czQZpvtDYc5OzM/1r1pH0eAplT/okohh/mXoWl/Y65ZP/8/jnSWZq", + "password": "kubero", + "username": "kubero" + }, + "create": false, + "enabled": false, + "host": "registry.demo.kubero.dev", + "port": 443, + "public": true, + "storage": "1Gi", + "storageClassName": null + }, + "replicaCount": 1, + "resources": {}, + "securityContext": {}, + "service": { + "port": 2000, + "type": "ClusterIP" + }, + "serviceAccount": { + "annotations": {}, + "create": true, + "name": "" + }, + "tolerations": [] + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoApp", + "metadata": { + "name": "kuberoapp" + }, + "spec": { + "addons": [ + { + "env": [], + "id": "mongodb-operator", + "kind": "MongoDB", + "resourceDefinitions": { + "MongoDB": { + "apiVersion": "opstreelabs.in/v1alpha1", + "kind": "MongoDB", + "metadata": { + "name": "mongodbinstanceasdf" + }, + "spec": { + "kubernetesConfig": { + "image": "quay.io/opstree/mongo:v5.0.6", + "imagePullPolicy": "IfNotPresent", + "securityContext": { + "fsGroup": 1001 + } + }, + "mongoDBSecurity": { + "mongoDBAdminUser": "admin", + "secretRef": { + "key": "password", + "name": "mongodb-secret" + } + }, + "storage": { + "accessModes": [ + "ReadWriteOnce" + ], + "storageClass": "standard", + "storageSize": "1Gi" + } + } + }, + "mongodbSecret": { + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "annotations": { + "meta.helm.sh/release-name": "test", + "meta.helm.sh/release-namespace": "kubero-dev" + }, + "labels": { + "app.kubernetes.io/managed-by": "Kubero" + }, + "name": "mongodb-secret" + }, + "stringData": { + "password": "test" + }, + "type": "Opaque" + } + }, + "version": { + "installed": "0.3.0" + } + } + ], + "affinity": {}, + "autodeploy": false, + "autoscaling": { + "enabled": false, + "maxReplicas": 100, + "minReplicas": 1, + "targetCPUUtilizationPercentage": 80 + }, + "branch": "master", + "buildstrategy": "dockerfile", + "cronjobs": [ + { + "command": [ + "/bin/sh", + "-c", + "date; echo Hello from the Kubernetes cluster" + ], + "env": [], + "image": "busybox:1.28", + "name": "cronjob-sample", + "restartPolicy": "OnFailure", + "schedule": "* */6 * * *" + } + ], + "deploymentstrategy": "git", + "envVars": [ + { + "name": "EXAMPLE", + "value": "foo" + }, + { + "name": "BAR", + "value": 3000 + } + ], + "extraVolumes": [], + "fullnameOverride": "", + "gitrepo": { + "admin": false, + "clone_url": "https://github.com/foo/bar.git", + "ssh_url": "git@github.com:foo/bar.git" + }, + "image": { + "build": { + "command": "npm install", + "repository": "node", + "securityContext": { + "readOnlyRootFilesystem": false + }, + "tag": "latest" + }, + "containerPort": 8080, + "fetch": { + "repository": "ghcr.io/kubero-dev/buildpacks/fetch", + "securityContext": { + "readOnlyRootFilesystem": false + }, + "tag": "main" + }, + "pullPolicy": "Always", + "repository": "ghcr.io/kubero-dev/docker-images/node", + "run": { + "command": "node index.js", + "readOnlyAppStorage": true, + "repository": "node", + "securityContext": { + "readOnlyRootFilesystem": true + }, + "tag": "latest" + }, + "tag": "main" + }, + "imagePullSecrets": [], + "ingress": { + "annotations": {}, + "className": "", + "enabled": false, + "hosts": [ + { + "host": "chart-example.local", + "paths": [ + { + "path": "/", + "pathType": "ImplementationSpecific" + } + ] + } + ], + "tls": [] + }, + "name": "kuberoapp", + "nameOverride": "", + "nodeSelector": {}, + "phase": "production", + "pipeline": "kuberopipeline", + "podAnnotations": {}, + "podSecurityContext": {}, + "podsize": { + "default": true, + "description": "Small (CPU: 0.25, Memory: 0.5Gi)", + "name": "small", + "resources": { + "limits": { + "cpu": "500m", + "memory": "1Gi" + }, + "requests": { + "cpu": "250m", + "memory": "0.5Gi" + } + } + }, + "ref": "refs/heads/dummy-pr", + "replicaCount": 1, + "resources": {}, + "securityContext": {}, + "service": { + "port": 80, + "type": "ClusterIP" + }, + "serviceAccount": { + "annotations": {}, + "create": true, + "name": "" + }, + "sleep": "disabled", + "tolerations": [], + "web": { + "autoscaling": { + "maxReplicas": 100, + "minReplicas": 1, + "targetCPUUtilizationPercentage": 80, + "targetMemoryUtilizationPercentage": 80 + }, + "replicaCount": 1 + }, + "worker": { + "autoscaling": { + "maxReplicas": 100, + "minReplicas": 1, + "targetCPUUtilizationPercentage": 80, + "targetMemoryUtilizationPercentage": 80 + }, + "replicaCount": 1 + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoBuild", + "metadata": { + "name": "kuberobuild-sample" + }, + "spec": { + "app": "example", + "buildpack": { + "builder": "gcr.io/paketo-buildpacks/builder:base", + "serviceAccount": "kpack-sa" + }, + "buildstrategy": "nixpack", + "dockerfile": { + "fetcher": "ghcr.io/kubero-dev/buildpacks/fetch:latest", + "path": "Dockerfile", + "pusher": "quay.io/containers/buildah:v1.29" + }, + "git": { + "revision": "main", + "url": "git@github.com:kubero-dev/template-nodeapp.git" + }, + "nixpack": { + "builder": "ghcr.io/kubero-dev/buildpacks/build:latest", + "fetcher": "ghcr.io/kubero-dev/buildpacks/fetch:latest", + "path": ".nixpacks/Dockerfile", + "pusher": "quay.io/containers/buildah:v1.29" + }, + "pipeline": "test", + "podSecurityContext": { + "fsGroup": 1000 + }, + "repository": { + "host": "registry.local.kubero.net", + "image": "/kapck/example", + "push": "kubero-registry.kubero.svc:5000", + "tag": "latest" + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoCouchDB", + "metadata": { + "name": "kuberocouchdb-sample" + }, + "spec": { + "couchdb": { + "adminHash": "-pbkdf2-this_is_not_necessarily_secure_either", + "adminPassword": "this_is_not_secure", + "adminUsername": "admin", + "autoSetup": { + "enabled": false + }, + "clusterSize": 3, + "cookieAuthSecret": "neither_is_this", + "couchdbConfig": { + "couchdb": { + "uuid": "randomstring" + } + }, + "enableSearch": false, + "persistentVolume": { + "enabled": true, + "size": "10Gi", + "storageClass": "standard" + } + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoElasticsearch", + "metadata": { + "name": "kuberoelasticsearch-sample" + }, + "spec": { + "elasticsearch": { + "data": { + "persistence": { + "size": "8Gi" + }, + "replicaCount": 2 + }, + "global": { + "storageClass": "" + }, + "ingest": { + "enabled": true, + "replicaCount": 2 + }, + "master": { + "persistence": { + "size": "8Gi" + }, + "replicaCount": 2 + }, + "security": { + "elasticPassword": "", + "tls": { + "verificationMode": "none" + } + } + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoKafka", + "metadata": { + "name": "kuberokafka-sample" + }, + "spec": { + "kafka": { + "global": { + "storageClass": "" + }, + "persistence": { + "size": "8Gi" + } + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoMail", + "metadata": { + "name": "kuberomail-sample" + }, + "spec": { + "haraka": { + "haraka": { + "env": [ + { + "name": "HARAKA_HOSTLIST", + "value": "localhost,localhost.kubero.dev" + }, + { + "name": "HARAKA_ME", + "value": "mynameisnobody" + }, + { + "name": "HARAKA_PLUGINS", + "value": "helo.checks,mail_from.is_resolvable,rcpt_to.in_host_list,headers,relay_all" + }, + { + "name": "HARAKA_HELO_CHECKS_CHECK", + "value": "mynameisnobody" + }, + { + "name": "HARAKA_HELO_CHECKS_REJECT", + "value": "host_mismatch=false,big_company=false,rdns_match=false" + }, + { + "name": "HARAKA_HELO_CHECKS_SKIP", + "value": "private_ip=false,relaying=true" + }, + { + "name": "HARAKA_LOG_LEVEL", + "value": "debug" + }, + { + "name": "HARAKA_LOG_TIMESTAMP", + "value": false + }, + { + "name": "HARAKA_LOG_FORMAT", + "value": "info" + } + ] + }, + "replicaCount": 1, + "service": { + "port": 8025, + "type": "ClusterIP" + } + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoMemcached", + "metadata": { + "name": "kuberomemcached-sample" + }, + "spec": { + "affinity": {}, + "autoscaling": { + "enabled": false, + "maxReplicas": 100, + "minReplicas": 1, + "targetCPUUtilizationPercentage": 80 + }, + "fullnameOverride": "", + "image": { + "pullPolicy": "IfNotPresent", + "repository": "nginx", + "tag": "" + }, + "imagePullSecrets": [], + "ingress": { + "annotations": {}, + "className": "", + "enabled": false, + "hosts": [ + { + "host": "chart-example.local", + "paths": [ + { + "path": "/", + "pathType": "ImplementationSpecific" + } + ] + } + ], + "tls": [] + }, + "nameOverride": "", + "nodeSelector": {}, + "podAnnotations": {}, + "podSecurityContext": {}, + "replicaCount": 1, + "resources": {}, + "securityContext": {}, + "service": { + "port": 80, + "type": "ClusterIP" + }, + "serviceAccount": { + "annotations": {}, + "create": true, + "name": "" + }, + "tolerations": [] + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoMongoDB", + "metadata": { + "name": "kuberomongodb-sample" + }, + "spec": { + "mongodb": { + "auth": { + "databases": [ + "kubero" + ], + "passwords": [ + "kubero" + ], + "rootPassword": "", + "rootUser": "root", + "usernames": [ + "kubero" + ] + }, + "directoryPerDB": false, + "disableJavascript": false, + "global": { + "storageClass": "" + }, + "persistence": { + "size": "8Gi" + }, + "replicaCount": 2 + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoMysql", + "metadata": { + "name": "kuberomysql" + }, + "spec": { + "mysql": { + "auth": { + "createDatabase": false, + "database": "my_database", + "password": "example", + "rootPassword": "random", + "username": "example" + }, + "global": { + "storageClass": "" + }, + "primary": { + "persistence": { + "accessModes": [ + "ReadWriteOnce" + ], + "size": "8Gi" + } + } + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoPipeline", + "metadata": { + "name": "kuberopipeline" + }, + "spec": { + "affinity": {}, + "autoscaling": { + "enabled": false, + "maxReplicas": 100, + "minReplicas": 1, + "targetCPUUtilizationPercentage": 80 + }, + "fullnameOverride": "", + "image": { + "pullPolicy": "IfNotPresent", + "repository": "nginx", + "tag": "" + }, + "imagePullSecrets": [], + "ingress": { + "annotations": {}, + "className": "", + "enabled": false, + "hosts": [ + { + "host": "chart-example.local", + "paths": [ + { + "path": "/", + "pathType": "ImplementationSpecific" + } + ] + } + ], + "tls": [] + }, + "nameOverride": "", + "nodeSelector": {}, + "podAnnotations": {}, + "podSecurityContext": {}, + "replicaCount": 1, + "resources": {}, + "securityContext": {}, + "service": { + "port": 80, + "type": "ClusterIP" + }, + "serviceAccount": { + "annotations": {}, + "create": true, + "name": "" + }, + "tolerations": [] + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoPostgresql", + "metadata": { + "name": "kuberopostgresql-sample" + }, + "spec": { + "postgresql": { + "global": { + "postgresql": { + "auth": { + "database": "", + "password": "", + "postgresPassword": "", + "username": "" + } + }, + "storageClass": "" + }, + "primary": { + "persistence": { + "size": "8Gi" + } + } + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoPrometheus", + "metadata": { + "name": "kubero-prometheus" + }, + "spec": { + "prometheus": { + "alertmanager": { + "enabled": false + }, + "kube-state-metrics": { + "enabled": false + }, + "prometheus-node-exporter": { + "enabled": false + }, + "prometheus-pushgateway": { + "enabled": false + }, + "server": { + "enabled": true, + "ingress": { + "enabled": false, + "hosts": [ + "prometheus.localhost" + ] + } + }, + "serverFiles": { + "alerting_rules.yml": { + "groups": [ + { + "name": "Instances", + "rules": [ + { + "alert": "High 5xx server error rate", + "annotations": { + "description": "{{ $labels.namespace }}/{{ $labels.service }} has high 5xx error rate on host: {{ $labels.host }}", + "summary": "High 5xx error rate on {{ $labels.namespace }}/{{ $labels.service }}" + }, + "expr": "increase(nginx_ingress_controller_requests{status=~\"5..\", service=~\".*-kuberoapp\"}[5m]) \u003e 0", + "for": "30s", + "keep_firing_for": "30s", + "labels": { + "severity": "page" + } + }, + { + "alert": "More than 10% 4xx errors", + "annotations": { + "description": "{{ $labels.namespace }}/{{ $labels.service }} has more than 10% 4xx error rate on host: {{ $labels.host }}", + "summary": "10% 4xx error rate on {{ $labels.namespace }}/{{ $labels.service }}" + }, + "expr": "(sum(increase(nginx_ingress_controller_requests{status=~\"4..\", service=~\".*-kuberoapp\"}[5m])) * 100) / sum(increase(nginx_ingress_controller_requests{status=~\"2..\", service=~\".*-kuberoapp\"}[5m])) \u003e 10", + "for": "30s", + "keep_firing_for": "30s", + "labels": { + "severity": "page" + } + }, + { + "alert": "Deployment Replicas not ready", + "annotations": { + "description": "{{ $labels.namespace }}/{{ $labels.service }} has deployment replicas not", + "summary": "Deployment Replicast in {{ $labels.namespace }}/{{ $labels.service }} are not ready" + }, + "expr": "kube_deployment_status_replicas{deployment=~\".*-kuberoapp-(web|worker)\"} - kube_deployment_status_replicas_ready{deployment=~\".*kuberoapp-(web|worker)\"} \u003e 0", + "for": "30s", + "keep_firing_for": "30s", + "labels": { + "severity": "page" + } + }, + { + "alert": "CPU limit used by 80%", + "annotations": { + "description": "{{ $labels.namespace }}/{{ $labels.service }} used more than 80% of configured CPU limit", + "summary": "CPU Usage to high in {{ $labels.namespace }}/{{ $labels.service}}" + }, + "expr": "(rate(container_cpu_usage_seconds_total{id=~\".*.slice\", namespace=~\".*-(review|test|stage|production)\"}[5m]) / on (pod) kube_pod_container_resource_limits{unit=\"core\", namespace=~\".*-(review|test|stage|production)\"}) * 100 \u003e 80", + "for": "30s", + "keep_firing_for": "30s", + "labels": { + "severity": "page" + } + }, + { + "alert": "Memory limit used by 80%", + "annotations": { + "description": "{{ $labels.namespace }}/{{ $labels.service }} used more than 80% of configured Memory limit", + "summary": "Memory Usage to high in {{ $labels.namespace }}/{{ $labels.service}}" + }, + "expr": "(container_memory_usage_bytes{namespace=\"yyy-production\", container=~\"kuberoapp-(web|worker)\"} / on (pod) kube_pod_container_resource_limits{unit=\"byte\", namespace=~\".*-(review|test|stage|production)\"}) * 100 \u003e 80", + "for": "30s", + "keep_firing_for": "30s", + "labels": { + "severity": "page" + } + } + ] + } + ] + } + } + } + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoRabbitMQ", + "metadata": { + "name": "kuberorabbitmq-sample" + }, + "spec": { + "affinity": {}, + "autoscaling": { + "enabled": false, + "maxReplicas": 100, + "minReplicas": 1, + "targetCPUUtilizationPercentage": 80 + }, + "fullnameOverride": "", + "image": { + "pullPolicy": "IfNotPresent", + "repository": "nginx", + "tag": "" + }, + "imagePullSecrets": [], + "ingress": { + "annotations": {}, + "className": "", + "enabled": false, + "hosts": [ + { + "host": "chart-example.local", + "paths": [ + { + "path": "/", + "pathType": "ImplementationSpecific" + } + ] + } + ], + "tls": [] + }, + "nameOverride": "", + "nodeSelector": {}, + "podAnnotations": {}, + "podSecurityContext": {}, + "replicaCount": 1, + "resources": {}, + "securityContext": {}, + "service": { + "port": 80, + "type": "ClusterIP" + }, + "serviceAccount": { + "annotations": {}, + "create": true, + "name": "" + }, + "tolerations": [] + } + }, + { + "apiVersion": "application.kubero.dev/v1alpha1", + "kind": "KuberoRedis", + "metadata": { + "name": "kuberoredis-sample" + }, + "spec": { + "redis": { + "architecture": "replication", + "global": { + "redis": { + "password": "" + }, + "storageClass": "" + } + } + } + } + ] + capabilities: Basic Install + categories: Integration & Delivery + certified: "false" + containerImage: ghcr.io/kubero-dev/kubero-operator/kuberoapp:v0.1.3 + createdAt: "2024-09-09T20:49:18Z" + description: Kubero is a GitOps continuous delivery tool for Kubernetes. + operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/project_layout: helm.sdk.operatorframework.io/v1 + repository: https://github.com/kubero-dev/kubero + support: Kubero Community + name: kubero-operator.v0.1.3 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Creates a App in a Kubero Pipeline + displayName: Kubero App + kind: KuberoApp + name: kuberoapps.application.kubero.dev + version: v1alpha1 + - description: KuberoBuild triggers a build for a given application + kind: KuberoBuild + name: kuberobuilds.application.kubero.dev + version: v1alpha1 + - description: Apache CouchDB is a database featuring seamless multi-master sync, + that scales from big data to mobile, with an intuitive HTTP/JSON API and designed + for reliability. + displayName: Kubero CouchDB + kind: KuberoCouchDB + name: kuberocouchdbs.application.kubero.dev + version: v1alpha1 + - description: Elasticsearch is a distributed search and analytics engine. It + is used for web search, log monitoring, and real-time analytics. Ideal for + Big Data applications. + displayName: Kubero Elasticsearch + kind: KuberoElasticsearch + name: kuberoelasticsearches.application.kubero.dev + version: v1alpha1 + - description: Starts the Kubero UI and API + displayName: Kubero UI and API + kind: Kubero + name: kuberoes.application.kubero.dev + version: v1alpha1 + - description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + displayName: Kubero Kafka + kind: KuberoKafka + name: kuberokafkas.application.kubero.dev + version: v1alpha1 + - description: Haraka MTA is a highly scalable open source email server with a + modular architecture. It is written in Node.js and JavaScript and is designed + for modern Linux servers. + displayName: Kubero Mail Server + kind: KuberoMail + name: kuberomails.application.kubero.dev + version: v1alpha1 + - description: Memcached is an in-memory key-value store for small chunks of arbitrary + data (strings, objects) from results of database calls, API calls, or page + rendering. + displayName: Kubero Memcached + kind: KuberoMemcached + name: kuberomemcacheds.application.kubero.dev + version: v1alpha1 + - description: MongoDB(R) is a relational open source NoSQL database. Easy to + use, it stores data in JSON-like documents. Automated scalability and high-performance. + Ideal for developing cloud native applications. + displayName: Kubero MongoDB + kind: KuberoMongoDB + name: kuberomongodbs.application.kubero.dev + version: v1alpha1 + - description: MySQL is a fast, reliable, scalable, and easy to use open source + relational database system. Designed to handle mission-critical, heavy-load + production applications. + displayName: Kubero Mysql + kind: KuberoMysql + name: kuberomysqls.application.kubero.dev + version: v1alpha1 + - description: Creates a Kubero Pipeline + displayName: Kubero Pipeline + kind: KuberoPipeline + name: kuberopipelines.application.kubero.dev + version: v1alpha1 + - description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + displayName: Kubero Postgresql + kind: KuberoPostgresql + name: kuberopostgresqls.application.kubero.dev + version: v1alpha1 + - kind: KuberoPrometheus + name: kuberoprometheuses.application.kubero.dev + version: v1alpha1 + - description: RabbitMQ is an open source general-purpose message broker that + is designed for consistent, highly-available messaging scenarios (both synchronous + and asynchronous). + displayName: Kubero RabbitMQ + kind: KuberoRabbitMQ + name: kuberorabbitmqs.application.kubero.dev + version: v1alpha1 + - description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + displayName: Kubero Redis + kind: KuberoRedis + name: kuberoredis.application.kubero.dev + version: v1alpha1 + description: |- + Kubero is a Internal Developer Platform (IDP) that brings the convinience of Heroku/platform.sh/vercel/Netlify to your kubernetes cluster. Your developers should not need to worry about the underlying infrastructure and deployment. It enables you to deploy your applications with a few clicks. It also provides a API and CLI to manage your applications. + + ## Features + - Automated GitOps deployment and Pull Request previews + - Integrated CI/CD + + ## Supported Git Providers + - Gitea + - Forgejo (WIP) + - OneDev (WIP) + - Gogs + - Github + - Gitlab + - Bitbucket + + ## Tested languages/frameworks + Basicly everything that can be shipped in a single container. Kubero uses official images to build and run the apps. But they can be replaced or extended to fit your needs. + + - GoLang (including Hugo, gin-gonic) + - Python (including Flask) + - JavaScript/NodeJS + - PHP (including Laravel) + - Ruby (including Rails) + - Static HTML + - Rust (including Rocket) + displayName: Kubero + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjwhLS0gQ3JlYXRlZCB3aXRoIElua3NjYXBlIChodHRwOi8vd3d3Lmlua3NjYXBlLm9yZy8pIC0tPgoKPHN2ZwogICB3aWR0aD0iMTM2bW0iCiAgIGhlaWdodD0iMTM2bW0iCiAgIHZpZXdCb3g9IjAgMCAxMzYgMTM2IgogICB2ZXJzaW9uPSIxLjEiCiAgIGlkPSJzdmc0NzQ0IgogICBpbmtzY2FwZTp2ZXJzaW9uPSIxLjIuMSAoOWM2ZDQxZTQsIDIwMjItMDctMTQpIgogICBzb2RpcG9kaTpkb2NuYW1lPSJrdWJlcm8tbG9nby1oYXQtc3F1YXJlLWJvbGQuc3ZnIgogICBpbmtzY2FwZTpleHBvcnQtZmlsZW5hbWU9Imt1YmVyby1sb2dvLWhhdC1zcXVhcmUtbmVnYXRpdmUtYm9sZC5wbmciCiAgIGlua3NjYXBlOmV4cG9ydC14ZHBpPSI4MCIKICAgaW5rc2NhcGU6ZXhwb3J0LXlkcGk9IjgwIgogICB4bWxuczppbmtzY2FwZT0iaHR0cDovL3d3dy5pbmtzY2FwZS5vcmcvbmFtZXNwYWNlcy9pbmtzY2FwZSIKICAgeG1sbnM6c29kaXBvZGk9Imh0dHA6Ly9zb2RpcG9kaS5zb3VyY2Vmb3JnZS5uZXQvRFREL3NvZGlwb2RpLTAuZHRkIgogICB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxzb2RpcG9kaTpuYW1lZHZpZXcKICAgICBpZD0ibmFtZWR2aWV3NDc0NiIKICAgICBwYWdlY29sb3I9IiNmZmZmZmYiCiAgICAgYm9yZGVyY29sb3I9IiM2NjY2NjYiCiAgICAgYm9yZGVyb3BhY2l0eT0iMS4wIgogICAgIGlua3NjYXBlOnNob3dwYWdlc2hhZG93PSIyIgogICAgIGlua3NjYXBlOnBhZ2VvcGFjaXR5PSIwIgogICAgIGlua3NjYXBlOnBhZ2VjaGVja2VyYm9hcmQ9IjAiCiAgICAgaW5rc2NhcGU6ZGVza2NvbG9yPSIjZDFkMWQxIgogICAgIGlua3NjYXBlOmRvY3VtZW50LXVuaXRzPSJtbSIKICAgICBzaG93Z3JpZD0iZmFsc2UiCiAgICAgaW5rc2NhcGU6em9vbT0iMS40ODgiCiAgICAgaW5rc2NhcGU6Y3g9IjE4OS44NTIxNSIKICAgICBpbmtzY2FwZTpjeT0iMjI1LjgwNjQ1IgogICAgIGlua3NjYXBlOndpbmRvdy13aWR0aD0iMTM4NyIKICAgICBpbmtzY2FwZTp3aW5kb3ctaGVpZ2h0PSIxMDkyIgogICAgIGlua3NjYXBlOndpbmRvdy14PSIzNjYiCiAgICAgaW5rc2NhcGU6d2luZG93LXk9IjI5MiIKICAgICBpbmtzY2FwZTp3aW5kb3ctbWF4aW1pemVkPSIwIgogICAgIGlua3NjYXBlOmN1cnJlbnQtbGF5ZXI9ImxheWVyMSIgLz4KICA8ZGVmcwogICAgIGlkPSJkZWZzNDc0MSIgLz4KICA8ZwogICAgIGlua3NjYXBlOmxhYmVsPSJFYmVuZSAxIgogICAgIGlua3NjYXBlOmdyb3VwbW9kZT0ibGF5ZXIiCiAgICAgaWQ9ImxheWVyMSI+CiAgICA8cGF0aAogICAgICAgc3R5bGU9ImRpc3BsYXk6aW5saW5lO2ZpbGw6Izc0NzNiZjtmaWxsLW9wYWNpdHk6MTtzdHJva2U6Izc0NzNiZjtzdHJva2Utd2lkdGg6My45NzUyO3N0cm9rZS1saW5lY2FwOnJvdW5kO3N0cm9rZS1saW5lam9pbjpyb3VuZDtzdHJva2UtbWl0ZXJsaW1pdDozLjI7c3Ryb2tlLWRhc2hhcnJheTpub25lO3N0cm9rZS1vcGFjaXR5OjEiCiAgICAgICBkPSJtIDk4LjUwODcxMyw5Ni4wMzAzNjIgYyAtMi40NDQyNywwLjc2OTIyNCAtNy42NzI0ODIsMS41NDczNzkgLTExLjczODIyMiwxLjc0NzEyNyAtOC42OTkyODYsMC40MjczNzMgLTE1LjEwMDMwNywtMC42NzE0NyAtMzEuOTA5NjEyLC01LjQ3NzkxMSAtMTUuMjQyMzQyLC00LjM1ODQwOCAtMjIuNTExNjQ2LC01LjgxNDE5MyAtMjcuNjMwNjQ1LC01LjUzMzUzNSAtNi44MDg2NjYsMC4zNzMzNDUgLTcuMjQ2MDU0LDMuNzkxMjM4IC0wLjc1ODUzOSw1LjkyNzYwMiAxLjI4NjI5NCwwLjQyMzU4OSA2LjQ5MzYxLDAuOTk5NTA2IDExLjU3MTgwNywxLjI3OTc2IGwgOS4yMzMwNjcsMC41MDk2MjIgLTQuMjg2NzksMC45Nzk2NzIgYyAtNS4xNTA4NzYsMS4xNzcxNTkgLTE1LjIxMTYxMiwxLjU4OTEyNCAtMTguNjExNjAzLDAuNzYyMDk2IC0zLjczNjY1LC0wLjkwODkxNSAtNi40NDk1ODQsLTMuODg1ODY2IC02LjQ0OTU4NCwtNy4wNzcxOTEgMCwtMy40MDk5MDggMC45MTAxODksLTUuMjY5OTExIDMuMjYwMjY4LC02LjY2MjQ4NyA1LjA5NjQ2NiwtMy4wMTk5NjMgMTQuOTQ5NjMsLTEuOTI2OTQyIDM2Ljc5OTMzOSw0LjA4MjE3NyAxOC43NzE3MDgsNS4xNjI2MTkgMjEuNDA3NjYsNS41OTg5NzIgMzEuMDk2NDEsNS4xNDc4NDggNi45OTQ3MjcsLTAuMzI1NzAzIDkuMzAxMzgsLTAuNzY0MjkgMTQuNTMyODYxLC0yLjc2MzMyNCA3LjQ1MzAxLC0yLjg0Nzk2MiAxMi4xOTM1OCwtNS44Mzk1MTMgMTYuMDM3ODksLTEwLjEyMDgwNCAyLjcxMTg3LC0zLjAyMDE2IDUuNDE5MzYsLTguMTE4OTM4IDcuMDE1NiwtMTIuNDg2ODI5IDAuMTUyMTQsLTAuNDE2MjYyIDEuMDc5OCwtMS4xNDY5NDkgLTMuOTQzMDgsMS4zNTc0NDIgLTYuNjU4MiwzLjMxOTcxNyAtMTQuNzcwMzIsNC44NTYyODEgLTI3LjIzNDk5MSw0LjMxMTQ2OCBDIDgzLjkzMzEzMyw3MS41MDc4NzEgNzguMTQ0NjYsNzAuMzg5OTk3IDYyLjA4MTEzNCw2NS41NjA4MzQgMjkuNDM4ODIxLDU1Ljc0NzU2OSAxNC43MTk3NDMsNTUuNjEzNDYzIDcuNDc4OTM4LDY1LjA2MzM2MiBjIC0yLjY1ODQ4OTQsMy40Njk1NiAtMi42OTYzNzgzLDIuNDA4NDc3IC0wLjA2MDYyMiwtMS42OTg0MTcgMS4zNTY0NTI0LC0yLjExMzU4MSAzLjM2MTAwMiwtMy44OTU4MzUgNi4xMDA0MTUsLTUuNDIzOTE1IDEwLjA5MzY0NywtNS42MzAzODMgMjUuMTYwNjExLC00Ljg4MTQ2NCA1Mi44ODM0OTMsMi42Mjg2NTIgOC4zNzYxMTQsMi4yNjkwNzkgMjEuNDk0OTQzLDUuMDQzNzQ4IDIxLjg3NzM0NCw0LjYyNzE1NCAwLjEwNzcwNiwtMC4xMTc0NDEgLTQuOTkxOTY3LC0xMC41MDMxMzEgLTExLjQ2NzE5OSwtMjMuMzUzNTIzIC0yLjg0MDQwOCwtNS42MzY5MDMgLTMuMDQxNjk4LC01Ljg1NTgxNCAtNS4zNjE2OCwtNS44MzA0MyAtMS4zMjU3NTgsMC4wMTMzNSAtNC42MzYzMDcsMC40ODQ5OTYgLTcuMzU2NzQ4LDEuMDQ1NTEzIEMgNTIuOTQ2ODE0LDM5LjM1NTE5IDUwLjkxNjE1LDQwLjcyMzgxMiA0OC44NTI5OCw0Ny4zMzA1MDcgbCAtMS4yOTU0MTEsNC4xNDgxOCAwLjIyMDA0NCwtNS4wOTI5MjEgYyAwLjI3OTI3NCwtNi40NjM3MDYgMS41MTc2MzQsLTguNTAyNzY1IDcuMTA5NjQzLC0xMS43MDY1MDQgOC4yMjU5NjMsLTQuNzEyNzg4IDE5LjYyNzg5MywtNi4zOTk4NjIgMjIuMzI5NjM2LC0zLjMwMzk4IDMuMTI0OTEsMy41ODA4MTIgNy43Njc1NDMsMTUuNjkzMDMxIDEwLjYzODU1NCwyNy43NTUyMTQgbCAxLjQ2MTUxNyw2LjE0MDM2NCAzLjM4MTUwNywwLjQ2NTU2NyBjIDExLjcxMDI3LDEuNjEyMzE3IDI3LjM1OTE1LC0wLjkxNCAzMS4yNzMwMywtNS4wNDg2NzQgNC45NzIyOCwtNS4yNTI3OCAtMi45ODY0MywtOC43MzI1NTQgLTI0LjI4MjE1MywtMTAuNjE2ODEgTCA4OC44MjUzOTgsNDkuMTA5NzM0IDk1Ljk5OTAzLDQ4LjQ5NzAxOCBjIDguMzk4NTMsLTAuNzE3MzQ2IDIyLjc4OTk2LC0wLjE0ODA0NiAyNi4yMDg5NSwxLjAzNzAyOCA2LjAwMjM0LDIuMDgwMjQ2IDguODQ1NzQsNi4zMzcxNSA3LjI0ODI3LDEwLjg1MTQ1OCAtMC40NzI3MSwxLjMzNTkxNyAtMS41MjU2Miw1LjEwOTQ4OSAtMi42NTczNSw4LjI0NjE2IC0yLjk5NDEzLDguMjk4NDI1IC01LjM5MDQ4LDEzLjMzNjA4OCAtOS4yODc1OSwxOC4wMzI2NDIgLTAuOTM1OTYsMS4xMjc5NTIgLTIuMzIxMzQsMi44NjAwNzEgLTUuNzUzNzEsNC44MDMzMTQgLTcuNzgsMy42OTQ0MTkgLTkuOTIwNjgsMy43NjgyMTEgLTEzLjI0ODg4Nyw0LjU2Mjc0MiB6IgogICAgICAgaWQ9InBhdGgxNjYtNS04IgogICAgICAgc29kaXBvZGk6bm9kZXR5cGVzPSJjc3Nzc3Njc3Nzc3Nzc3Nzc3Nzc3Nzc3NzY3NzY3Nzc3Njc3NzY3Njc3NzY2MiCiAgICAgICBpbmtzY2FwZTpsYWJlbD0iaGF0IiAvPgogIDwvZz4KPC9zdmc+Cg== + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + - apps + resources: + - configmaps + - secrets + verbs: + - '*' + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - rbac.authorization.k8s.io + - "" + resources: + - roles + - clusterroles + - clusterrolebindings + - rolebindings + - secrets + - deployments + - namespaces + - services + - ingresses + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberoapps + - kuberoapps/status + - kuberoapps/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apps + - "" + resources: + - deployments + - serviceaccounts + verbs: + - '*' + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' + - apiGroups: + - networking.k8s.io + - "" + resources: + - ingresses + - rolebindings + - services + - jobs + verbs: + - '*' + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - opstreelabs.in + resources: + - mongodbs + verbs: + - '*' + - apiGroups: + - redis.redis.opstreelabs.in + resources: + - redis + - redisclusters + verbs: + - '*' + - apiGroups: + - postgres-operator.crunchydata.com + resources: + - postgresclusters + verbs: + - '*' + - apiGroups: + - minio.min.io + resources: + - tenants + verbs: + - '*' + - apiGroups: + - charts.operatorhub.io + resources: + - cockroachdbs + verbs: + - '*' + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' + - apiGroups: + - networking.cfargotunnel.com + resources: + - tunnels + - tunnelbindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberoes + - kuberoes/status + - kuberoes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + - persistentvolumeclaims/finalizers + - persistentvolumes/finalizers + verbs: + - '*' + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + verbs: + - '*' + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberopipelines + - kuberopipelines/status + - kuberopipelines/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + - secrets + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberomysqls + - kuberomysqls/status + - kuberomysqls/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberopostgresqls + - kuberopostgresqls/status + - kuberopostgresqls/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberoredis + - kuberoredis/status + - kuberoredis/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberomongodbs + - kuberomongodbs/status + - kuberomongodbs/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberoelasticsearches + - kuberoelasticsearches/status + - kuberoelasticsearches/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberocouchdbs + - kuberocouchdbs/status + - kuberocouchdbs/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberokafkas + - kuberokafkas/status + - kuberokafkas/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - secrets + - configmaps + - serviceaccounts + - services + - persistentvolumeclaims + - persistentvolumes + verbs: + - '*' + - apiGroups: + - job + resources: + - batch + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberomails + - kuberomails/status + - kuberomails/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberorabbitmqs + - kuberorabbitmqs/status + - kuberorabbitmqs/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberomemcacheds + - kuberomemcacheds/status + - kuberomemcacheds/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberoprometheuses + - kuberoprometheuses/status + - kuberoprometheuses/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - "" + resources: + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - application.kubero.dev + resources: + - kuberobuilds + - kuberobuilds/status + - kuberobuilds/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + verbs: + - '*' + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: kubero-operator-controller-manager + deployments: + - label: + control-plane: controller-manager + name: kubero-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --leader-election-id=kubero-operator + image: ghcr.io/kubero-dev/kubero-operator/kuberoapp:v0.1.3 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: kubero-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: kubero-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - gitops + - devops + - workflow + links: + - name: Kubero Operator + url: https://github.com/kubero-dev/kubero-operator + - name: Kubero UI + url: https://github.com/kubero-dev/kubero + maintainers: + - email: gicara+kubero@gmail.com + name: Gianni Carafa + maturity: alpha + provider: + name: kubero + url: https://github.com/kubero-dev/ + version: 0.1.3 + replaces: kubero-operator.v0.0.159 diff --git a/operators/kubero-operator/0.1.3/metadata/annotations.yaml b/operators/kubero-operator/0.1.3/metadata/annotations.yaml new file mode 100644 index 00000000000..e9561fecc60 --- /dev/null +++ b/operators/kubero-operator/0.1.3/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: kubero-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: helm.sdk.operatorframework.io/v1 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/kubero-operator/0.1.3/tests/scorecard/config.yaml b/operators/kubero-operator/0.1.3/tests/scorecard/config.yaml new file mode 100644 index 00000000000..760c2d984d2 --- /dev/null +++ b/operators/kubero-operator/0.1.3/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.21.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.21.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.21.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.21.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.21.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.21.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/lbconfig-operator/0.5.0/manifests/lb.lbconfig.carlosedp.com_externalloadbalancers.yaml b/operators/lbconfig-operator/0.5.0/manifests/lb.lbconfig.carlosedp.com_externalloadbalancers.yaml new file mode 100644 index 00000000000..0374997f065 --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/manifests/lb.lbconfig.carlosedp.com_externalloadbalancers.yaml @@ -0,0 +1,413 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: externalloadbalancers.lb.lbconfig.carlosedp.com +spec: + group: lb.lbconfig.carlosedp.com + names: + kind: ExternalLoadBalancer + listKind: ExternalLoadBalancerList + plural: externalloadbalancers + shortNames: + - elb + singular: externalloadbalancer + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: Load Balancer VIP + jsonPath: .spec.vip + name: VIP + type: string + - description: Load Balancer Ports + jsonPath: .spec.ports + name: Ports + type: string + - description: Load Balancer Provider Backend + jsonPath: .spec.provider.vendor + name: Provider + type: string + - description: Amount of nodes in the load balancer + jsonPath: .status.numnodes + name: Nodes + type: string + - description: Type of nodes in this Load Balancer + jsonPath: .spec.type + name: Type + type: string + - description: Node Labels matching this Load Balancer + jsonPath: .status.labels + name: Matching Node Labels + type: string + name: v1 + schema: + openAPIV3Schema: + description: ExternalLoadBalancer is the Schema for the externalloadbalancers + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ExternalLoadBalancerSpec is the spec of a LoadBalancer instance. + properties: + monitor: + description: Monitor is the path and port to monitor the LoadBalancer + members + properties: + monitortype: + description: |- + MonitorType is the monitor parent type. must be one of "http", "https", + "icmp". + enum: + - http + - https + - icmp + type: string + name: + description: Name is the monitor name, it is set by the controller + type: string + path: + description: Path is the path URL to check for the pool members + in the format `/healthz` + minLength: 1 + type: string + port: + description: Port is the port this monitor should check the pool + members + maximum: 65535 + minimum: 1 + type: integer + required: + - monitortype + - path + - port + type: object + nodelabels: + additionalProperties: + type: string + description: NodeLabels are the node labels used for router sharding + as an alternative to "type". Optional. + type: object + ports: + description: Ports is the ports exposed by this LoadBalancer instance + items: + type: integer + maxItems: 128 + minItems: 1 + type: array + provider: + description: Provider is the LoadBalancer backend provider + properties: + creds: + description: |- + Creds is the credentials secret holding the "username" and "password" keys. + Generate with: `kubectl create secret generic --from-literal=username= --from-literal=password=` + type: string + debug: + default: false + description: Debug is a flag to enable debug on the backend log + output. Defaults to false. + enum: + - true + - false + type: boolean + host: + description: Host is the Load Balancer API IP or Hostname in URL + format. Eg. `http://10.25.10.10`. + maxLength: 255 + minLength: 1 + type: string + lbmethod: + default: ROUNDROBIN + description: |- + Type is the Load-Balancing method. Defaults to "round-robin". + Options are: ROUNDROBIN, LEASTCONNECTION, LEASTRESPONSETIME + enum: + - ROUNDROBIN + - LEASTCONNECTION + - LEASTRESPONSETIME + type: string + partition: + description: Partition is the F5 partition to create the Load + Balancer instances. Defaults to "Common". (F5 BigIP only) + type: string + port: + description: Port is the Load Balancer API Port. + maximum: 65535 + minimum: 1 + type: integer + validatecerts: + default: false + description: ValidateCerts is a flag to validate or not the Load + Balancer API certificate. Defaults to false. + enum: + - true + - false + type: boolean + vendor: + description: Vendor is the backend provider vendor + enum: + - Dummy + - F5_BigIP + - Citrix_ADC + - HAProxy + type: string + required: + - creds + - host + - port + - vendor + type: object + type: + description: Type is the node role type (master or infra) for the + LoadBalancer instance + enum: + - master + - infra + type: string + vip: + description: Vip is the Virtual IP configured in this LoadBalancer + instance + maxLength: 15 + minLength: 1 + type: string + required: + - monitor + - ports + - provider + - vip + type: object + status: + description: ExternalLoadBalancerStatus defines the observed state of + ExternalLoadBalancer + properties: + labels: + additionalProperties: + type: string + type: object + monitor: + description: Monitor defines a monitor object in the LoadBalancer. + properties: + monitortype: + description: |- + MonitorType is the monitor parent type. must be one of "http", "https", + "icmp". + enum: + - http + - https + - icmp + type: string + name: + description: Name is the monitor name, it is set by the controller + type: string + path: + description: Path is the path URL to check for the pool members + in the format `/healthz` + minLength: 1 + type: string + port: + description: Port is the port this monitor should check the pool + members + maximum: 65535 + minimum: 1 + type: integer + required: + - monitortype + - path + - port + type: object + nodes: + items: + description: Node defines a host object in the LoadBalancer. + properties: + host: + description: Host is the host IP set dynamically by the controller + type: string + label: + additionalProperties: + type: string + description: Label is the node labels this node has + type: object + name: + description: Name is the host name set dynamically by the controller + type: string + required: + - host + type: object + type: array + numnodes: + type: integer + pools: + items: + description: Pool defines a pool object in the LoadBalancer. + properties: + members: + description: Members is the host members of this pool + items: + description: PoolMember defines a host object in the LoadBalancer. + properties: + node: + description: Node is the node part of a pool + properties: + host: + description: Host is the host IP set dynamically by + the controller + type: string + label: + additionalProperties: + type: string + description: Label is the node labels this node has + type: object + name: + description: Name is the host name set dynamically + by the controller + type: string + required: + - host + type: object + port: + description: Port is the port for this pool member + type: integer + required: + - node + - port + type: object + type: array + monitor: + description: Monitor is the monitor name used on this pool + type: string + name: + description: Name is the Pool name, it is set by the controller + type: string + required: + - monitor + type: object + type: array + ports: + items: + type: integer + type: array + provider: + description: Provider is a backend provider for F5 Big IP Load Balancers + properties: + creds: + description: |- + Creds is the credentials secret holding the "username" and "password" keys. + Generate with: `kubectl create secret generic --from-literal=username= --from-literal=password=` + type: string + debug: + default: false + description: Debug is a flag to enable debug on the backend log + output. Defaults to false. + enum: + - true + - false + type: boolean + host: + description: Host is the Load Balancer API IP or Hostname in URL + format. Eg. `http://10.25.10.10`. + maxLength: 255 + minLength: 1 + type: string + lbmethod: + default: ROUNDROBIN + description: |- + Type is the Load-Balancing method. Defaults to "round-robin". + Options are: ROUNDROBIN, LEASTCONNECTION, LEASTRESPONSETIME + enum: + - ROUNDROBIN + - LEASTCONNECTION + - LEASTRESPONSETIME + type: string + partition: + description: Partition is the F5 partition to create the Load + Balancer instances. Defaults to "Common". (F5 BigIP only) + type: string + port: + description: Port is the Load Balancer API Port. + maximum: 65535 + minimum: 1 + type: integer + validatecerts: + default: false + description: ValidateCerts is a flag to validate or not the Load + Balancer API certificate. Defaults to false. + enum: + - true + - false + type: boolean + vendor: + description: Vendor is the backend provider vendor + enum: + - Dummy + - F5_BigIP + - Citrix_ADC + - HAProxy + type: string + required: + - creds + - host + - port + - vendor + type: object + vips: + items: + description: VIP defines VIP instance in the LoadBalancer with a + pool and port + properties: + ip: + description: IP is the IP address this VIP instance listens + to + type: string + name: + description: Name is the VIP instance name + type: string + pool: + description: Pool is the associated pool with this VIP + type: string + port: + description: Port is the port this VIP listens to + type: integer + required: + - ip + - name + - pool + - port + type: object + type: array + required: + - monitor + - ports + - vips + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-controller-manager-metrics-service_v1_service.yaml b/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..3d4da966183 --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: lbconfig-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: lbconfig-operator + control-plane: controller-manager + name: lbconfig-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-manager-config_v1_configmap.yaml b/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..def2711c795 --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: d8d64ee1.lbconfig.carlosedp.com +kind: ConfigMap +metadata: + name: lbconfig-operator-manager-config diff --git a/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..e979332070a --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: lbconfig-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: lbconfig-operator + name: lbconfig-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator.clusterserviceversion.yaml b/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..b37876bc711 --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/manifests/lbconfig-operator.clusterserviceversion.yaml @@ -0,0 +1,537 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "lb.lbconfig.carlosedp.com/v1", + "kind": "ExternalLoadBalancer", + "metadata": { + "name": "externalloadbalancer-infra-sample", + "namespace": "lbconfig-operator-system" + }, + "spec": { + "monitor": { + "monitortype": "http", + "path": "/healthz", + "port": 1936 + }, + "ports": [ + 80, + 443 + ], + "provider": { + "creds": "f5-creds", + "host": "https://192.168.1.35", + "partition": "Common", + "port": 443, + "validatecerts": false, + "vendor": "F5_BigIP" + }, + "type": "infra", + "vip": "192.168.1.45" + } + }, + { + "apiVersion": "lb.lbconfig.carlosedp.com/v1", + "kind": "ExternalLoadBalancer", + "metadata": { + "name": "externalloadbalancer-infra-sample-shard", + "namespace": "lbconfig-operator-system" + }, + "spec": { + "monitor": { + "monitortype": "http", + "path": "/healthz", + "port": 1936 + }, + "nodelabels": { + "kubernetes.io/region": "DC1", + "node-role.kubernetes.io/infra": "" + }, + "ports": [ + 80, + 443 + ], + "provider": { + "creds": "f5-creds", + "host": "https://192.168.1.35", + "partition": "Common", + "port": 443, + "validatecerts": false, + "vendor": "F5_BigIP" + }, + "type": "infra", + "vip": "192.168.1.46" + } + }, + { + "apiVersion": "lb.lbconfig.carlosedp.com/v1", + "kind": "ExternalLoadBalancer", + "metadata": { + "name": "externalloadbalancer-master-sample", + "namespace": "lbconfig-operator-system" + }, + "spec": { + "monitor": { + "monitortype": "https", + "path": "/healthz", + "port": 6443 + }, + "ports": [ + 6443 + ], + "provider": { + "creds": "netscaler-creds", + "host": "https://192.168.1.36", + "port": 443, + "validatecerts": false, + "vendor": "Citrix_ADC" + }, + "type": "master", + "vip": "192.168.1.40" + } + } + ] + capabilities: Auto Pilot + categories: Networking + certified: "false" + containerImage: quay.io/carlosedp/lbconfig-operator:v0.5.0 + createdAt: "2024-09-13T20:01:51Z" + description: The LBConfig Operator, manages the configuration of External Load + Balancer instances (on third-party equipment) and creates VIPs and IP Pools + dynamically via API. + k8sMaxVersion: "" + k8sMinVersion: "" + operators.operatorframework.io/builder: operator-sdk-v1.36.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 + repository: https://github.com/carlosedp/lbconfig-operator + support: "" + name: lbconfig-operator.v0.5.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ExternalLoadBalancer is the Schema for the externalloadbalancers + API + displayName: ExternalLoadBalancer Instance + kind: ExternalLoadBalancer + name: externalloadbalancers.lb.lbconfig.carlosedp.com + resources: + - kind: ExternalLoadBalancer + name: externalloadbalancer + version: lb.lbconfig.carlosedp.com/v1 + specDescriptors: + - description: Monitor is the path and port to monitor the LoadBalancer members + displayName: Monitor + path: monitor + - description: |- + MonitorType is the monitor parent type. must be one of "http", "https", + "icmp". + displayName: Monitor Type + path: monitor.monitortype + - description: Name is the monitor name, it is set by the controller + displayName: Name + path: monitor.name + - description: Path is the path URL to check for the pool members in the format + `/healthz` + displayName: Path + path: monitor.path + - description: Port is the port this monitor should check the pool members + displayName: Port + path: monitor.port + - description: NodeLabels are the node labels used for router sharding as an + alternative to "type". Optional. + displayName: Node Labels + path: nodelabels + - description: Ports is the ports exposed by this LoadBalancer instance + displayName: Ports + path: ports + - description: Provider is the LoadBalancer backend provider + displayName: Provider + path: provider + - description: |- + Creds is the credentials secret holding the "username" and "password" keys. + Generate with: `kubectl create secret generic --from-literal=username= --from-literal=password=` + displayName: Creds + path: provider.creds + - description: Debug is a flag to enable debug on the backend log output. Defaults + to false. + displayName: Debug + path: provider.debug + - description: Host is the Load Balancer API IP or Hostname in URL format. Eg. + `http://10.25.10.10`. + displayName: Host + path: provider.host + - description: |- + Type is the Load-Balancing method. Defaults to "round-robin". + Options are: ROUNDROBIN, LEASTCONNECTION, LEASTRESPONSETIME + displayName: LBMethod + path: provider.lbmethod + - description: Partition is the F5 partition to create the Load Balancer instances. + Defaults to "Common". (F5 BigIP only) + displayName: Partition + path: provider.partition + - description: Port is the Load Balancer API Port. + displayName: Port + path: provider.port + - description: ValidateCerts is a flag to validate or not the Load Balancer + API certificate. Defaults to false. + displayName: Validate Certs + path: provider.validatecerts + - description: Vendor is the backend provider vendor + displayName: Vendor + path: provider.vendor + - description: Type is the node role type (master or infra) for the LoadBalancer + instance + displayName: Type + path: type + - description: Vip is the Virtual IP configured in this LoadBalancer instance + displayName: Vip + path: vip + statusDescriptors: + - displayName: Labels + path: labels + - displayName: Monitor + path: monitor + - displayName: Nodes + path: nodes + - displayName: Num Nodes + path: numnodes + - displayName: Pools + path: pools + - displayName: Ports + path: ports + - displayName: Provider + path: provider + - displayName: VIPs + path: vips + version: v1 + required: + - description: ExternalLoadBalancer represents a configured instance of an external + Load-Balancer for a specific group of nodes of the cluster. The Instance has + a VIP and ports to be balanced to the cluster nodes based on a set of node + labels. + displayName: External Load-Balancer Configuration Instance + kind: ExternalLoadBalancer + name: externalloadbalancers.lb.lbconfig.carlosedp.com + version: v1 + description: | + ## About the Operator + + The LBConfig Operator, manages the configuration of External Load Balancer instances (on third-party equipment via it's API) and creates VIPs and IP Pools with Monitors for a set of OpenShift or Kubernetes nodes like Master-nodes (Control-Plane), Infra nodes (where the Routers or Ingress controllers are located) or based on it's roles and/or labels. + + The operator dynamically handles creating, updating or deleting the IPs of the pools in the Load Balancer based on the Node IPs for each role or label. On every change of the operator configuration (CRDs) or addition/change/removal or cluster Nodes, the operator updates the Load Balancer properly. + + ## Main Use Cases + + The main users for this operator is enterprise deployments or clusters composed of multiple nodes having an external load-balancer providing the balancing and high-availability to access the cluster in both API and Application levels. + + ### Create ExternalLoadBalancer Instances + + Create the instances for each Load Balancer instance you need (for example one for Master Nodes and another for the Infra Nodes). **If installing on OpenShift or Kubernetes with OLM (or in a different namespace), adjust the sample YAMLs to match the created namespace**. + + **The provider `vendor` field can be (case-insensitive):** + + * **`F5_BigIP`** - Tested on F5 BigIP version 15 + * **`Citrix_ADC`** - Tested on Citrix ADC (Netscaler) version 13 + * **`HAProxy`** - HAProxy with Dataplane API. ([Docs](./docs/haproxy/)) + * **`Dummy`** - Dummy backend used for testing to only print log messages on operations + + Create the secret holding the Load Balancer API user and password: + + ```sh + oc create secret generic f5-creds --from-literal=username=admin --from-literal=password=admin123 --namespace lbconfig-operator-system + ``` + + #### Sample CRDs and Available Fields + + Master Nodes using a Citrix ADC LB: + + ```yaml + apiVersion: lb.lbconfig.carlosedp.com/v1 + kind: ExternalLoadBalancer + metadata: + name: externalloadbalancer-master-sample + namespace: lbconfig-operator-system + spec: + vip: "192.168.1.40" + type: "master" + ports: + - 6443 + monitor: + path: "/healthz" + port: 6443 + monitortype: "https" + provider: + vendor: Citrix_ADC + host: "https://192.168.1.36" + port: 443 + creds: netscaler-creds + validatecerts: false + ``` + + Infra Nodes using a F5 BigIP LB: + + ```yaml + apiVersion: lb.lbconfig.carlosedp.com/v1 + kind: ExternalLoadBalancer + metadata: + name: externalloadbalancer-infra-sample + namespace: lbconfig-operator-system + spec: + vip: "192.168.1.45" + type: "infra" + ports: + - 80 + - 443 + monitor: + path: "/healthz" + port: 1936 + monitortype: http + provider: + vendor: F5_BigIP + host: "https://192.168.1.35" + port: 443 + creds: f5-creds + partition: "Common" + validatecerts: false + ``` + + To choose the nodes which will be part of the server pool, you can set either `type` or `nodelabels` fields. The yaml field `type: "master"` or `type: "infra"` selects nodes with the role label `"node-role.kubernetes.io/master"` and `"node-role.kubernetes.io/infra"` respectively. If the field `nodelabels` array is used instead, the operator will use nodes which match all labels. + + Clusters with sharded routers or using arbitrary labels to determine where the Ingress Controllers run can be configured like: + + ```yaml + spec: + vip: "10.0.0.6" + ports: + - 80 + nodelabels: + "node.kubernetes.io/ingress-controller": "production" + "kubernetes.io/region": "DC1" + ... + ``` + + ## Getting Help + + This project fully open-source and is hosted at [GitHub](https://github.com/carlosedp/lbconfig-operator). Always check the project page and issues for the latest updates and/or solutions to problems encountered. If a problem is detected, please fill an issue. Feature request and improvement issues are welcome. + + Some fields inside `providers` are optional and depend on the used backend. Check the [API docs](https://pkg.go.dev/github.com/carlosedp/lbconfig-operator/api/externalloadbalancer/v1?utm_source=gopls#Provider) which fields are backend-specific. + + ## Disclaimers + + * The operator does not check if the requested configuration (names, IPs) already exists and/or conflicts with existing configuration in the Load Balancer. The user is responsible for these checks before deployment; + * I am not responsible if the operator changes/deletes existing configuration on the Load Balancer if existing names are already configured. + * The operator creates the entries(Pools, VIPs, Monitors) in the provided Load Balancer with the `name` of the instance configured in the CustomResource prefixed with the type. Eg. For a CR with name `externalloadbalancer-master-sample`, the operator creates a server pool named `Pool-externalloadbalancer-master-sample-6443` (suffixed with the port), a monitor named `Monitor-externalloadbalancer-master-sample` and a VIP named `VIP-externalloadbalancer-master-sample-6443` (suffixed with the port). + displayName: External Load-Balancer Configuration Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAgMAAAIDCAYAAACZ2x1XAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAhGVYSWZNTQAqAAAACAAFARIAAwAAAAEAAQAAARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAGAAAAABAAAAYAAAAAEAA6ABAAMAAAABAAEAAKACAAQAAAABAAACA6ADAAQAAAABAAACAwAAAAADpRUVAAAACXBIWXMAAA7EAAAOxAGVKw4bAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNi4wLjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgoZXuEHAABAAElEQVR4Ae2dbbBV1ZnnlxEVUK+AgFe8gauoYGwiaMYQUx2gxp7CilVCp9IRq7ojydSoNVapH6bUT8AntfqDpCpT4kx3wEyV4qTSmKqkJNV2gdMVW+0oGBLBIC0Y1AsiICJcEGXO/5AN9+28773Xs9b6rap7z8vee631/J51zv6fZ72ddbKSHAkCEIAABCAAgWQJfClZyzEcAhCAAAQgAIEqAcQADQECEIAABCCQOAHEQOINAPMhAAEIQAACiAHaAAQgAAEIQCBxAoiBxBsA5kMAAhCAAAQQA7QBCEAAAhCAQOIEEAOJNwDMhwAEIAABCCAGaAMQgAAEIACBxAkgBhJvAJgPAQhAAAIQQAzQBiAAAQhAAAKJE0AMJN4AMB8CEIAABCCAGKANQAACEIAABBIngBhIvAFgPgQgAAEIQAAxQBuAAAQgAAEIJE4AMZB4A8B8CEAAAhCAAGKANgABCEAAAhBInABiIPEGgPkQgAAEIACBUSCAAATiItB35ITbtv+Y2/zhUbfr8GeVx/6GBs4cf56bduEoN7f7fNfbdU7l79yG13ACBCAQD4GzTlZSPOZgCQTSI7DtwDG3cfdh9+J7R6qPEgOdpnHnne3m95zv5k05v/o4e9KYTrPkeghAwDABxIBh51A1CNQiIAHw1NaDbu0fD7qdh47XOi2397vHjnKLpl/kvnfVRVVxkFvGZAQBCJgggBgw4QYqAYHGBA4e+9yt2vJRVQRIDPhK6kK4/epx7r7ZFzuJBBIEIBA+AcRA+D7EgsgJSASs3LzP/WjzR07PraTRZ5/l7vzKBPfgDRMZY2DFKdQDAm0SQAy0CY7LIFA0gf7PT7oVr+ytRgMsiYCR7L571sVu2dcnEykYCQ7vQSAAAoiBAJxEFdMjoLEAD/y/D1wegwHLoqdBh4oS3D9nklPUgAQBCIRDADEQjq+oaQIENBZg6T/vdi/3HQnWWk1TfGLBZQw0DNaDVDxFAoiBFL2OzSYJbNz9qVv8q12mxgW0C0qRgce/dalT9wEJAhCwTwAxYN9H1DABAis37XMP/OsH0VkqMfDEginR2YVBEIiNAGIgNo9iT1AENEhQYwM0ZTDWNL/nArfu21OdxhSQIAABmwQQAzb9Qq0SIKAZArf8YmfQ4wOadZPWJnj+tl6n8QQkCEDAHgHEgD2fUKMECGjfgMW/ereU1QOt4FRkYPXNPZWVDLusVIl6QAACfyaAGKApQKBkApoxMOfp7U5dBCmmdd+ehiBI0fHYbJoAWxibdg+Vi41A1jWQqhCQP5esf7e6o2JsvsUeCIRMADEQsveoe1AEJABS6xoYyUEZB+urKo5Ud96DQKwEEAOxeha7zBHQrAFtNUxy1bESEkYpR0hoBxCwRAAxYMkb1CVaAlpHIObpg+04TsJIAokEAQj4J4AY8O8DahA5Aa0s+PBLfZFb2Z55EkgSSiQIQMAvAWYT+OVP6ZET2HnouJvzzNtRLDFcpKs2/PUV7GVQJGDyhkADAkQGGgDiMAQ6IbD0hfcQAk0A1AwDxg80AYpTIFAQAcRAQWDJFgLahpgBg821A23V/Ohv9zZ3MmdBAAK5E0AM5I6UDCHgqr9yGRzXWkt47LcfOokCEgQgUD4BxED5zCkxAQIaMMiNrTVHq5vgng3vtXYRZ0MAArkQQAzkgpFMIHCGgETAqt/FuwvhGUvzf/bcjkOsTpg/VnKEQEMCiIGGiDgBAq0ReOy1DxkM1xqyQWeveJWxA4OA8AICJRBADJQAmSLSIaBQ95o3D6RjcAGWKjpAF0sBYMkSAnUIIAbqwOEQBFoloO4B1txvldrw8xVdIUEAAuURQAyUx5qSEiDw5O/3J2Bl8SYqusK6A8VzpgQIZAQQAxkJHiHQIYHNHx512w4c6zAXLhcBRVfW7/wEGBCAQEkEEAMlgaaY+Ak8u/1Q/EaWaOGz2z8usTSKgkDaBBADafsf63MksOZNughyxOme2/ExXQV5AiUvCNQhgBioA4dDEGiWgLoIGAHfLK3mztOYAboKmmPFWRDolABioFOCXA+BCgFtU0zKn8CL78M1f6rkCIHhBBADw5nwDgRaJsBNq2VkTV2AyGoKEydBoGMCiIGOEZIBBIgMFNUG1P3Cug1F0SVfCJwhgBg4w4JnEGiLgMYKcMNqC11TFzFdsylMnASBjgggBjrCx8UQcGysU3AjUHSABAEIFEsAMVAsX3JPgMC2/Sw0VKSb3zp4vMjsyRsCEKgQQAzQDCDQIYFdhz/rMAcur0dg5yHEQD0+HINAHgQQA3lQJI+kCRAZKNb98C2WL7lDQAQQA7QDCHRIgA11OgTY4HL4NgDEYQjkQAAxkANEsoAABCAAAQiETAAxELL3qLsJAvRpF+sG+BbLl9whIAKIAdoBBCAAAQhAIHECiIHEGwDmQwACEIAABBADtAEIdEigt+vcDnPg8noE4FuPDscgkA8BxEA+HMkFAhCAAAQgECwBxECwrqPiEIAABCAAgXwIIAby4UguCROYOf68hK0v3nT4Fs+YEiCAGKANQKBDAjPGMWagQ4R1L585AbFVFxAHIZADAcRADhDJIm0C3KyK9T9iq1i+5A4BEUAM0A4g0CGB2ZPGdJgDl9cjAN96dDgGgXwIIAby4UguCRPoHjvKjTvv7IQJFGs6YwaK5UvuEBABxADtAAI5EJjfc34OuZDFUAKKCiC0hlLhNQTyJ4AYyJ8pOSZIYN4UxEARbkdkFUGVPCEwnABiYDgT3oFAywS4abWMrKkLEFlNYeIkCHRMADHQMUIygIBzCmdr7AApPwKjzz7LIbLy40lOEKhHADFQjw7HINACgdtnjGvhbE5tRGBh74WMF2gEieMQyIkAYiAnkGQDge9ddREQciQAzxxhkhUEGhBADDQAxGEINEtgbvdYxw57zdKqf566CBZNR1zVp8RRCORHADGQH0tygoC7/Wq6CvJoBhICEgQkCECgHAKIgXI4U0oiBO6bfTE3sRx8/eANE3PIhSwgAIFmCSAGmiXFeRBogoBmFNz91YubOJNTahFYNL2rOjuj1nHehwAE8ieAGMifKTkmTuDBGyYRHeigDSy7cXIHV3MpBCDQDgHEQDvUuAYCdQgQHagDp8EhogINAHEYAgURQAwUBJZs0yag6ACLELXWBjRg8JGbulu7iLMhAIFcCCAGcsFIJhAYTEBCYNnXCXcPplL/lcZasENhfUYchUBRBM46WUlFZU6+EEidwJxn3nabPzyaOoaG9ks8vbN0JmMtGpLiBAgUQ4DIQDFcyRUCVQLPLPwyS+o20RaeWHAZQqAJTpwCgaIIIAaKIku+EKgQUNh79c09sKhD4JGbLqmsNthV5wwOQQACRRNADBRNmPyTJ6AbnW54pOEEtGLjQ19jbMVwMrwDgXIJMGagXN6UljCBJev/5Nb+8WDCBAabrr0cNnznCroHBmPhFQS8ECAy4AU7haZIYPVf9TjdAEmuOu1S4ynYf4DWAAEbBBADNvxALRIgoBvfulunJb/+QMaBHR4TaPSYGAwBxEAwrqKiMRDQFDoJgpR/ERMhiaElY0NsBBADsXkUe8wTyPrKU1uhUAJIXQNs82y+iVLBBAkwgDBBp2OyDQI7Dx13i3/1bhKLEkn4PH9bL7sR2mh61AICwwggBoYh4Q0IlEeg//OTbuk/7456loEiIYyVKK9NURIE2iGAGGiHGtdAIGcCy1/Z41a8sjfnXP1npy4BjRFIeYyEfy9QAwg0JoAYaMyIMyBQCoHndhxyS9a/6xQtiCE9/peXuvvnTIzBFGyAQPQEEAPRuxgDQyKgTY20ONG2A8dCqvagump8gKIBC6ddOOh9XkAAAnYJIAbs+oaaJUzg0d/udY+9ts8dPPZ5UBS0tPCDN0xkc6agvEZlIeAcYoBWAAGjBPqOnHAPv9Tn1rx5wGgNz1Rrfs8F7okFU6obM515l2cQgEAoBBADoXiKeiZLQFMQV7y616QoUFfAgzdMcvN7zk/WPxgOgRgIIAZi8CI2JEEgEwUaaOiz+0AzAxZNv6jaHTB70pgk2GMkBGIngBiI3cPYFyUBCYJnt3/sfr79oPuspMkHMy8Y5R6c210RAl2MCYiyVWFUygQQAyl7H9uDJ/C/X+lz/+0X/+Hc6HMqf6NO/eVl1fHK4MX+z5yrjF3Q47L/MtUtX9ibV+7kAwEIGCJQ+fYgQQACoRI456xKzY/ohl35U/pS5Y1zKx/rUZVtR86p/I2piITT75996vnA/ye+cE5/Sv2Vm76eSwQcrzz/oqSQw6nS+Q8BCHgkgBjwCJ+iIZA7Ad3A9Ws+SweOZs94hAAEIFCTALsW1kTDAQhAAAIQgEAaBBADafgZKyEAAQhAAAI1CSAGaqLhAAQgAAEIQCANAoiBNPyMlRCAAAQgAIGaBBADNdFwAAIQgAAEIJAGAcRAGn7GSghAAAIQgEBNAoiBmmg4AAEIQAACEEiDAGIgDT9jJQQgAAEIQKAmAcRATTQcgAAEIAABCKRBADGQhp+xEgIQgAAEIFCTAGKgJhoOQAACEIAABNIggBhIw89YCQEIQAACEKhJADFQEw0HIAABCEAAAmkQQAyk4WeshAAEIAABCNQkgBioiYYDEIAABCAAgTQIIAbS8DNWQgACEIAABGoSQAzURMMBCEAAAhCAQBoEEANp+BkrIQABCEAAAjUJIAZqouEABCAAAQhAIA0CiIE0/IyVEIAABCAAgZoEEAM10XAAAhCAAAQgkAYBxEAafsZKCEAAAhCAQE0CiIGaaDgAAQhAAAIQSIMAYiANP2MlBCAAAQhAoCYBxEBNNByAAAQgAAEIpEEAMZCGn7ESAhCAAAQgUJMAYqAmGg5AAAIQgAAE0iCAGEjDz1gJAQhAAAIQqEkAMVATDQcgAAEIQAACaRBADKThZ6yEAAQgAAEI1CSAGKiJhgMQgAAEIACBNAggBtLwM1ZCAAIQgAAEahJADNREwwEIQAACEIBAGgQQA2n4GSshAAEIQAACNQkgBmqi4QAEIAABCEAgDQKIgTT8jJUQgAAEIACBmgQQAzXRcAACEIAABCCQBgHEQBp+xkoIQAACEIBATQKIgZpoOAABCEAAAhBIg8CoNMzESggkQGD0Oc6NOsu5c8527rzK35eGaP1z9V7l+MDUf2LgK+e++MK5Y58791nl8UTl73jl+BcnB5/DKwhAIDoCiIHoXIpBsRPYduCY27j7sHtjX+Vx1yfO9Y4ffpNvFsLoEb4Cxg65WGLg+Ofu5x/0u3Gb9rn5Pee72ZPGDDmJlxCAQMgEzjpZSSEbQN0hEDuB7Ob/4ntHqiKg78iQX/MeAIyrRB4kCuZNOR9x4IE/RUIgbwKIgbyJkh8EciCw+cOj7snfH3DP7fjYWbj5NzJJ4mDR9C73/Znjq+Kg0fkchwAEbBFADNjyB7VJmMDOQ8fd2j8edE9tPegUDQg19XadWxUGd/3FBDdz/HmhmkG9IZAUAcRAUu7GWGsE+j8/6da8ud89u/1QtQvAWv06rY/EgETBnV8Z7xQ9IEEAAjYJIAZs+oVaRU7gYGXE/po3D7jHXvswiG6ATt0hISBB8OANk1z32BEGLXZaANdDAAIdEUAMdISPiyHQGgGJgJWb97kfbf7I6XlqafTZZ1VEwYSKKJjo1J1AggAEbBBADNjwA7WInIAGASoKsOp3Hzl1DZBcNVKw7MbJiAIaAwQMEEAMGHACVYibwMrK3PwVr+5NMhLQyLOKFNw/Z5Jb9vXJTs9JEICAHwKIAT/cKTUBAi/3HXH3bHjfaZogqT4BjSN4/FuXutuvHlf/RI5CAAKFEEAMFIKVTFMmoC6Bh1/qqw4QTJlDO7bP77nAPbFgClMS24HHNRDogABioAN4XAqBoQRWbfmoIgT20CUwFEyLrx/62mT3yE2XtHgVp0MAAu0SQAy0S47rIDCAgGYGqEtAiwaR8iEwt3usW3frNKYi5oOTXCBQlwBioC4eDkKgMQGNCViy/k9BrxrY2Eo/Z2h9gtU391RXNPRTA0qFQBoEEANp+BkrCyKgmQIaH8B0wYIA/znb++dMrHQbdDPjoFjM5J4wAcRAws7H9PYJqFtg6Qu7KxsJHWo/E65siYC6DZ5Z+GXWJWiJGidDoDkCiIHmOHEWBE4TkBBY8E/vMGXwNJHynmgK4vO39brZk8aUVyglQSABAoiBBJyMifkR0M6CEgJ6JPkhoHEE6749ja2S/eCn1EgJIAYidSxm5U9AAwUlBFLcUyB/mp3lqNUKn1k4lYGFnWHkagicJvCl0894AgEI1CSwftcnCIGadMo/oAGbi3+1i4WdykdPiZESQAxE6ljMyo+AhMDiX+4iIpAf0txy0iDO5a/syS0/MoJAqgToJkjV89jdFIFMCDB1sClc3k7SEsZ3z7rYW/kUDIHQCSAGQvcg9S+MAGMECkNbSMYaVLhoelcheZMpBGInQDdB7B7GvrYIaLbALb/YSddAW/T8XLRk/btOkRwSBCDQOgHEQOvMuCJyAtk6Atp9kBQOAXXlaFlotowOx2fU1A4BxIAdX1ATAwQyIcA6Agac0UYV5D9FdPBfG/C4JGkCiIGk3Y/xQwlodDq/LIdSCeu1IjoSBAz6DMtv1NYvAcSAX/6UboiANh1irwFDDumgKtsOHKtsKf1eBzlwKQTSIsBsgrT8jbU1COjmMefp7VH8mtT6/TMnjK6s3z/aTbvgnKbW8d92oN/t+uSEe7nvSDXEHkuYnRkGNRo8b0NgCAHEwBAgvEyPgMLJEgISBCEmbdozv+d8N2/K+W7upWOdxECnSUw27j7sXnzvSFUg6HmISfsYbFpyJTsdhug86lwqAcRAqbgpzCIBjRNY8+YBi1WrWScJgLv+YnxlXv1Fudz8axb05wMSB2vfOuie3f5xcNP3tPXxhu9c4bSfAQkCEBiZAGJgZC68mwgBiQCJgRCSfuVqlb3vXzPOzRx/nrcqa4Demjf3ux9t/siFMv3y/jkT3eN/eak3ZhQMAesEEAPWPUT9CiOgG5m6B6zf0BT2v2/2xVUhIEFgKUlMPfbah0F0sai7QBEVEgQgMJwAYmA4E95JhMA9G953q7Z8ZNZa3fiX3TjZ3f3Vi82HuDULQ6P3LQsrCQEJAhIEIDCcAGJgOBPeSYCA1hKY88zbZi298yvj3SM3dZcyHiAvCBpXsOKVvW7lpg/NzspgQ6O8vE0+sRFADMTmUexpioCEgMXFhTQWYPVf9TgNegs1nZrj/351NoI1G9TlsvVvr3bWuluscaI+6RFg0aH0fJ68xeoasCgE5vdc4P7tb6YHLQTUuCRonr+t1+SWwurGWPHq3uQ/AwCAwFACRAaGEuF11ASsDhqMdbS7hJfGZlhLDCa05hHq45sAkQHfHqD8Uglo5LulQW6a+65+7FinvWkq5Ia/vsJcWJ7oQKkfOwoLgACRgQCcRBXzIaABbpf+w1anne0sJPVbK5we8viAZjlqeWNtHmRplUeiA816j/NSIEBkIAUvY2OVwKrffWRGCGTT3FIQAoLf23VudTzEouldZloj0QEzrqAiBggQGTDgBKpQPAFFBS5fvc1EF4EG2G264yrzawcU5ZXFv9plZndIzSzwuZpjUYzJFwKtEiAy0Coxzg+SgKICFsYKZF0DKa+T/8zCqWZWAnzy9/uDbM9UGgJ5E0AM5E2U/MwRUFRAAwd9JwkAbamrkHnK6RSHqSYGFVoRiSm3B2y3QQAxYMMP1KJAAtptz0JU4PFvXVrdarhAU4PJWoJIwsh3hERCURsukSCQOgHEQOotIAH7te2u76R1BDTNjnSGwPye850Eku+kHRhJEEidAGIg9RYQuf2KCKzf9YlXK7WyoPYZIA0nIIEkoeQzqY1s3P2pzypQNgS8E0AMeHcBFSiSgLoIfKZT4fCp3sPhPhk0KlsLLkkw+UxPbTvgs3jKhoB3AogB7y6gAkUSeGqbXzGw+uYeEwPlimScR97PLPyyV8Ek0ajxAyQIpEoAMZCq5xOwW6vd+dyQ6ParxzFgsMl2pt0EH/zapCbPzv80CYHndvgfW5K/ZeQIgeYIIAaa48RZARJ4aqu/qIBGyVsYHBeS2x762mQnUeAr+WwvvmymXAhkBBADGQkeoyOw9o/+xIAGDPq8sYXoTAmoJxZc5q3qG3cfpqvAG30K9k0AMeDbA5RfCAFtjKM/H0ki4O6vMo2wHfbau0D7NvhI6ip4+YMjPoqmTAh4J4AY8O4CKlAEAZ9TxR68YZLXwXBF8Cwzz2U3Ti6zuEFlbXzv8KDXvIBAKgQQA6l4OjE7X3zfz7xxogKdNzSf0YEX3yMy0LkHySFEAoiBEL1GnRsS8BUZuGvWBKICDb3T+IT7rvPTzfLyB58ybqCxezgjQgKIgQidmrpJPscLaDohqXMCig742LeAcQOd+44cwiSAGAjTb9S6DgFfUYG53WPdzPHn1akZh5oloK2eF02/qNnTcz2PcQO54iSzQAggBgJxFNVsnsAbH/U3f3KOZ952xYU55kZWvni+0ncU+BBIjgBiIDmXx2+wrymFd35lQvxwS7RQkQEfXQU+V60sES9FQWAQAcTAIBy8iIHAtv3HSjdDc+NZZChf7BICC3vLj7ZoF0P2KcjXl+RmnwBiwL6PqGGLBLQnQdlpfs/5ZReZRHnzpvjhum2/n66mJJyKkSYJIAZMuoVKtUvAhxBQXX3dtNrlFMp1vkSWr3YUil+oZ3wEEAPx+TRpi3x0EQi4r5tW7M5W94tmFpSdfI07KdtOyoNARgAxkJHgMQoCPr7ENVbAxw0rCoc1YYSP6Zpv7Cu/q6kJFJwCgcIIIAYKQ0vGPgi8dbD8zYl8bazjg6+PMn3w1SBCEgRSIoAYSMnbCdja//kXpVs5cwILDRUJfca4c4vMfsS8Dx77fMT3eRMCsRJADMTq2UTt6j9xsnTLfdysSjfSY4E+xBZiwKPDKdoLAcSAF+wUWhQBH+HdmeNHF2UO+VYI9HaVHxkAPARSI4AYSM3j2AuBwAj4WIXQx0DUwNxCdSMjgBiIzKGpm8OXeOotAPshAIF2CCAG2qHGNRAYQKC365wBr3iaNwFf3QQ+upzyZkd+EGiWAGKgWVKcBwEIJEWg/0T5M1OSAoyxpgggBky5g8pAAAJWCIwexdejFV9Qj+IJ0NqLZ0wJkRPYeeizyC30a56vcSDsQunX75ReLgHEQLm8Ka1gAr76lws2i+whAAEIFEoAMVAoXjKHAAQ6JdD/efkLSSEqO/Ua14dGADEQmseob10CPkK72w70160TBzsj4KuboLNaczUEwiKAGAjLX9S2AYHRo85qcEb+h31sjpS/FXZz9LEtNbtQ2m0P1KwYAoiBYriSqycCo88uv0n7uFl5wuulWB9iCzHgxdUU6pFA+d+cHo2l6PgJ+Ng0aPOHR+MH69FCH3x9dDd5REzREHCIARpBVAR8DPzSSnXscldcM9p24FhxmdfI+bqJbEtdAw1vR0oAMRCpY1M1y8d2t2K9cfenqSIv1G5FBXwILR+islCQZA6BBgQQAw0AcTgsAr6+xF98HzFQREvxJbJmjicyUIQ/ydMuAcSAXd9QszYIaLtbH1/kvm5abSAK6hJfIsuXqAzKOVQ2KgKIgajciTEi4OOLXOFsdrnLt/1psSEfIkuDB5lNkK8vyc0+AcSAfR9RwxYJ+Bo3sPatgy3WlNPrEVi/8xMv4wVmThhdr1ocg0CUBBADUbo1baOuu9jPl/mz2z9OG3zO1vviOXuSn/aTMz6yg0BLBBADLeHi5BAIzO8530s1X+474lg6Nx/06iJ4bocfcTVvip/2kw85coFAewQQA+1x4yrDBLrHjHJjyl+VuEpk7R/pKsijaUgI+NigSHWfwxoDebiQPAIjgBgIzGFUtz6B/s++cIt/8gd39JPyF6pRzX60+SNvN7H6ZMI6+thr+/xU+PjnbtH/+r07ePSEn/IpFQKeCCAGPIGn2GIISAis37rfucqqgD6SZhSs+t1HPoqOpszndhxyPpYgrgLs/8xtfu+wW/DjN5yEJQkCqRBADKTi6QTsXPr0W6eEgGytfKn7So+99iHRgQ7gr3h1bwdXd3jpn0WkBIGEJYKgQ55cHgwBxEAwrqKi9QhICKx5te/MKScqv+r05yERHWgfuteowBcnB4lIRZgQBO37kivDIoAYCMtf1HYEAg+s2zFYCGTnHD6ePSv9UdEBFiFqDbsGDD780gBB19rlnZ/dX+lakiAYkCQIlvx064B3eAqBOAkgBuL0azJWLV+/0618cffI9h72M4hQlZEQWPGKx3D3yERMv6uxFj52KDwNpUZ7eW7LPqfIEwkCMRNADMTs3chtkxBYsX5XbSsrI8Od/jylVVs+8jcQzpPN7RYr8eQ1KqCIwJHa40zUBYUgaNe7XBcCAcRACF6ijsMIrPrN+/WFQHZFjV972eGiH5es/5OXJXWLtivv/O/Z8J7fQZdHKl1KQ7oIhtooQfDwL98Z+javIRAFAcRAFG5Mywh9Kd/zs+3NGe1x3IAqqLD30hdqdGM0Z0H0Zz380p7KaoOH/NrZZDt59IV3nSJSJAjERgAxEJtHI7dn7et7WwvXakaBBoZ5TLrR6YZHGk5AKzY++lvPYyvURup0EQyttbqmEARDqfA6dAKIgdA9mFD9NbJ76TNtDOQ65G8gYeYe3fBYqjijcepRezks/WcDURN1EbSYJAgGTWVt8XpOh4A1AqOsVSi2+uzc3+80GvmVXZ+4vkNnvnRGn/MlN2/6RW5ub5ebf+W42MzO3Z6O5nzry/7EGOdG+dW+uvH1dp3r5naPzZ1PaBlqwKDGU/jaf+A0L40TONh/+mUrT7IBhXfe2N3KZcmdq++9l3cdqn4HvrxzcHfQzEvGuusqG0MtmjXRdVc+GyR/BM46WUn+io+3ZN28Vvx6lxva+EeyWB8CfaHcddOlrpe91IchEsMF/7PD5WG7KtvSTvR/E+4eO8ptuuMqp8dUkwTAgp//h1NkwHuSUOw73FE1Vt8xo/r57SiTCC/e+PZB9+RLHzh17TWT9KNo2cJp/DhqBlYB5yAGcoaqSIAGt0kMtJrGVXbbe3zxdL5YBoDL1onveOOYL1W2Mey5yHt0QKYpMrDhO1e40Wd72lpxAF8fTxURMNNlsruyTXKH008V5Vv3g2vdwmsm+MBprkwt4fzAczucZvy0kxQleOK7FcFMpKAdfG1fgxhoG93wC7ftOeJueXKLkyDoJN1+/eTqh0HiIOWUmxDIII6vdBXoz0CSIFh367SkIgSKCKirxIwQyCEqkDUlBMEpEvrMasVGfRd2khQhXffDa93syy7oJBuubYEAYqAFWPVOVeP/xspNuW19mvqHQYJKPAeOs6jHv6ljGjOg6ICiBAaSxg+s+/ZUN3uSDYFSJBKNEbjlFzttLcKUQ1RgIDMJgufvmpVsmFsrgWodhrw2d9KPoQ33XocgGNjICnzud0RVgYaVmbUav9Rwx6HsAZXWzTCPKMOALIN5Ktu1hWyuQkDWawqZ50WIBjphZ2Vg1Tf+7w47v5QHVi7H5xobMOfp7baEgKICHXYPDEWk74HF//iH6hbIQ4/F/lqDpLVHSF5CQLz0fSqeeX6vxu6HTuxDDHRC78/XSg0rPJZ30s1QIiPPD1jedcw7v0wI6LGQpJHjDVaaK6TcGpkqdK4+9OWv7KlxRthvq0tAgwUVGTCV9h8tpDq6cUnIFvF9UEiFc8hUUdGiNnPS90A2ayOHqpJFHQKIgTpwmjmkD33NjXKayaDBORpJv+ql9gbiNMja3OHsl0BhQkAWKzpQ0I2gE6Da1Gjxr3b5n2rXiRFDrn3gXz+wMX1wSL2q0aGcowIDi8gEQaHteGCBnp/n2TUwkimKOuiPVCwBxECHfJ96tfhfdI/9y5/yD5l3aHfel2dfoKX8ojpUiQ4UeDNol41WKlS3gded+9qt/IDrsvEBKzcZ/AJXVKgEMZi159gFgT6vZdyoy/ieHdCEk3yKGOjA7Qrjl/GrXeWU8YHrAEVHl6obpPTQ6r7ORjt3ZHCdizd/eNRd83/+WF2++OAxfzsu1qli3UNaaVH1X19ZZMtkkhBQdKiEJCGgdh2zICjrJq3vv1J+KJTQLqwWgRjowDNrN+0trT//2U0fdlBTu5dWB139xMOgq/7KdrVNbk7jg152U13z5gEfxbdc5sbdn9oXMYoGKSpUYpIQ0EBgRQpiTFpYqKxUlvAoyx5r5SAGOvDIr7eV90Wt5TxjS5kQaGeBplxY7K9EBwwNJhxqk8Lt2vHw8jVvOYkC70v3Dq1g5XXWtbHgn/7DfvfGvk9HsKD4tzTAThGC2ASBIpZl/lqPOTpafCtsXAJioDGjEc/QjaxMVazyYgs3agSyNyEgr1YHE9rsLhjY6DQFsSoKVm+r7vDne2S+ui8kTiRSNOjRxLLCA4GN9FxTSj3uXqmbZmyCoL+k7pbMnfr+i+07MLPNwiNioE0v6Je6btBlppg+CJouZELpa0dDzTkPIEkEaCvkS/9ha3UBn7KjBYoCaBqkypc4kUgJIql7wMAYEQmC1KYK590+THxn5G2UkfzSXu+2AyfEdGPuAENbl0oImNr+dW8lfNxT+Sh43tWwFZgaoKc/3ZTn91zg5l021s2vLN0699Kxue15oF/8G3cfdq/sOVp5/NSFOKCx2g20t7IGiJHuIEXCFlfGyGgvA61YSGqNQGxdLa1ZX+zZiIFi+ZL7EAKak2xKCKh+ulFUbhhnT+ly4Y3fd9Ubtm7aK9yp3eG0vLF2Rfx69xg3c/x5lefnnPbCQLGgG3yWdKPfvO+oe+vA8eov/iBC/1nl6z0qImBsGmkmCLR0MQkCVgggBqx4IoF6LF+/0z36wrsmLb3zqxPddddc7LRQTuhJ0xOVzE7vKwnwnV8Z76ZdfaFbsX5XSSU2X4wEgSJk2v6YBAELBBADFryQQB0kBCx+KQu9tp7NvpRffP/T6gj5BFwStYmKiDyx4LLTXSYW214WIcvaXtQOwTjzBOi0Mu+i8CuoLz2LX8YiKyGg/tssrb65pxpaz17zGB6BceedXd0eevTZp3anXL6w1z1081SThuizoQ1+SBDwTQAx4NsDkZevLzurG41kQmDgQC7dSJ6/rddpe2FSeAQkAOQ/RQYGpkduvdzdeWP3wLfMPNfeJoqckSDgkwBiwCf9yMte+/pes0JgdmXk/TN/d82II7olBHRDkTAghUVg3a3T3NzusSNWWuF4q4JAkTMEwYhu482SCCAGSgKdWjHVAVLPvGXSbAmBDfde58aNqT1kRr8sJQiyULNJQ6jUIALq4lk47cJB7w19IUGwaNbEoW+beC1BsOo3aexQagI4lRhEADEwCAcv8iCQTZ0qe1GmZuo+85KxDYVAlo9+YeqXJsk+gUduusRp9kAzSREhdRFZTPf8bLu9qbcWQVGn3AkgBnJHmnaGL+88VF1UxaIQ6J0w2mlud72IwFDv6ZemfnGS7BJY9vXJ7qGvTW66ghojokGjVgWBuUW5mibLiSETQAyE7D1jdddyq9qhzaoQUNeABEGrSb846TJolVo55ysisPzrl7RcWCYI1GVkMSlCoAgbCQJlEUAMlEU68nIsb8TSXRkQ2K4QyNymCMGG71zBoMIMiIFHRWxaiQgMrbIEgdqFRUEgQa1lixEEQ73G66IIIAaKIptQvtqnYfE//sHkFq3qElDXQDsRgaEu1BiCDX99OdMOh4Ip+XU2fbDZMQL1qqf2YV0QlLk7aj1WHIubAGIgbv8Wbp2EgLZmtbhxUxFf9Fr3X4Jg6Dz2wkFTQJWApnsqQtNo1kAruNRO1v3w2lwEYyvlNnNuNUJQEdqKvJEgUCQBxECRdCPPu6+yha1VIaAQsCICRYSAtQ7Bv/3N9OpugZG72JR5EmDiXmsdgU4qq8hRp11JnZRf71rt1KfPGYKgHiWOdUoAMdApwUSv1xeUBgtajAhkg8Pm9nYV5p3qL9RKhEAj2UnFE1CXwKY7rio0IhOCILD4eSve+5RQBgHEQBmUIyvD8i+VTAiUNW1MI9n1a1VbBpPyJ6DxARooqL8yFoCSIFCXgboOrKXsc4cgsOaZOOqDGIjDj6VZoT5MRQSshixXL5lR+vxxha23/u3VufZjl+ZQwwVpfIaiAXkMFGzFzGZWqGwlvzzPlRCw2jWXp53kVT4BxED5zIMtMZvupIWFLCYtNXv79X7C9tkGR5r3XsYvWIv886zT/XMmViMuvgZqZoJAkSZrSYJAglyRAhIE8iJgr6XnZRn55EogEwJW5z1b2YRG896JErTf9BRlUbfL4395qXdRJUGglQotCoJte45UIwQIgvbbGlcOJoAYGMyDVzUILK1sOmRVCFjbnjbb9XCkrXRr4E3+bUVWnlgwpbDZAu0CHmmb63bzyvs6ywt95W0r+RVPADFQPOPgS9Ba6dqO2GJatnCae+jmqRarVh1DoD5vug7qu+fuWRe7d+6c4fRoMUkQaHMji0mCQAt+KXJHgkAnBBADndBL4FrLm6ZICCxf2GvaCxo/oK6Dd5bOLH0gnGkwlcotmt7lNi25shoRUGTActK2x+qKspi0QqGWLkYQWPROOHVCDITjq9Jrunz9TrPbqd55Y7d5ITDQYZp6qOlxH/zXa5wGx6U8yLC6ZkBFBKz79jSnGQOhJLU5q4JAXXgIglBaks16IgZs+sV7rSQEVqzf5b0eI1XA8pfySPUd+J5EgQbHKVKgBYus/yIeWPdOnkv8SASoO0CiKCQRMNButb3HF08f+JaZ5xIE2u2QBIF2CNhbWaMdK7gmVwKPvvCuWSGgqYNWf5214gSJAi1YdP/siW7Nmwfck7/f77YdONZKFkGcq8GUt189zt03++JoFma6f15PdVqfRbG85tW+aruI4TMSRAOPqJKIgYicmYcp+jJ5+Jfv5JFV7nloIJcWFYopKTKgbgP9SQxIFKx966DrOxLuHHLZJAHwvasuquzfcH5M7jptSzZWxaog0HTIJ7571en68gQCjQggBhoRSui4hIAGDFpMlqd45cVLC+yoC0F/63d94p7d/nFVGPR/fjKvIgrLR90Ai6Zf5G674sKqECisIEMZSxDs+eQzt+o37xuq1amqqE6XXHhOUONqzEFMrEKIgcQcXsvc57bsMysE5l85zuziL7V4dvq+tujVn/rXX+474jbuPuxefO/UoxVxML/nAjfvsrFufmVxnlgjAI38qF/fGsWfhecbnV/m8SxqkUUxyiybssIjgBgIz2e511gDj5b8dGvu+eaRYXUVuMrGMRZXgcvDvmby0Kp8+nvoa6fOHigOtn/U73Yc/qyZbDo75/jnrnfcee77syYkffMfCWLWP29VEGjTJY1zIEGgHgHEQD06CRyzPCUpWx/e4g5yPpvGQHFwumtnVGVi0KjKXP1zK396PnrIR3vo64EG9A8Zn3C88vpEZRGb/s+d+6LyWBECSt//i8q6DpVBj6ThBBQh6PvkuMlVOh9Yt6O6C6NmQpAgUIvAkG+MWqfxfowEqquXGV2sJNtbHiHQZMvTzbt6Ay8hStBklVI6TZEr7WOguf4S2NZSNhYIQWDNM3bqwzoDdnxRak2ydc0trlqGECi1KVBYTgQyQaAxLhaTBIFFoWKRVYp1Qgwk6PVMCFjc8SwTAnokQSA0AlVBUBnjoi4ui8lq5MIiq9TqhBhIzOPaC10bm1gUAuoSeP6uWQ4hkFijjMxcteMN915nUhAoEoggiKzB5WQOYiAnkCFkIyGw4MdvOD1aS9kX6MxLxlqrGvWBQMsELLdnCQLNHlKEkASBjABiICMR+WPfoePmhYDV0GrkTQPzCiJgOdKlyKB+GCAICnJ+gNkiBgJ0WqtV1gf/lie3mIwIqI9Ve8UjBFr1KueHQMDyGJhMEGzbcyQElNSxYAKIgYIB+84++8Bb/AWQjb7WUsMkCMRKIBMEihRYS5Z/KFhjFXt9EAMRe7g6WKgyWBAhELGTMS0IApYFgeWxREE4N5JKIgYiceRQM7JRwxvfPjj0kInXWrGNiIAJV1CJkghYXlEzEwSKFJDSJIAYiNDvmRCwusCI1nJnJbQIGx4mNSQgQbDO6F4bCIKG7ov6BMRAhO6952fbza40pogAQiDCRodJTROwvAunuhQ1y4AIQdPujOZExEA0rjxliJYctbh7mmq3bOE0d/c3p0RGHHMg0DoBdZFpLwMNorWWJAi0MJkijKR0CNhriemwz91SRQQsCwH2Vc/d5WQYMAEJgtVLZpi0QGONtFIhgsCkewqpFGKgEKzlZ7p8/U636jfvl19wEyVqL3WEQBOgOCU5ArdfP9lpDI3FZHl7c4u8Qq8TYiB0D1bqLyGwYv0uk5ZofMDji6ebrBuVgoAFAvqMWBYEijiS4ieAGAjcxytf3G1aCFj9kgvc7VQ/MgISBBpTYzGp61FjkUhxE0AMBOxffUgfWLfDpAWLZk00+2vHJDAqlTwBdaVZFgRECOJuooiBQP1rWa1rYJT2GyBBAAKtEZAgeOjmqa1dVNLZGpOkLklSnAQQAwH6VQN7rIbtLE+ZCtDVVDlBAo/cernZtTg0NglBEGejtLdzRpycc7MqG+GbW4Y5ZlRdXc3o3OkczSQrCBROIBtrY3GqsASBNl1SVyApHgKIgYB8+ettB5wGDFqc+5utu25xEZWAXExVIXCagARB/4kv3NrX955+z8oTjVVilUIr3sinHnQT5MOxlFwefeFd00LA4hatpTiGQiBQEAEtSqSuN4vJ6nRmi6xCqBNiIAQvGa6jtmbVxisIAcNOomrBElCkTcsWWxUEwYKl4sMIIAaGIeGNZglke7TrkQQBCBRDIBMEc3u7iimAXCFQIYAYoBm0RaC761y34d7rHEKgLXxcBIGWCEgQPH/XLKexOSQIFEEAMVAE1cjzVJeAvpgQApE7GvNMEdDnTgIcQWDKLdFUBjEQjSvLMYQvpHI4UwoERiKAEB+JCu/lQQAxkAfFRPJQqJJfJok4GzPNEqCLzqxrgq4YYiBo95VX+WwQEyHK8phTEgRqEWDwbi0yvN8uAcRAu+QSui4TAkxvSsjpmGqegAQB03rNuymYCiIGgnGVv4pq0yGEgD/+lAyBWgSylT81loAEgU4IIAY6oZfAtVoSlTXIE3A0JgZLAEEQrOtMVRwxYModtiojIXDnjd22KkVtIACBYQQkCBTBU5ceCQLtEKDltEMtgWssb6OaAH5MhEDLBNSVp6WLEQQto+OCCgHEAM1gGIFlC6e5h26eOux93oAABGwTyASB7VpSO4sEEAMWveKxThICyxf2eqwBRUMAAp0QkCBQFx8JAq0QQAy0Qivyc+/+5hSEQOQ+xrw0CGisD4IgDV/nZSViIC+SgeejL48nvntV4FZQfQhAICOgz/Tji6dnL3mEQF0CiIG6eNI4yK+INPyMlekRuH9ej1PXHwkCjQggBhoRivy4+heJCETuZMxLmoDGACEIkm4CTRmPGGgKU5wnZSOPmYoUp3+xCgIZAQkCRQlIEKhFgDUsa5GJ/H2ta37fty5zL+86FJ2lWoCF5Vmjc2upBm18+2Cp5ZVR2G2zLnaya/N7h8sojjICI4AYCMxheVV35/5+d8uTW/LKzlQ+EgL3zbus+ksIUWDKNeYrs+bVPrdi/S6nzwcJAikRQAyk5O1EbD149ET1C/3Jlz6oLtE6/8pxiViOme0S2LbniFv8kz84PZIgkCIBxgyk6PVEbO47dNwt+PEb7tEX3k3EYsxsh8Da1/e6b6zchBBoBx7XREOAyEA0rsSQWgQe/uU7rv/EFyyoVAtQwu+rW2Dp028lTADTIXCKAJEBWkISBNQPvPLF3UnYipHNEXhuyz6EQHOoOCsBAoiBBJyMiacIKEJAnzCtQQTUhXTPz7YDAwIQ+DMBxABNIRkC/Z994Zb8dGsy9mJobQISAhIEJAhA4BQBxAAtISkCmmP98s741lZIyokdGisRoC4CEgQgcIYAYuAMC54lQuDZTR8mYilmjkRAgwZJEIDAYAKIgcE8eJUAgbWb9iZgJSbWIvDUv++pdYj3IZAsAcRAsq5P13CFiddv3Z8ugIQtVxcRg0gTbgCYXpMAYqAmGg7ETCDGPRli9ldetrEuf14kySc2AoiB2DyKPRCAQE0CfZ8wg6AmHA4kTQAxkLT70zV+zyefpWt8wpYfO3EyYesxHQK1CSAGarPhSMQEtOYAKT0CrC2Qns+xuDkCiIHmOHEWBCAAAQhAIFoCiIFoXYth9QjMmDym3mGORUoAv0fqWMzqmABioGOEZBAigbm9XSFWmzp3SAC/dwiQy6MlgBiI1rUYVo/A7MsuqHeYY5ESwO+ROhazOiaAGOgYIRmERkA3hHFjRoVWbeqbAwH5HUGQA0iyiI4AYiA6l2JQIwLfv/GSRqdwPGIC+D9i52Ja2wQQA22j48IQCXR3nevuvmlKiFWnzjkRkP/VDkgQgMAZAoiBMyx4lgCBB//zl93oc2j2Cbi6ponyv9oBCQIQOEOAb8UzLHgWOQGiApE7uAXziA60AItTkyCAGEjCzRipgWPP3zWLqABNoUpA0QG1BwaS0iAgcIoAYoCWED0BfeFvuPc6RpFH7+nWDNSsArULBEFr3Dg7TgKIgTj9ilV/JqCuAYQAzaEWgUwQMKCwFiHeT4UAYiAVTydmp8LA98/rcVsf/k9EBBLzfavmShConTx081SiBK3C4/xoCLDySpuuXDhzQvUXZ5uXc1nBBOZO62J8QMGMY8peXQWP3Hp59W/j2wdjMi0qW3onjI7KHkvGIAba9IbCioQW24THZRAwTGD+leMM146qQaAYAnQTFMOVXCEAAQhAAALBEEAMBOMqKgoBCEAAAhAohgBioBiu5AoBCEAAAhAIhgBiIBhXUVEIQAACEIBAMQQQA8VwJVcIQAACEIBAMAQQA8G4iopCAAIQgAAEiiGAGCiGK7lCAAIQgAAEgiGAGAjGVVQUAhCAAAQgUAwBxEAxXMkVAhCAAAQgEAwBxEAwrqKiEIAABCAAgWIIIAaK4UquEIAABCAAgWAIIAaCcRUVhQAEIAABCBRDADFQDFdyhQAEIAABCARDADEQjKuoKAQgAAEIQKAYAoiBYriSKwQgAAEIQCAYAoiBYFxFRSEAAQhAAALFEEAMFMOVXCEAAQhAAALBEEAMBOMqKgoBCEAAAhAohgBioBiu5AoBCEAAAhAIhgBiIBhXUVEIQAACEIBAMQQQA8VwJVcIQAACEIBAMAQQA8G4iopCAAIQgAAEiiGAGCiGK7lCAAIQgAAEgiGAGAjGVVQUAhCAAAQgUAwBxEAxXMkVAhCAAAQgEAwBxEAwrqKiEIAABCAAgWIIIAaK4UquEIAABCAAgWAIIAaCcRUVhQAEIAABCBRDADFQDFdyhQAEIAABCARDADEQjKuoKAQgAAEIQKAYAoiBYriSKwQgAAEIQCAYAoiBYFxFRSEAAQhAAALFEEAMFMOVXCEAAQhAAALBEEAMBOMqKgoBCEAAAhAohgBioBiu5AoBCEAAAhAIhgBiIBhXUVEIQAACEIBAMQQQA8VwJVcIQAACEIBAMAQQA8G4iopCAAIQgAAEiiGAGCiGK7lCAAIQgAAEgiGAGAjGVVQUAhCAAAQgUAwBxEAxXMkVAhCAAAQgEAwBxEAwrqKiEIAABCAAgWIIIAaK4UquEIAABCAAgWAIIAaCcRUVhQAEIAABCBRDYFQx2ZIrBMIgsHN/v1u/db97ccfHru/Q8dOVHjdmlPvenEnu9usnn36PJ+EQOHj0hNv83uFBFe6dMNrpjwQBCAwngBgYzoR3IiegG8Vj//Int/b1vU5ioFZ6bss+98BzO9zqJTPcwmsm1DqN940QkJhb82qf+8XvP3Iv7zw0Yq1mXjK2KvLuvmmK6+46d8RzeBMCKRJADKTo9YRtlgDQDX5gFKAeDp13y5Nb3Oo7Zrg7b+yudyrHPBGQjyTuVr30vuv/7Iu6tdi254hbsX5X9fz75/W4R269vO75HIRAKgQQA6l4OnE7FQFY+vRbbuPbB9sioWuVEARt4SvsInUFLPjxG07RnlaSRMOjL7xb7UpY94Nr3ehzGD7VCj/OjY8An4D4fIpFQwhICOiG0a4QyLKTIFAYmmSDQObXVoXAwNprvMg3Vm5qWUwMzIPnEIiBAGIgBi9iQ00C2Q1Dj3mke362vTrgMI+8yKN9AplfOxECWemKLsz5+9ea7jrKruMRAjERQAzE5E1sGUQgu2HkJQSUucLLi3/yBwTBINLlvijCr8pzxa93lWsIpUHAEAHEgCFnUJV8CSz+xz/UnS3QbmkIgnbJdX6dIgHq8slT4GW1WvWb92vOQsjO4RECsRJADMTq2cTtWvni7mHzzPNEIkGw5KdbCy0jz/rGkFeRQiDjo24gEgRSJIAYSNHrkdusG7WmjxWdspvT0MVtii43xfzLYi1fMkg0xRaGzYgB2kB0BLRYkG4eZaSyblJl2GK1DIk7rfVQluj69bYDVlFQLwgURgAxUBhaMvZF4Kl/31Nq0RIERY1PKNUQg4Vl4zNqrShYRJU13VDlkiCQEgHEQEreTsTWMm8cGdIiRrhneaf6mAkB3ZzLTBJ3L+8aeTnjMutBWRAokwBioEzalFU4Ad2Uy+oiGGoMgmAokc5ea4Bm2UIgq7EPQZmVzSMEfBBADPigTpmFEShiylkrlVX56jLwJUhaqavlc7Xao8Z++Er9J+gm8MWecv0QQAz44U6pERPQQLd21suPGElLprHsc0u4OBkCuRBADOSCkUysEBg9ykaTRhC01yIeWLeDqX3toeMqCHREwMY3Z0cmcDEEzhDQfvVWkgSB+r0Zmd6cR5av3+m0WBQJAhAonwBioHzmlFgggXFjRrnurnMLLKG1rDUATnsZIAjqc5MQKGOhqPq1OHO0d8LoMy94BoEECCAGEnByaiYunDnBlMkIgvruePSFd00JAdV2/pXj6leaoxCIjABiIDKHYo5z37/xEnMYJAhY9364W7T078O/fGf4AY/vzL7sAkdkwKMDKNoLAcSAF+wUWiQB/aqz+GWuG59GypNOEbDKY9nCabgIAskRQAwk5/I0DF73w2udxg9YS1ZvgGVzWvv6XpPCSEJg0ayJZeOgPAh4J4AY8O4CKlAEAYV6N9x7nRt9jr0mLkGgAXOpJnWZLH3GXoTk7m9OccsX9qbqFuxOnIC9b8rEHYL5+RGQIFj3g2tNCgKNnE9REFgdTHnnjd3uie9elV/jIycIBEYAMRCYw6huawQWXjMBQdAassLO3vj2QZPTLCUEVt8xozC7yRgCIRBADITgJerYEQEJAqu/+hQhULdB7EkLMGnPBmvrLVhuG7G3CeyzRQAxYMsf1KYgApZ//cW+Fr/VpZktR40K+hiQLQRqEkAM1ETDgdgISBBYnTYWqyDYtueIyU2bEAKxfbqxp1MCiIFOCXJ9UAQ0WtyqINCiRBpgF0vSds63PLnF3HbOGlj6zN9dY3JgaSy+x47wCCAGwvMZNe6QgASBogTWkvrTtY9BDIJAQkDbOOvRUsqmnFpcg8ISJ+qSHgHEQHo+x+IKAY0eRxAU0xT6Dh03KQS0o6XWnkAIFON3cg2bAGIgbP9R+w4IaIaB+o6tJUUItPWxBt6Flg4ePVHtGrAWEdDy1M/fNQshEFqDor6lEUAMlIaagqwR0OqEWpTIoiDQTVVh9pAEgdU6SwgoImBxvwprnwnqky4BxEC6vsfyCgEJAg0mU1+ytWT15joSJ0UzLIoXdQkgBEbyGO9BYDABxMBgHrxKkEB2w7AqCLRYj7Ww+8Bmkg18tBbFyPxKRGCgt3gOgZEJIAZG5sK7iRHQjUM7HVq8cVgdma8mkgkBazMgMiFgUeAl9tHC3EAIIAYCcRTVLJ6A5b5li4LAqhBQ9ba69AAAB4lJREFU148GCyIEiv/MUEI8BBAD8fgSS3IgIEGgCIF+WVpLEgTqMtBYAgvJ4iJJ2aDQub1dFhBRBwgEQwAxEIyrqGhZBPSL0up8dCvr/FtcPjkTAhZnh5TVdikHAu0SQAy0S47roiYgQaAIgW4w1pJvQWBRCMhHq5fMMDlN1Fr7oT4QGImAvW+6kWrJexDwQGD+leOq6xBYFQRamEj99mWm5et3mtxyWStK3n795DJRUBYEoiJw1slKisoijIFAzgTWvr63uiJgztnmkp3GNpQ1hkDjKSxOcbS6tHQuDiYTCJREADFQEmiKCZvAmlf7nMLjJFsEHrn1cvfQzVNtVYraQCBAAnQTBOg0qlw+AW1qpBsPyQ4BbUWNELDjD2oSNgHEQNj+o/YlEtCNRzcgkn8C8oO2oiZBAAL5EKCbIB+O5JIQAc2vX/Wb9xOy2JapitJonAAJAhDIjwCRgfxYklMiBLT1sW5IpPIJIATKZ06JaRAgMpCGn7GyAAK3PLnFWVuTvwAzzWSpqYPaYZIEAQjkT4DIQP5MyTERAut+cC2L3JTka60qqEWFSBCAQDEEiAwUw5VcEyGgRX++sXKTs7Z9b0z4JQQkvCwu/hQTZ2xJmwCRgbT9j/UdEtANSvsYsENehyBrXG55FcgaVeZtCARJADEQpNuotCUCWgVQgkAr9JHyI2B5f4j8rCQnCNgggBiw4QdqETgBBEG+DrS8c2S+lpIbBGwQYMyADT9Qi0gIaO3+OX//Wmn7BUSCbZAZirBs+h83OAksEgQgUA4BIgPlcKaURAjoRqYuA25k7Tkcfu1x4yoIdEoAMdApQa6HwBACCnE/f9csRr8P4dLoZSYE9EiCAATKJYAYKJc3pSVCYG5vF9PhWvA1Yy5agMWpECiAAGKgAKhkCQER0Px4Vsxr3BYQAo0ZcQYEiiaAGCiaMPknTWDRrIlsqlOnBWRCgHUa6kDiEARKIIAYKAEyRaRNQJvrPL54etoQRrBeCzat++G1LNg0AhvegkDZBBADZROnvCQJ3D+vxy1bOC1J20cyuioEKksMa4VBEgQg4J8AYsC/D6hBIgSWL+x1EgWpp0wIaEwFCQIQsEEAMWDDD9QiEQLqLlC3Qcrpie9exW6PKTcAbDdJADFg0i1UKmYCq++Y4W6/fnLMJta0TbanLoZqwuEABDwSQAx4hE/R6RJYvWRGcr+OEQLptncst08AMWDfR9QwQgJZv3kqA+g0eJKIQIQNGZOiIYAYiMaVGBIagVSm1kkIaPAkCQIQsEuAXQvt+oaaJULg4NET7hsrN7lte45EZ/FDN091j9x6eXR2YRAEYiNAZCA2j2JPcAS0Cp82Noptgx51CyAEgmuOVDhRAoiBRB2P2bYIZDv2dXeda6tibdZGQkADBkkQgEAYBBADYfiJWiZAQIJAEQJFCkJOmjaJEAjZg9Q9RQKIgRS9js1mCWjDng33Xuc0uDDEpFUFNW2SBAEIhEUgzG+csBhTWwi0RECCYF1l3f7QBIGEQIj1bsk5nAyBSAkwmyBSx2JW+ATWb93vbnlySxCGzO3tchv+e7gRjSAgU0kIFEiAyECBcMkaAp0QqIbcAxiEp0iGxjqEFsnoxDdcC4HYCCAGYvMo9kRFQKPytbGP1ZSNcQh90KNVvtQLAmURQAyURZpyINAmgbu/OcVpFT9rKZbZD9a4Uh8I+CCAGPBBnTIh0CIBLedrSRDEti5Ci+7gdAhER4ABhNG5FINiJrD06bfcmlf7vJqYCQE9kiAAgTgIEBmIw49YkQgB39sAx7p0ciLNBzMhUJMAYqAmGg5AwCYBDSjUTIOyk4SAFkSaecnYsoumPAhAoGACiIGCAZM9BPImUN36uLIoUZmCIBMCmj1AggAE4iOAGIjPp1iUAAEJgmf+7hpXxs25zLIScB0mQsAkAcSASbdQKQg0JlDGr3UfUYjGlnMGBCCQNwHEQN5EyQ8CJRKQIFj3w2tdUSP7tddAmd0RJaKjKAhAYAABxMAAGDyFQIgEiprqp5kLCIEQWwR1hkDrBBADrTPjCgiYIyBBoAiBIgV5JN9TGPOwgTwgAIHmCSAGmmfFmRAwTSCvfQI0dVF7IpAgAIF0CCAG0vE1liZAQIJAsww08K+dpCWPtRcCCQIQSItAe98YaTHCWggERUD9/Br416ogkBDQHggkCEAgPQKIgfR8jsUJEJAgWL1kRtOW3j+vByHQNC1OhEB8BBAD8fkUiyBQJXD79ZOdBgI2Shof8Pji6Y1O4zgEIBAxAcRAxM7FNAjoRv/IrZfXBKHjzQiGmhlwAAIQiIIAYiAKN2IEBGoTeOjmqU7jAYamRbMmIgSGQuE1BBIlgBhI1PGYnRYBDQwcOEtAYwo064AEAQhAQATOOllJoIAABNIgsPTpt1zfJ8fbmm2QBiGshECaBBADafodqxMm0P/ZFy1PO0wYF6ZDIAkCiIEk3IyREIAABCAAgdoEGDNQmw1HIAABCEAAAkkQQAwk4WaMhAAEIAABCNQmgBiozYYjEIAABCAAgSQIIAaScDNGQgACEIAABGoTQAzUZsMRCEAAAhCAQBIE/j+lmdeQIPNK3gAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - lb.lbconfig.carlosedp.com + resources: + - externalloadbalancers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - lb.lbconfig.carlosedp.com + resources: + - externalloadbalancers/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: lbconfig-operator-controller-manager + deployments: + - label: + control-plane: controller-manager + name: lbconfig-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: quay.io/carlosedp/lbconfig-operator:v0.5.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: lbconfig-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: lbconfig-operator-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - 'load-balance ' + - infrastructure + labels: + lbconfig-operator: "true" + links: + - name: GitHub + url: https://github.com/carlosedp/lbconfig-operator + - name: Documentation + url: https://github.com/carlosedp/lbconfig-operator/docs + - name: Issues + url: https://github.com/carlosedp/lbconfig-operator/issues + maintainers: + - email: carlosedp@gmail.com + name: Carlos Eduardo de Paula + maturity: beta + minKubeVersion: 1.18.0 + provider: + name: Carlos Eduardo de Paula + selector: {} + version: 0.5.0 diff --git a/operators/lbconfig-operator/0.5.0/metadata/annotations.yaml b/operators/lbconfig-operator/0.5.0/metadata/annotations.yaml new file mode 100644 index 00000000000..8ccd148c9ec --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: lbconfig-operator + operators.operatorframework.io.bundle.channels.v1: beta + operators.operatorframework.io.bundle.channel.default.v1: beta + operators.operatorframework.io.metrics.builder: operator-sdk-v1.36.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/lbconfig-operator/0.5.0/tests/scorecard/config.yaml b/operators/lbconfig-operator/0.5.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..b2d3c06a72f --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/tests/scorecard/config.yaml @@ -0,0 +1,77 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.34.2 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.34.2 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.34.2 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.34.2 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.34.2 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.34.2 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} + - image: quay.io/operator-framework/scorecard-test-kuttl:v2.0.0 + labels: + suite: kuttlsuite + test: kuttltest1 + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/01-assert.yaml b/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/01-assert.yaml new file mode 100644 index 00000000000..c6d64fc7f62 --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/01-assert.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + password: YWRtaW4= + username: YWRtaW4= +kind: Secret +metadata: + name: dummy-creds + namespace: lbconfig-operator-system +type: Opaque \ No newline at end of file diff --git a/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/10-create-elb.yaml b/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/10-create-elb.yaml new file mode 100644 index 00000000000..1f1fad114e6 --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/10-create-elb.yaml @@ -0,0 +1,21 @@ +apiVersion: lb.lbconfig.carlosedp.com/v1 +kind: ExternalLoadBalancer +metadata: + name: externalloadbalancer-master-dummy-test + namespace: lbconfig-operator-system +spec: + vip: "10.0.0.10" + nodelabels: + "node-role.kubernetes.io/control-plane": "" + ports: + - 6443 + monitor: + path: "/healthz" + port: 6443 + monitortype: "https" + provider: + vendor: Dummy + host: "https://10.0.0.1" + port: 443 + creds: dummy-creds + validatecerts: false \ No newline at end of file diff --git a/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/11-assert.yaml b/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/11-assert.yaml new file mode 100644 index 00000000000..d185e22a70b --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/create-externalloadbalancer/11-assert.yaml @@ -0,0 +1,42 @@ +apiVersion: lb.lbconfig.carlosedp.com/v1 +kind: ExternalLoadBalancer +metadata: + name: externalloadbalancer-master-dummy-test + namespace: lbconfig-operator-system +status: + labels: + node-role.kubernetes.io/control-plane: "" + monitor: + monitortype: https + name: Monitor-externalloadbalancer-master-dummy-test + path: /healthz + port: 6443 + nodes: + - host: 172.26.0.2 + label: + node-role.kubernetes.io/control-plane: "" + name: test-operator-control-plane + numnodes: 1 + pools: + - members: + - node: + host: 172.26.0.2 + label: + node-role.kubernetes.io/control-plane: "" + name: test-operator-control-plane + port: 6443 + monitor: Monitor-externalloadbalancer-master-dummy-test + name: Pool-externalloadbalancer-master-dummy-test-6443 + ports: + - 6443 + provider: + creds: dummy-creds + host: https://10.0.0.1 + port: 443 + validatecerts: false + vendor: Dummy + vips: + - ip: 10.0.0.10 + name: VIP-externalloadbalancer-master-dummy-test-6443 + pool: Pool-externalloadbalancer-master-dummy-test-6443 + port: 6443 \ No newline at end of file diff --git a/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/kuttl-test.yaml b/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/kuttl-test.yaml new file mode 100644 index 00000000000..84c8ba482c7 --- /dev/null +++ b/operators/lbconfig-operator/0.5.0/tests/scorecard/kuttl/kuttl-test.yaml @@ -0,0 +1,5 @@ +apiVersion: kudo.dev/v1beta1 +kind: TestSuite +parallel: 1 +timeout: 240 +startControlPlane: false diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml new file mode 100644 index 00000000000..eca4a2b99b5 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: loki-operator-controller-manager-metrics-reader diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..e82a7c02ef4 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: loki-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + name: loki-operator-controller-manager +status: + loadBalancer: {} diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 00000000000..0a1c320c138 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: loki-operator-controller-manager-read-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: loki-operator-metrics-reader +subjects: +- kind: ServiceAccount + name: loki-operator-controller-manager-metrics-reader + namespace: loki-operator diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator-manager-config_v1_configmap.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..86790615701 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: config.loki.grafana.com/v1 + kind: ProjectConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: loki-operator.grafana.com + featureGates: + lokiStackGateway: true + restrictedPodSecurityStandard: false + # + # Webhook feature gates + # + lokiStackWebhook: true + alertingRuleWebhook: true + recordingRuleWebhook: true +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: loki-operator-manager-config diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..4455d646e6c --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: loki-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator-prometheus_rbac.authorization.k8s.io_v1_role.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator-prometheus_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..25fa29ce786 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator-prometheus_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: loki-operator-prometheus +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator-prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator-prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 00000000000..939d6973181 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator-prometheus_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: loki-operator-prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: loki-operator-prometheus +subjects: +- kind: ServiceAccount + name: prometheus-k8s + namespace: openshift-monitoring diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator-webhook-service_v1_service.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..56581d01bbc --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator-webhook-service_v1_service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: loki-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator +status: + loadBalancer: {} diff --git a/operators/loki-operator/0.6.2/manifests/loki-operator.clusterserviceversion.yaml b/operators/loki-operator/0.6.2/manifests/loki-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..09119acd778 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki-operator.clusterserviceversion.yaml @@ -0,0 +1,2078 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "loki.grafana.com/v1", + "kind": "AlertingRule", + "metadata": { + "name": "alertingrule-sample" + }, + "spec": { + "groups": [ + { + "interval": "10m", + "name": "alerting-rules-group", + "rules": [ + { + "alert": "HighPercentageError", + "annotations": { + "summary": "High request latency" + }, + "expr": "sum(rate({app=\"foo\", env=\"production\"} |= \"error\" [5m])) by (job)\n /\nsum(rate({app=\"foo\", env=\"production\"}[5m])) by (job)\n \u003e 0.05\n", + "for": "10m", + "labels": { + "severity": "page" + } + }, + { + "alert": "HttpCredentialsLeaked", + "annotations": { + "message": "{{ $labels.job }} is leaking http basic auth credentials." + }, + "expr": "sum by (cluster, job, pod) (count_over_time({namespace=\"prod\"} |~ \"http(s?)://(\\\\w+):(\\\\w+)@\" [5m]) \u003e 0)", + "for": "10m", + "labels": { + "severity": "critical" + } + } + ] + } + ], + "tenantID": "test-tenant" + } + }, + { + "apiVersion": "loki.grafana.com/v1", + "kind": "LokiStack", + "metadata": { + "name": "lokistack-sample" + }, + "spec": { + "size": "1x.small", + "storage": { + "secret": { + "name": "test" + } + }, + "storageClassName": "standard" + } + }, + { + "apiVersion": "loki.grafana.com/v1", + "kind": "RecordingRule", + "metadata": { + "name": "recordingrule-sample" + }, + "spec": { + "groups": [ + { + "interval": "10m", + "name": "recording-rules-group", + "rules": [ + { + "expr": "sum(rate({container=\"myservice\"}[10m]))\n", + "record": "myservice:requests:rate10m" + }, + { + "expr": "sum(rate({container=\"otherservice\"}[1m]))\n", + "record": "otherservice:requests:rate1m" + } + ] + } + ], + "tenantID": "test-tenant" + } + }, + { + "apiVersion": "loki.grafana.com/v1", + "kind": "RulerConfig", + "metadata": { + "name": "rulerconfig-sample" + }, + "spec": { + "alertmanager": { + "discovery": { + "enableSRV": true, + "refreshInterval": "1m" + }, + "enableV2": true, + "endpoints": [ + "http://alertmanager-host1.mycompany.org", + "http://alertmanager-host2.mycompany.org" + ], + "externalLabels": { + "environment": "production", + "region": "us-east-2" + }, + "externalUrl": "http://www.mycompany.org/alerts", + "notificationQueue": { + "capacity": 1000, + "forGracePeriod": "10m", + "forOutageTolerance": "1h", + "resendDelay": "1m", + "timeout": "30s" + } + }, + "evaluationInterval": "1m", + "pollInterval": "1m", + "remoteWrite": { + "client": { + "authorization": "basic", + "authorizationSecretName": "my-secret-resource", + "name": "remote-write-log-metrics", + "proxyUrl": "http://proxy-host.mycompany.org", + "relabelConfigs": [ + { + "action": "replace", + "regex": "ALERTS.*", + "replacement": "$1", + "separator": "", + "sourceLabels": [ + "labelc", + "labeld" + ], + "targetLabel": "labelnew" + } + ], + "timeout": "30s", + "url": "http://remote-write-host.mycompany.org" + }, + "enabled": true, + "refreshPeriod": "10s" + } + } + } + ] + capabilities: Full Lifecycle + categories: OpenShift Optional, Logging & Tracing + certified: "false" + containerImage: docker.io/grafana/loki-operator:0.6.2 + createdAt: "2024-09-09T09:16:56Z" + description: The Community Loki Operator provides Kubernetes native deployment + and management of Loki and related logging components. + operators.operatorframework.io/builder: operator-sdk-unknown + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/grafana/loki/tree/main/operator + support: Grafana Loki SIG Operator + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + name: loki-operator.v0.6.2 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: AlertingRule is the Schema for the alertingrules API + displayName: AlertingRule + kind: AlertingRule + name: alertingrules.loki.grafana.com + resources: + - kind: LokiStack + name: "" + version: v1 + specDescriptors: + - description: List of groups for alerting rules. + displayName: Groups + path: groups + - description: Interval defines the time interval between evaluation of the + given alerting rule. + displayName: Evaluation Interval + path: groups[0].interval + - description: Limit defines the number of alerts an alerting rule can produce. + 0 is no limit. + displayName: Limit of firing alerts + path: groups[0].limit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Name of the alerting rule group. Must be unique within all alerting + rules. + displayName: Name + path: groups[0].name + - description: Rules defines a list of alerting rules + displayName: Rules + path: groups[0].rules + - description: The name of the alert. Must be a valid label value. + displayName: Name + path: groups[0].rules[0].alert + - description: Annotations to add to each alert. + displayName: Annotations + path: groups[0].rules[0].annotations + - description: The LogQL expression to evaluate. Every evaluation cycle this + is evaluated at the current time, and all resultant time series become pending/firing + alerts. + displayName: LogQL Expression + path: groups[0].rules[0].expr + - description: Alerts are considered firing once they have been returned for + this long. Alerts which have not yet fired for long enough are considered + pending. + displayName: Firing Threshold + path: groups[0].rules[0].for + - description: Labels to add to each alert. + displayName: Labels + path: groups[0].rules[0].labels + - description: TenantID of tenant where the alerting rules are evaluated in. + displayName: Tenant ID + path: tenantID + statusDescriptors: + - description: Conditions of the AlertingRule generation health. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1 + - description: LokiStack is the Schema for the lokistacks API + displayName: LokiStack + kind: LokiStack + name: lokistacks.loki.grafana.com + resources: + - kind: ConfigMap + name: "" + version: v1 + - kind: Deployment + name: "" + version: v1 + - kind: Ingress + name: "" + version: v1 + - kind: PersistentVolumeClaims + name: "" + version: v1 + - kind: Route + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: ServiceAccount + name: "" + version: v1 + - kind: ServiceMonitor + name: "" + version: v1 + - kind: StatefulSet + name: "" + version: v1 + specDescriptors: + - description: HashRing defines the spec for the distributed hash ring configuration. + displayName: Hash Ring + path: hashRing + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: MemberList configuration spec + displayName: Memberlist Config + path: hashRing.memberlist + - description: "EnableIPv6 enables IPv6 support for the memberlist based hash + ring. \n Currently this also forces the instanceAddrType to podIP to avoid + local address lookup for the memberlist." + displayName: Enable IPv6 + path: hashRing.memberlist.enableIPv6 + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: InstanceAddrType defines the type of address to use to advertise + to the ring. Defaults to the first address from any private network interfaces + of the current pod. Alternatively the public pod IP can be used in case + private networks (RFC 1918 and RFC 6598) are not available. + displayName: Instance Address + path: hashRing.memberlist.instanceAddrType + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:default + - urn:alm:descriptor:com.tectonic.ui:select:podIP + - description: Type of hash ring implementation that should be used + displayName: Type + path: hashRing.type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:memberlist + - description: Limits defines the limits to be applied to log stream processing. + displayName: Rate Limiting + path: limits + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Global defines the limits applied globally across the cluster. + displayName: Global Limits + path: limits.global + - description: IngestionBurstSize defines the local rate-limited sample size + per distributor replica. It should be set to the set at least to the maximum + logs size expected in a single push request. + displayName: Ingestion Burst Size (in MB) + path: limits.global.ingestion.ingestionBurstSize + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: IngestionRate defines the sample size per second. Units MB. + displayName: Ingestion Rate (in MB) + path: limits.global.ingestion.ingestionRate + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxGlobalStreamsPerTenant defines the maximum number of active + streams per tenant, across the cluster. + displayName: Max Global Streams per Tenant + path: limits.global.ingestion.maxGlobalStreamsPerTenant + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxLabelNameLength defines the maximum number of characters allowed + for label keys in log streams. + displayName: Max Label Name Length + path: limits.global.ingestion.maxLabelNameLength + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxLabelNamesPerSeries defines the maximum number of label names + per series in each log stream. + displayName: Max Labels Names per Series + path: limits.global.ingestion.maxLabelNamesPerSeries + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxLabelValueLength defines the maximum number of characters + allowed for label values in log streams. + displayName: Max Label Value Length + path: limits.global.ingestion.maxLabelValueLength + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxLineSize defines the maximum line size on ingestion path. + Units in Bytes. + displayName: Max Line Size + path: limits.global.ingestion.maxLineSize + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: PerStreamDesiredRate defines the desired ingestion rate per second + that LokiStack should target applying automatic stream sharding. Units MB. + displayName: Per Stream Desired Rate (in MB) + path: limits.global.ingestion.perStreamDesiredRate + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: PerStreamRateLimit defines the maximum byte rate per second per + stream. Units MB. + displayName: Maximum byte rate per second per stream (in MB) + path: limits.global.ingestion.perStreamRateLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: PerStreamRateLimitBurst defines the maximum burst bytes per stream. + Units MB. + displayName: Maximum burst bytes per stream (in MB) + path: limits.global.ingestion.perStreamRateLimitBurst + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: IndexedResourceAttributes contains the global configuration for + resource attributes to store them as index labels or structured metadata + or drop them altogether. + displayName: Indexed Resource Attributes + path: limits.global.otlp.indexedResourceAttributes + - description: LogAttributes contains the configuration for log attributes to + store them as index labels or structured metadata or drop them altogether. + displayName: Log Attributes + path: limits.global.otlp.logAttributes + - description: Action defines the indexing action for the selected attributes. + They can be either added to structured metadata or drop altogether. + displayName: Action + path: limits.global.otlp.logAttributes[0].action + - description: Attributes allows choosing the attributes by listing their names. + displayName: Attribute Names + path: limits.global.otlp.logAttributes[0].attributes + - description: Regex allows choosing the attributes by matching a regular expression. + displayName: Regular Expression + path: limits.global.otlp.logAttributes[0].regex + - description: ResourceAttributes contains the configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + displayName: Resource Attributes + path: limits.global.otlp.resourceAttributes + - description: Attributes contains the configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + displayName: Attributes + path: limits.global.otlp.resourceAttributes.attributes + - description: Action defines the indexing action for the selected resoure attributes. + They can be either indexed as labels, added to structured metadata or drop + altogether. + displayName: Action + path: limits.global.otlp.resourceAttributes.attributes[0].action + - description: Attributes is the list of attributes to configure indexing or + drop them altogether. + displayName: Attribute Names + path: limits.global.otlp.resourceAttributes.attributes[0].attributes + - description: Regex allows choosing the attributes by matching a regular expression. + displayName: Regular Expression + path: limits.global.otlp.resourceAttributes.attributes[0].regex + - description: "IgnoreDefaults controls whether to ignore the global configuration + for resource attributes indexed as labels. \n If IgnoreDefaults is true, + then this spec needs to contain at least one mapping to a index label." + displayName: Ignore Global Defaults + path: limits.global.otlp.resourceAttributes.ignoreDefaults + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: ScopeAttributes contains the configuration for scope attributes + to store them as index labels or structured metadata or drop them altogether. + displayName: Scope Attributes + path: limits.global.otlp.scopeAttributes + - description: Action defines the indexing action for the selected attributes. + They can be either added to structured metadata or drop altogether. + displayName: Action + path: limits.global.otlp.scopeAttributes[0].action + - description: Attributes allows choosing the attributes by listing their names. + displayName: Attribute Names + path: limits.global.otlp.scopeAttributes[0].attributes + - description: Regex allows choosing the attributes by matching a regular expression. + displayName: Regular Expression + path: limits.global.otlp.scopeAttributes[0].regex + - description: CardinalityLimit defines the cardinality limit for index queries. + displayName: Cardinality Limit + path: limits.global.queries.cardinalityLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxChunksPerQuery defines the maximum number of chunks that can + be fetched by a single query. + displayName: Max Chunk per Query + path: limits.global.queries.maxChunksPerQuery + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxEntriesLimitsPerQuery defines the maximum number of log entries + that will be returned for a query. + displayName: Max Entries Limit per Query + path: limits.global.queries.maxEntriesLimitPerQuery + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxQuerySeries defines the maximum of unique series that is returned + by a metric query. + displayName: Max Query Series + path: limits.global.queries.maxQuerySeries + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxVolumeSeries defines the maximum number of aggregated series + in a log-volume response + displayName: Max Volume Series + path: limits.global.queries.maxVolumeSeries + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Timeout when querying ingesters or storage during the execution + of a query request. + displayName: Query Timeout + path: limits.global.queries.queryTimeout + - description: Tenants defines the limits applied per tenant. + displayName: Limits per Tenant + path: limits.tenants + - description: IngestionBurstSize defines the local rate-limited sample size + per distributor replica. It should be set to the set at least to the maximum + logs size expected in a single push request. + displayName: Ingestion Burst Size (in MB) + path: limits.tenants.ingestion.ingestionBurstSize + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: IngestionRate defines the sample size per second. Units MB. + displayName: Ingestion Rate (in MB) + path: limits.tenants.ingestion.ingestionRate + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxGlobalStreamsPerTenant defines the maximum number of active + streams per tenant, across the cluster. + displayName: Max Global Streams per Tenant + path: limits.tenants.ingestion.maxGlobalStreamsPerTenant + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxLabelNameLength defines the maximum number of characters allowed + for label keys in log streams. + displayName: Max Label Name Length + path: limits.tenants.ingestion.maxLabelNameLength + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxLabelNamesPerSeries defines the maximum number of label names + per series in each log stream. + displayName: Max Labels Names per Series + path: limits.tenants.ingestion.maxLabelNamesPerSeries + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxLabelValueLength defines the maximum number of characters + allowed for label values in log streams. + displayName: Max Label Value Length + path: limits.tenants.ingestion.maxLabelValueLength + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxLineSize defines the maximum line size on ingestion path. + Units in Bytes. + displayName: Max Line Size + path: limits.tenants.ingestion.maxLineSize + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: PerStreamDesiredRate defines the desired ingestion rate per second + that LokiStack should target applying automatic stream sharding. Units MB. + displayName: Per Stream Desired Rate (in MB) + path: limits.tenants.ingestion.perStreamDesiredRate + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: PerStreamRateLimit defines the maximum byte rate per second per + stream. Units MB. + displayName: Maximum byte rate per second per stream (in MB) + path: limits.tenants.ingestion.perStreamRateLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: PerStreamRateLimitBurst defines the maximum burst bytes per stream. + Units MB. + displayName: Maximum burst bytes per stream (in MB) + path: limits.tenants.ingestion.perStreamRateLimitBurst + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: LogAttributes contains the configuration for log attributes to + store them as index labels or structured metadata or drop them altogether. + displayName: Log Attributes + path: limits.tenants.otlp.logAttributes + - description: Action defines the indexing action for the selected attributes. + They can be either added to structured metadata or drop altogether. + displayName: Action + path: limits.tenants.otlp.logAttributes[0].action + - description: Attributes allows choosing the attributes by listing their names. + displayName: Attribute Names + path: limits.tenants.otlp.logAttributes[0].attributes + - description: Regex allows choosing the attributes by matching a regular expression. + displayName: Regular Expression + path: limits.tenants.otlp.logAttributes[0].regex + - description: ResourceAttributes contains the configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + displayName: Resource Attributes + path: limits.tenants.otlp.resourceAttributes + - description: Attributes contains the configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + displayName: Attributes + path: limits.tenants.otlp.resourceAttributes.attributes + - description: Action defines the indexing action for the selected resoure attributes. + They can be either indexed as labels, added to structured metadata or drop + altogether. + displayName: Action + path: limits.tenants.otlp.resourceAttributes.attributes[0].action + - description: Attributes is the list of attributes to configure indexing or + drop them altogether. + displayName: Attribute Names + path: limits.tenants.otlp.resourceAttributes.attributes[0].attributes + - description: Regex allows choosing the attributes by matching a regular expression. + displayName: Regular Expression + path: limits.tenants.otlp.resourceAttributes.attributes[0].regex + - description: "IgnoreDefaults controls whether to ignore the global configuration + for resource attributes indexed as labels. \n If IgnoreDefaults is true, + then this spec needs to contain at least one mapping to a index label." + displayName: Ignore Global Defaults + path: limits.tenants.otlp.resourceAttributes.ignoreDefaults + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: ScopeAttributes contains the configuration for scope attributes + to store them as index labels or structured metadata or drop them altogether. + displayName: Scope Attributes + path: limits.tenants.otlp.scopeAttributes + - description: Action defines the indexing action for the selected attributes. + They can be either added to structured metadata or drop altogether. + displayName: Action + path: limits.tenants.otlp.scopeAttributes[0].action + - description: Attributes allows choosing the attributes by listing their names. + displayName: Attribute Names + path: limits.tenants.otlp.scopeAttributes[0].attributes + - description: Regex allows choosing the attributes by matching a regular expression. + displayName: Regular Expression + path: limits.tenants.otlp.scopeAttributes[0].regex + - description: Blocked defines the list of rules to block matching queries. + displayName: Blocked + path: limits.tenants.queries.blocked + - description: Hash is a 32-bit FNV-1 hash of the query string. + displayName: Query Hash + path: limits.tenants.queries.blocked[0].hash + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Pattern defines the pattern matching the queries to be blocked. + displayName: Query Pattern + path: limits.tenants.queries.blocked[0].pattern + - description: Regex defines if the pattern is a regular expression. If false + the pattern will be used only for exact matches. + displayName: Regex + path: limits.tenants.queries.blocked[0].regex + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Types defines the list of query types that should be considered + for blocking. + displayName: Query Types + path: limits.tenants.queries.blocked[0].types + - description: CardinalityLimit defines the cardinality limit for index queries. + displayName: Cardinality Limit + path: limits.tenants.queries.cardinalityLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxChunksPerQuery defines the maximum number of chunks that can + be fetched by a single query. + displayName: Max Chunk per Query + path: limits.tenants.queries.maxChunksPerQuery + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxEntriesLimitsPerQuery defines the maximum number of log entries + that will be returned for a query. + displayName: Max Entries Limit per Query + path: limits.tenants.queries.maxEntriesLimitPerQuery + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxQuerySeries defines the maximum of unique series that is returned + by a metric query. + displayName: Max Query Series + path: limits.tenants.queries.maxQuerySeries + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: MaxVolumeSeries defines the maximum number of aggregated series + in a log-volume response + displayName: Max Volume Series + path: limits.tenants.queries.maxVolumeSeries + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Timeout when querying ingesters or storage during the execution + of a query request. + displayName: Query Timeout + path: limits.tenants.queries.queryTimeout + - description: ManagementState defines if the CR should be managed by the operator + or not. Default is managed. + displayName: Management State + path: managementState + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:Managed + - urn:alm:descriptor:com.tectonic.ui:select:Unmanaged + - description: Proxy defines the spec for the object proxy to configure cluster + proxy information. + displayName: Cluster Proxy + path: proxy + - description: HTTPProxy configures the HTTP_PROXY/http_proxy env variable. + displayName: HTTPProxy + path: proxy.httpProxy + - description: HTTPSProxy configures the HTTPS_PROXY/https_proxy env variable. + displayName: HTTPSProxy + path: proxy.httpsProxy + - description: NoProxy configures the NO_PROXY/no_proxy env variable. + displayName: NoProxy + path: proxy.noProxy + - description: Replication defines the configuration for Loki data replication. + displayName: Replication Spec + path: replication + - description: Factor defines the policy for log stream replication. + displayName: Replication Factor + path: replication.factor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: 'Zones defines an array of ZoneSpec that the scheduler will try + to satisfy. IMPORTANT: Make sure that the replication factor defined is + less than or equal to the number of available zones.' + displayName: Zones Spec + path: replication.zones + - description: MaxSkew describes the maximum degree to which Pods can be unevenly + distributed. + displayName: Max Skew + path: replication.zones[0].maxSkew + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: TopologyKey is the key that defines a topology in the Nodes' + labels. + displayName: Topology Key + path: replication.zones[0].topologyKey + - description: 'Deprecated: Please use replication.factor instead. This field + will be removed in future versions of this CRD. ReplicationFactor defines + the policy for log stream replication.' + displayName: Replication Factor + path: replicationFactor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Rules defines the spec for the ruler component. + displayName: Rules + path: rules + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Enabled defines a flag to enable/disable the ruler component + displayName: Enable + path: rules.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Namespaces to be selected for PrometheusRules discovery. If unspecified, + only the same namespace as the LokiStack object is in is used. + displayName: Namespace Selector + path: rules.namespaceSelector + - description: A selector to select which LokiRules to mount for loading alerting/recording + rules from. + displayName: Selector + path: rules.selector + - description: Size defines one of the support Loki deployment scale out sizes. + displayName: LokiStack Size + path: size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:1x.extra-small + - urn:alm:descriptor:com.tectonic.ui:select:1x.small + - urn:alm:descriptor:com.tectonic.ui:select:1x.medium + - description: Storage defines the spec for the object storage endpoint to store + logs. + displayName: Object Storage + path: storage + - description: Version for writing and reading logs. + displayName: Version + path: storage.schemas[0].version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:v11 + - urn:alm:descriptor:com.tectonic.ui:select:v12 + - urn:alm:descriptor:com.tectonic.ui:select:v13 + - description: Name of a secret in the namespace configured for object storage + secrets. + displayName: Object Storage Secret Name + path: storage.secret.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Type of object storage that should be used + displayName: Object Storage Secret Type + path: storage.secret.type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:azure + - urn:alm:descriptor:com.tectonic.ui:select:gcs + - urn:alm:descriptor:com.tectonic.ui:select:s3 + - urn:alm:descriptor:com.tectonic.ui:select:swift + - urn:alm:descriptor:com.tectonic.ui:select:alibabacloud + - description: TLS configuration for reaching the object storage endpoint. + displayName: TLS Config + path: storage.tls + - description: Key is the data key of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. If + empty, it defaults to "service-ca.crt". + displayName: CA ConfigMap Key + path: storage.tls.caKey + - description: CA is the name of a ConfigMap containing a CA certificate. It + needs to be in the same namespace as the LokiStack custom resource. + displayName: CA ConfigMap Name + path: storage.tls.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: Storage class name defines the storage class for ingester/querier + PVCs. + displayName: Storage Class Name + path: storageClassName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:StorageClass + - description: Template defines the resource/limits/tolerations/nodeselectors + per component. + displayName: Node Placement + path: template + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Compactor defines the compaction component spec. + displayName: Compactor pods + path: template.compactor + - description: PodAntiAffinity defines the pod anti affinity scheduling rules + to schedule pods of a component. + displayName: PodAntiAffinity + path: template.compactor.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: Replicas defines the number of replica pods of the component. + displayName: Replicas + path: template.compactor.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Distributor defines the distributor component spec. + displayName: Distributor pods + path: template.distributor + - description: PodAntiAffinity defines the pod anti affinity scheduling rules + to schedule pods of a component. + displayName: PodAntiAffinity + path: template.distributor.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: Replicas defines the number of replica pods of the component. + displayName: Replicas + path: template.distributor.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Gateway defines the lokistack gateway component spec. + displayName: Gateway pods + path: template.gateway + - description: PodAntiAffinity defines the pod anti affinity scheduling rules + to schedule pods of a component. + displayName: PodAntiAffinity + path: template.gateway.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: Replicas defines the number of replica pods of the component. + displayName: Replicas + path: template.gateway.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: IndexGateway defines the index gateway component spec. + displayName: Index Gateway pods + path: template.indexGateway + - description: PodAntiAffinity defines the pod anti affinity scheduling rules + to schedule pods of a component. + displayName: PodAntiAffinity + path: template.indexGateway.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: Replicas defines the number of replica pods of the component. + displayName: Replicas + path: template.indexGateway.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Ingester defines the ingester component spec. + displayName: Ingester pods + path: template.ingester + - description: PodAntiAffinity defines the pod anti affinity scheduling rules + to schedule pods of a component. + displayName: PodAntiAffinity + path: template.ingester.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: Replicas defines the number of replica pods of the component. + displayName: Replicas + path: template.ingester.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Querier defines the querier component spec. + displayName: Querier pods + path: template.querier + - description: PodAntiAffinity defines the pod anti affinity scheduling rules + to schedule pods of a component. + displayName: PodAntiAffinity + path: template.querier.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: Replicas defines the number of replica pods of the component. + displayName: Replicas + path: template.querier.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: QueryFrontend defines the query frontend component spec. + displayName: Query Frontend pods + path: template.queryFrontend + - description: PodAntiAffinity defines the pod anti affinity scheduling rules + to schedule pods of a component. + displayName: PodAntiAffinity + path: template.queryFrontend.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: Replicas defines the number of replica pods of the component. + displayName: Replicas + path: template.queryFrontend.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Ruler defines the ruler component spec. + displayName: Ruler pods + path: template.ruler + - description: PodAntiAffinity defines the pod anti affinity scheduling rules + to schedule pods of a component. + displayName: PodAntiAffinity + path: template.ruler.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: Replicas defines the number of replica pods of the component. + displayName: Replicas + path: template.ruler.replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Tenants defines the per-tenant authentication and authorization + spec for the lokistack-gateway component. + displayName: Tenants Configuration + path: tenants + - description: Authentication defines the lokistack-gateway component authentication + configuration spec per tenant. + displayName: Authentication + path: tenants.authentication + - description: TLSConfig defines the spec for the mTLS tenant's authentication. + displayName: mTLS Configuration + path: tenants.authentication[0].mTLS + - description: CA defines the spec for the custom CA for tenant's authentication. + displayName: CA ConfigMap + path: tenants.authentication[0].mTLS.ca + - description: Key is the data key of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. If + empty, it defaults to "service-ca.crt". + displayName: CA ConfigMap Key + path: tenants.authentication[0].mTLS.ca.caKey + - description: CA is the name of a ConfigMap containing a CA certificate. It + needs to be in the same namespace as the LokiStack custom resource. + displayName: CA ConfigMap Name + path: tenants.authentication[0].mTLS.ca.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: OIDC defines the spec for the OIDC tenant's authentication. + displayName: OIDC Configuration + path: tenants.authentication[0].oidc + - description: IssuerCA defines the spec for the issuer CA for tenant's authentication. + displayName: IssuerCA ConfigMap + path: tenants.authentication[0].oidc.issuerCA + - description: Key is the data key of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. If + empty, it defaults to "service-ca.crt". + displayName: CA ConfigMap Key + path: tenants.authentication[0].oidc.issuerCA.caKey + - description: CA is the name of a ConfigMap containing a CA certificate. It + needs to be in the same namespace as the LokiStack custom resource. + displayName: CA ConfigMap Name + path: tenants.authentication[0].oidc.issuerCA.caName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: IssuerURL defines the URL for issuer. + displayName: Issuer URL + path: tenants.authentication[0].oidc.issuerURL + - description: RedirectURL defines the URL for redirect. + displayName: Redirect URL + path: tenants.authentication[0].oidc.redirectURL + - description: Secret defines the spec for the clientID and clientSecret for + tenant's authentication. + displayName: Tenant Secret + path: tenants.authentication[0].oidc.secret + - description: Name of a secret in the namespace configured for tenant secrets. + displayName: Tenant Secret Name + path: tenants.authentication[0].oidc.secret.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: TenantID defines the id of the tenant. + displayName: Tenant ID + path: tenants.authentication[0].tenantId + - description: TenantName defines the name of the tenant. + displayName: Tenant Name + path: tenants.authentication[0].tenantName + - description: Authorization defines the lokistack-gateway component authorization + configuration spec per tenant. + displayName: Authorization + path: tenants.authorization + - description: OPA defines the spec for the third-party endpoint for tenant's + authorization. + displayName: OPA Configuration + path: tenants.authorization.opa + - description: URL defines the third-party endpoint for authorization. + displayName: OpenPolicyAgent URL + path: tenants.authorization.opa.url + - description: RoleBindings defines configuration to bind a set of roles to + a set of subjects. + displayName: Static Role Bindings + path: tenants.authorization.roleBindings + - description: Roles defines a set of permissions to interact with a tenant. + displayName: Static Roles + path: tenants.authorization.roles + - description: Mode defines the mode in which lokistack-gateway component will + be configured. + displayName: Mode + path: tenants.mode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:static + - urn:alm:descriptor:com.tectonic.ui:select:dynamic + - urn:alm:descriptor:com.tectonic.ui:select:openshift-logging + - urn:alm:descriptor:com.tectonic.ui:select:openshift-network + - description: Openshift defines the configuration specific to Openshift modes. + displayName: Openshift + path: tenants.openshift + - description: "AdminGroups defines a list of groups, whose members are considered + to have admin-privileges by the Loki Operator. Setting this to an empty + array disables admin groups. \n By default the following groups are considered + admin-groups: - system:cluster-admins - cluster-admin - dedicated-admin" + displayName: Admin Groups + path: tenants.openshift.adminGroups + statusDescriptors: + - description: Distributor is a map to the per pod status of the distributor + deployment + displayName: Distributor + path: components.distributor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Ingester is a map to the per pod status of the ingester statefulset + displayName: Ingester + path: components.ingester + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Querier is a map to the per pod status of the querier deployment + displayName: Querier + path: components.querier + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: QueryFrontend is a map to the per pod status of the query frontend + deployment + displayName: Query Frontend + path: components.queryFrontend + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Compactor is a map to the pod status of the compactor pod. + displayName: Compactor + path: components.compactor + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Gateway is a map to the per pod status of the lokistack gateway + deployment. + displayName: Gateway + path: components.gateway + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: IndexGateway is a map to the per pod status of the index gateway + statefulset + displayName: IndexGateway + path: components.indexGateway + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Ruler is a map to the per pod status of the lokistack ruler statefulset. + displayName: Ruler + path: components.ruler + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: Conditions of the Loki deployment health. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1 + - description: RecordingRule is the Schema for the recordingrules API + displayName: RecordingRule + kind: RecordingRule + name: recordingrules.loki.grafana.com + resources: + - kind: LokiStack + name: "" + version: v1 + specDescriptors: + - description: List of groups for recording rules. + displayName: Groups + path: groups + - description: Interval defines the time interval between evaluation of the + given recoding rule. + displayName: Evaluation Interval + path: groups[0].interval + - description: Limit defines the number of series a recording rule can produce. + 0 is no limit. + displayName: Limit of produced series + path: groups[0].limit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Name of the recording rule group. Must be unique within all recording + rules. + displayName: Name + path: groups[0].name + - description: Rules defines a list of recording rules + displayName: Rules + path: groups[0].rules + - description: The LogQL expression to evaluate. Every evaluation cycle this + is evaluated at the current time, and all resultant time series become pending/firing + alerts. + displayName: LogQL Expression + path: groups[0].rules[0].expr + - description: Labels to add to each recording rule. + displayName: Labels + path: groups[0].rules[0].labels + - description: The name of the time series to output to. Must be a valid metric + name. + displayName: Metric Name + path: groups[0].rules[0].record + - description: TenantID of tenant where the recording rules are evaluated in. + displayName: Tenant ID + path: tenantID + statusDescriptors: + - description: Conditions of the RecordingRule generation health. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1 + - description: RulerConfig is the Schema for the rulerconfigs API + displayName: RulerConfig + kind: RulerConfig + name: rulerconfigs.loki.grafana.com + resources: + - kind: LokiStack + name: "" + version: v1 + specDescriptors: + - description: Defines alert manager configuration to notify on firing alerts. + displayName: Alert Manager Configuration + path: alertmanager + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Client configuration for reaching the alertmanager endpoint. + displayName: TLS Config + path: alertmanager.client + - description: Basic authentication configuration for reaching the alertmanager + endpoints. + displayName: Basic Authentication + path: alertmanager.client.basicAuth + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: The subject's password for the basic authentication configuration. + displayName: Password + path: alertmanager.client.basicAuth.password + - description: The subject's username for the basic authentication configuration. + displayName: Username + path: alertmanager.client.basicAuth.username + - description: Header authentication configuration for reaching the alertmanager + endpoints. + displayName: Header Authentication + path: alertmanager.client.headerAuth + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: The credentials for the header authentication configuration. + displayName: Credentials + path: alertmanager.client.headerAuth.credentials + - description: The credentials file for the Header authentication configuration. + It is mutually exclusive with `credentials`. + displayName: Credentials File + path: alertmanager.client.headerAuth.credentialsFile + - description: The authentication type for the header authentication configuration. + displayName: Type + path: alertmanager.client.headerAuth.type + - description: TLS configuration for reaching the alertmanager endpoints. + displayName: TLS + path: alertmanager.client.tls + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: The CA certificate file path for the TLS configuration. + displayName: CA Path + path: alertmanager.client.tls.caPath + - description: The client-side certificate file path for the TLS configuration. + displayName: Cert Path + path: alertmanager.client.tls.certPath + - description: Skip validating server certificate. + displayName: Skip validating server certificate + path: alertmanager.client.tls.insecureSkipVerify + - description: The client-side key file path for the TLS configuration. + displayName: Key Path + path: alertmanager.client.tls.keyPath + - description: The server name to validate in the alertmanager server certificates. + displayName: Server Name + path: alertmanager.client.tls.serverName + - description: Defines the configuration for DNS-based discovery of AlertManager + hosts. + displayName: DNS Discovery + path: alertmanager.discovery + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Use DNS SRV records to discover Alertmanager hosts. + displayName: Enable SRV + path: alertmanager.discovery.enableSRV + - description: How long to wait between refreshing DNS resolutions of Alertmanager + hosts. + displayName: Refresh Interval + path: alertmanager.discovery.refreshInterval + - description: If enabled, then requests to Alertmanager use the v2 API. + displayName: Enable AlertManager V2 API + path: alertmanager.enableV2 + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: List of AlertManager URLs to send notifications to. Each Alertmanager + URL is treated as a separate group in the configuration. Multiple Alertmanagers + in HA per group can be supported by using DNS resolution (See EnableDNSDiscovery). + displayName: AlertManager Endpoints + path: alertmanager.endpoints + - description: Additional labels to add to all alerts. + displayName: Extra Alert Labels + path: alertmanager.externalLabels + - description: URL for alerts return path. + displayName: Alert External URL + path: alertmanager.externalUrl + - description: Defines the configuration for the notification queue to AlertManager + hosts. + displayName: Notification Queue + path: alertmanager.notificationQueue + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Capacity of the queue for notifications to be sent to the Alertmanager. + displayName: Notification Queue Capacity + path: alertmanager.notificationQueue.capacity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Minimum duration between alert and restored "for" state. This + is maintained only for alerts with configured "for" time greater than the + grace period. + displayName: Firing Grace Period + path: alertmanager.notificationQueue.forGracePeriod + - description: Max time to tolerate outage for restoring "for" state of alert. + displayName: Outage Tolerance + path: alertmanager.notificationQueue.forOutageTolerance + - description: Minimum amount of time to wait before resending an alert to Alertmanager. + displayName: Resend Delay + path: alertmanager.notificationQueue.resendDelay + - description: HTTP timeout duration when sending notifications to the Alertmanager. + displayName: Timeout + path: alertmanager.notificationQueue.timeout + - description: List of alert relabel configurations. + displayName: Alert Relabel Configuration + path: alertmanager.relabelConfigs + - description: Action to perform based on regex matching. Default is 'replace' + displayName: Action + path: alertmanager.relabelConfigs[0].action + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:drop + - urn:alm:descriptor:com.tectonic.ui:select:hashmod + - urn:alm:descriptor:com.tectonic.ui:select:keep + - urn:alm:descriptor:com.tectonic.ui:select:labeldrop + - urn:alm:descriptor:com.tectonic.ui:select:labelkeep + - urn:alm:descriptor:com.tectonic.ui:select:labelmap + - urn:alm:descriptor:com.tectonic.ui:select:replace + - description: Modulus to take of the hash of the source label values. + displayName: Modulus + path: alertmanager.relabelConfigs[0].modulus + - description: Regular expression against which the extracted value is matched. + Default is '(.*)' + displayName: Regex + path: alertmanager.relabelConfigs[0].regex + - description: Replacement value against which a regex replace is performed + if the regular expression matches. Regex capture groups are available. Default + is '$1' + displayName: Replacement + path: alertmanager.relabelConfigs[0].replacement + - description: Separator placed between concatenated source label values. default + is ';'. + displayName: Separator + path: alertmanager.relabelConfigs[0].separator + - description: The source labels select values from existing labels. Their content + is concatenated using the configured separator and matched against the configured + regular expression for the replace, keep, and drop actions. + displayName: Source Labels + path: alertmanager.relabelConfigs[0].sourceLabels + - description: Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + displayName: Target Label + path: alertmanager.relabelConfigs[0].targetLabel + - description: Interval on how frequently to evaluate rules. + displayName: Evaluation Interval + path: evaluationInterval + - description: Overrides defines the config overrides to be applied per-tenant. + displayName: Rate Limiting + path: overrides + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Client configuration for reaching the alertmanager endpoint. + displayName: TLS Config + path: overrides.alertmanager.client + - description: Basic authentication configuration for reaching the alertmanager + endpoints. + displayName: Basic Authentication + path: overrides.alertmanager.client.basicAuth + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: The subject's password for the basic authentication configuration. + displayName: Password + path: overrides.alertmanager.client.basicAuth.password + - description: The subject's username for the basic authentication configuration. + displayName: Username + path: overrides.alertmanager.client.basicAuth.username + - description: Header authentication configuration for reaching the alertmanager + endpoints. + displayName: Header Authentication + path: overrides.alertmanager.client.headerAuth + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: The credentials for the header authentication configuration. + displayName: Credentials + path: overrides.alertmanager.client.headerAuth.credentials + - description: The credentials file for the Header authentication configuration. + It is mutually exclusive with `credentials`. + displayName: Credentials File + path: overrides.alertmanager.client.headerAuth.credentialsFile + - description: The authentication type for the header authentication configuration. + displayName: Type + path: overrides.alertmanager.client.headerAuth.type + - description: TLS configuration for reaching the alertmanager endpoints. + displayName: TLS + path: overrides.alertmanager.client.tls + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: The CA certificate file path for the TLS configuration. + displayName: CA Path + path: overrides.alertmanager.client.tls.caPath + - description: The client-side certificate file path for the TLS configuration. + displayName: Cert Path + path: overrides.alertmanager.client.tls.certPath + - description: Skip validating server certificate. + displayName: Skip validating server certificate + path: overrides.alertmanager.client.tls.insecureSkipVerify + - description: The client-side key file path for the TLS configuration. + displayName: Key Path + path: overrides.alertmanager.client.tls.keyPath + - description: The server name to validate in the alertmanager server certificates. + displayName: Server Name + path: overrides.alertmanager.client.tls.serverName + - description: Defines the configuration for DNS-based discovery of AlertManager + hosts. + displayName: DNS Discovery + path: overrides.alertmanager.discovery + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Use DNS SRV records to discover Alertmanager hosts. + displayName: Enable SRV + path: overrides.alertmanager.discovery.enableSRV + - description: How long to wait between refreshing DNS resolutions of Alertmanager + hosts. + displayName: Refresh Interval + path: overrides.alertmanager.discovery.refreshInterval + - description: If enabled, then requests to Alertmanager use the v2 API. + displayName: Enable AlertManager V2 API + path: overrides.alertmanager.enableV2 + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: List of AlertManager URLs to send notifications to. Each Alertmanager + URL is treated as a separate group in the configuration. Multiple Alertmanagers + in HA per group can be supported by using DNS resolution (See EnableDNSDiscovery). + displayName: AlertManager Endpoints + path: overrides.alertmanager.endpoints + - description: Additional labels to add to all alerts. + displayName: Extra Alert Labels + path: overrides.alertmanager.externalLabels + - description: URL for alerts return path. + displayName: Alert External URL + path: overrides.alertmanager.externalUrl + - description: Defines the configuration for the notification queue to AlertManager + hosts. + displayName: Notification Queue + path: overrides.alertmanager.notificationQueue + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Capacity of the queue for notifications to be sent to the Alertmanager. + displayName: Notification Queue Capacity + path: overrides.alertmanager.notificationQueue.capacity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Minimum duration between alert and restored "for" state. This + is maintained only for alerts with configured "for" time greater than the + grace period. + displayName: Firing Grace Period + path: overrides.alertmanager.notificationQueue.forGracePeriod + - description: Max time to tolerate outage for restoring "for" state of alert. + displayName: Outage Tolerance + path: overrides.alertmanager.notificationQueue.forOutageTolerance + - description: Minimum amount of time to wait before resending an alert to Alertmanager. + displayName: Resend Delay + path: overrides.alertmanager.notificationQueue.resendDelay + - description: HTTP timeout duration when sending notifications to the Alertmanager. + displayName: Timeout + path: overrides.alertmanager.notificationQueue.timeout + - description: List of alert relabel configurations. + displayName: Alert Relabel Configuration + path: overrides.alertmanager.relabelConfigs + - description: Action to perform based on regex matching. Default is 'replace' + displayName: Action + path: overrides.alertmanager.relabelConfigs[0].action + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:drop + - urn:alm:descriptor:com.tectonic.ui:select:hashmod + - urn:alm:descriptor:com.tectonic.ui:select:keep + - urn:alm:descriptor:com.tectonic.ui:select:labeldrop + - urn:alm:descriptor:com.tectonic.ui:select:labelkeep + - urn:alm:descriptor:com.tectonic.ui:select:labelmap + - urn:alm:descriptor:com.tectonic.ui:select:replace + - description: Modulus to take of the hash of the source label values. + displayName: Modulus + path: overrides.alertmanager.relabelConfigs[0].modulus + - description: Regular expression against which the extracted value is matched. + Default is '(.*)' + displayName: Regex + path: overrides.alertmanager.relabelConfigs[0].regex + - description: Replacement value against which a regex replace is performed + if the regular expression matches. Regex capture groups are available. Default + is '$1' + displayName: Replacement + path: overrides.alertmanager.relabelConfigs[0].replacement + - description: Separator placed between concatenated source label values. default + is ';'. + displayName: Separator + path: overrides.alertmanager.relabelConfigs[0].separator + - description: The source labels select values from existing labels. Their content + is concatenated using the configured separator and matched against the configured + regular expression for the replace, keep, and drop actions. + displayName: Source Labels + path: overrides.alertmanager.relabelConfigs[0].sourceLabels + - description: Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + displayName: Target Label + path: overrides.alertmanager.relabelConfigs[0].targetLabel + - description: Interval on how frequently to poll for new rule definitions. + displayName: Poll Interval + path: pollInterval + - description: Defines a remote write endpoint to write recording rule metrics. + displayName: Remote Write Configuration + path: remoteWrite + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Defines the configuration for remote write client. + displayName: Client + path: remoteWrite.client + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Type of authorzation to use to access the remote write endpoint + displayName: Authorization Type + path: remoteWrite.client.authorization + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:basic + - urn:alm:descriptor:com.tectonic.ui:select:header + - description: Name of a secret in the namespace configured for authorization + secrets. + displayName: Authorization Secret Name + path: remoteWrite.client.authorizationSecretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Configure whether HTTP requests follow HTTP 3xx redirects. + displayName: Follow HTTP Redirects + path: remoteWrite.client.followRedirects + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name of the remote write config, which if specified must be unique + among remote write configs. + displayName: Name + path: remoteWrite.client.name + - description: Optional proxy URL. + displayName: HTTP Proxy URL + path: remoteWrite.client.proxyUrl + - description: List of remote write relabel configurations. + displayName: Metric Relabel Configuration + path: remoteWrite.client.relabelConfigs + - description: Action to perform based on regex matching. Default is 'replace' + displayName: Action + path: remoteWrite.client.relabelConfigs[0].action + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:drop + - urn:alm:descriptor:com.tectonic.ui:select:hashmod + - urn:alm:descriptor:com.tectonic.ui:select:keep + - urn:alm:descriptor:com.tectonic.ui:select:labeldrop + - urn:alm:descriptor:com.tectonic.ui:select:labelkeep + - urn:alm:descriptor:com.tectonic.ui:select:labelmap + - urn:alm:descriptor:com.tectonic.ui:select:replace + - description: Modulus to take of the hash of the source label values. + displayName: Modulus + path: remoteWrite.client.relabelConfigs[0].modulus + - description: Regular expression against which the extracted value is matched. + Default is '(.*)' + displayName: Regex + path: remoteWrite.client.relabelConfigs[0].regex + - description: Replacement value against which a regex replace is performed + if the regular expression matches. Regex capture groups are available. Default + is '$1' + displayName: Replacement + path: remoteWrite.client.relabelConfigs[0].replacement + - description: Separator placed between concatenated source label values. default + is ';'. + displayName: Separator + path: remoteWrite.client.relabelConfigs[0].separator + - description: The source labels select values from existing labels. Their content + is concatenated using the configured separator and matched against the configured + regular expression for the replace, keep, and drop actions. + displayName: Source Labels + path: remoteWrite.client.relabelConfigs[0].sourceLabels + - description: Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + displayName: Target Label + path: remoteWrite.client.relabelConfigs[0].targetLabel + - description: Timeout for requests to the remote write endpoint. + displayName: Remote Write Timeout + path: remoteWrite.client.timeout + - description: The URL of the endpoint to send samples to. + displayName: Endpoint + path: remoteWrite.client.url + - description: Enable remote-write functionality. + displayName: Enabled + path: remoteWrite.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Defines the configuration for remote write client queue. + displayName: Client Queue + path: remoteWrite.queue + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:advanced + - description: Maximum time a sample will wait in buffer. + displayName: Batch Send Deadline + path: remoteWrite.queue.batchSendDeadline + - description: Number of samples to buffer per shard before we block reading + of more + displayName: Queue Capacity + path: remoteWrite.queue.capacity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Maximum retry delay. + displayName: Max BackOff Period + path: remoteWrite.queue.maxBackOffPeriod + - description: Maximum number of samples per send. + displayName: Maximum Shards per Send + path: remoteWrite.queue.maxSamplesPerSend + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Maximum number of shards, i.e. amount of concurrency. + displayName: Maximum Shards + path: remoteWrite.queue.maxShards + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Initial retry delay. Gets doubled for every retry. + displayName: Min BackOff Period + path: remoteWrite.queue.minBackOffPeriod + - description: Minimum number of shards, i.e. amount of concurrency. + displayName: Minimum Shards + path: remoteWrite.queue.minShards + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: Minimum period to wait between refreshing remote-write reconfigurations. + displayName: Min Refresh Period + path: remoteWrite.refreshPeriod + statusDescriptors: + - description: Conditions of the RulerConfig health. + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v1 + description: |- + The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. + The purpose of this project is to simplify and automate the configuration of a Loki based logging stack for Kubernetes clusters. + + ### Operator features + + The Loki operator includes, but is not limited to, the following features: + + * Kubernetes Custom Resources: Use Kubernetes custom resources to deploy and manage Loki, Alerting rules, Recording rules, and related components. + * Simplified Deployment Configuration: Configure the fundamentals of Loki like tenants, limits, replication factor and storage from a native Kubernetes resource. + ### Feature Gates + + The Loki Operator Bundle provides a set of feature gates that enable/disable specific feature depending on the target Kubernetes distribution. The following feature gates are enabled by default: + * `lokiStackGateway`: Enables reconciling the reverse-proxy lokistack-gateway component for multi-tenant authentication/authorization traffic control to Loki. + * `runtimeSeccompProfile`: Enables the restricted seccomp profile on all Lokistack components. + * `lokiStackWebhook`: Enables the LokiStack CR validation and conversion webhooks. + * `alertingRuleWebhook`: Enables the AlertingRule CR validation webhook. + * `recordingRuleWebhook`: Enables the RecordingRule CR validation webhook. + * `rulerConfigWebhook`: Enables the RulerConfig CR validation webhook. + + ### Before you start + + 1. Ensure that [cert-manager](https://operatorhub.io/operator/cert-manager) is installed first. + 2. Ensure that the appropriate object storage solution, that will be used by Loki, is avaliable and configured. + displayName: Community Loki Operator + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjwhLS0gQ3JlYXRlZCB3aXRoIElua3NjYXBlIChodHRwOi8vd3d3Lmlua3NjYXBlLm9yZy8pIC0tPgoKPHN2ZwogICB2ZXJzaW9uPSIxLjEiCiAgIGlkPSJzdmc0OCIKICAgd2lkdGg9IjUwMCIKICAgaGVpZ2h0PSI1MDAiCiAgIHZpZXdCb3g9IjAgMCA1MDAgNTAwIgogICB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayIKICAgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIgogICB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KICA8ZGVmcwogICAgIGlkPSJkZWZzNTIiIC8+CiAgPGcKICAgICBpZD0iZzU0Ij4KICAgIDxpbWFnZQogICAgICAgd2lkdGg9IjUwMCIKICAgICAgIGhlaWdodD0iNTAwIgogICAgICAgcHJlc2VydmVBc3BlY3RSYXRpbz0ibm9uZSIKICAgICAgIHhsaW5rOmhyZWY9ImRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBZlFBQUFIMENBWUFBQURMMXQrS0FBQUFHWFJGV0hSVGIyWjBkMkZ5WlFCQlpHOWlaU0JKCmJXRm5aVkpsWVdSNWNjbGxQQUFBVFpGSlJFRlVlTnJzdlZtWEpGZDVyNS9oNVpzZXFpdS9RVVUzZzRhejdDcXc0ZXBBaHppMmJ3eTIKN0FVY3c4RWdiREZQRWtJQ2dhQUZDQ1NRckFFRUVraEdBbXlNRFFaaDRadkRvQ2p3alptVUNldW8xUzJwbGYwTmFxN0xPaEUxZE9VUQp3OTc3M1c4TW1jK3pWcUx6LzdzNk1pSWpjei83amZqRnU0TU9URFVyYi93ZllmS2Y3eWV2cjNlLzlmL3U1Uk1CQUFCb3Q5aVgrQlFBCkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFNQ0FnSStnR2F4ZWUyWDZuSGo2V3R6LzcvTDh3MC9keWljREFBQW0KL0Q0ZlFTUGtIVEhOQWdBQWhENmQ4cWF6R3dBQUdFTXRxQ3Z5SjRXZjlzbjVoNTRhOEdrQ0FFQVp2OGRIb01QOHcwLzFkZ1UrL0xLSApLaDBBQUJCNkErZ0ovejFDQndBQWhONXFvZTlWOWFmNUNBRUF3QVJDY2JyMGplVk5oUTRBQUZUb0xhclFnNHhYUHQzVmQxd1o4akVDCkFBQkNyNUg1aDU2S3JZTnhrMzlQbFE0QUFBaTlrVlc2WGJXTzBBRUFBS0UzUnVoMmw5cUhJUmdIQUFDbEVJclRKakFNeHVWRGhRNEEKQUZUb2phblEzU0VZQndBQUNMMXU1ci95Vk94WTJRKy9xTklCQUFDaE43NUtMNysvanRBQkFBQ2hOMHJvYnVFNGduRUFBRkFJb2JncQpJQmdIQUFCVTZGTldvYnZSWFgwbndUZ0FBRURvdFRML29DUVl0M1B3b2tvSEFBQ0UzdmdxZlZUZWU2L096dkJmSUhRQUFFRG9qUko2CnVieXpJQmdIQUFDNUVJcXJpbUNIWUJ3QUFGQ2hUMVdGN2taMzlWMVhoSHlNQUFDQTBHdGsvb0d6c1h0MTM2RmpIQUFBRk1JbDkrcXIKOUtWU2VlZVQvdHZIZk96STZyVlhSdnZiVzB4ZS9mbUhuN3FYMHdNQWdOREJSZWlCOWI5M0NzYU55WHNwWXgvU3F3Y0lIUUFBb1lNUgp0aDNqSEhxNkc4ZzdpNGlUQXdEUWRzVkFaYXkrKzRwVW5FOEl6OFRKK1MrZEhZeEpQRXorODMxaDlmK1MrWWVlNm5HV0FBRGFDYUc0CkNwbi84bjR3em0yQmx0d3FmZjdocHdhN2dUbTM3UmxYL3dBQWdORGhzSEtXVnNGNTRvMkYyMTNrNUFBQUlIUXdSeXIwMDk2Mk8zcVYKZ0FvZEFLREZFSXFySHZ1T2NZRlJoZDYzMkVZV0VhY0dBSUFLSFh4VjZPWDMxN3VyNzgzc0dOZXoyRWJtKzY2KzQwcXFkQUFBaEE0bQp6SDlwcUdPY2V6aHVNaGlYSnRRdDVKM3p2Z2dkQUFDaGd6RnBNRTcyd0tCNU1NNXUwa0F3RGdBQW9ZTUZPc0c0ZzRtQysrTnJWT2dBCkFDMkZVRnc5MUJPTUt5ZmkxQUFBVUtHRHJ3cmRKQmozdnBKZ25PMWtZZisxK2s2Q2NRQUFDQjJNbUw5ZktSajNGWVBXcmVYdmg5QUIKQUJBNldGVEYrc0U0dDhrQ3dUZ0FBSVFPRnVnSDQveE9GQUFBb01FUWlxc1B0d0JiK1RQakJPTUFBS2pRb1ZFVmV2RWw4KzdxK3owRQo0M2EzdXpQeVduM1hGVlRwQUFBSUhVeVkvK0pRTUs1YzNua3luZ3pHUFZnUWpNdVFkNmV6ay9XWENCMEFBS0dEUlhVc2JkZWFINHd6CmwzY1dCT01BQUJBNldOQ3prSGNXT2NHNG5aNkZ2S25RQVFDbUFFSng5ZEpYZW5STkZvd0xDTVlCQUZDaGc0MDRwWSt1ZFZjL0lBekcKNVZ3TldIMDN3VGdBQUlRT1JzemZOeGFNYzVzVVRBYmpIamdydlpTZnVWMEFBRURva0krMG1sN0srZHZZS2pVLytiY0U0d0FBRURxSQpoUzROeGhWTkZNeTJUWVVPQU5BaUNNWGxzSHJ0N3FwalMvdVZhdnJmS0hsZE5mL3dVN0hudDlJTnhybHZPK0piQUFDQTBLZEIzcDBNCklhYi8vLzBLM1Vjdzdyb3J3dmw3enc0OGI3ZXorcDRybHVhL2RMYkhOd1FBQUtHM1dkNVplTCt2bklnNFRvUXMzVXg2SENOQ1QwV2MKQ0ZreTBUallMa0lIQUVEb2paUDVyY2wvemhqS08wK2NHdlNzdHAyOWh2bGpHWDhaZDB3dW5RZlZUV0FBQUVDSDJRckZEU2UvM1FoWAozM1psVjBubytiSXREN0NaQitQc2VzWVRqQU1BUU9pTlJIYjVlRStBR3BMck84aTJYTHpCZnVET2Zuc0hSUHhFQUFBUWV1T1lmK2lwCmxjN1l2V2FIeXRpLzVBNFdhWEdudTNxOWg2VlVNMWg5THgzakFBQVFlbHVxZEx2SzJIOHc3aDRQSGVNeXF2VDUreDBUNnFPZkJVSUgKQUVEb0RjVDJNblJRbWVCNmxzZGh1bCt4NDVVSXRRa01BQUFnZEIvRUFybWxoS3Z2YUdrd3p1MGVQUlU2QUFCQ2J5UTlnZHcwSmVjYwpqQXVDOUxWVEhveHpJK0puQWdDQTBCdkgvRmVmV2tua05oQnV4ci9rRElOeCsvSWVlWFU2NmF2VFhidmg4dENxOGpkazlYM1RHNHhiCnZmYktLSGxkbDd3ZVNWNVBwdjl2aGdVQWFDT3oydm8xbFZ6b0lOMEQvQWZqN2o0YnIzN3dpZ2w1Nzh2YTVzckJ5R1JsL290bmU0bVEKWFk5emVMdXQ3eGlYeXJzejJpVndLZU9ZNll3SEFBaTlSYVNYdDYrMmxOcTQ0UHdYNmNGT1Q3aHQrNDV4WnBmaVd4ZU1NNVIzWmVjVwpBQUNoNjVBSzdveWwxSVlKVjk5NVpYZit3ZDNuMm4xZk9aQUlwU2dZRjFrZlo5QSt5ZTJML0FuQnVVWG9BTkJLWm5VOTlKNmdlNXJtCndOK1hsZmdsSGVQSzVKMGZ4b3RhYzJiVGZJVHczSzYrN2NxSW9RRUFFSG9MbVArS1JjZTRmSEZvRFBvOWkvZlBFbkIzN1VNR3dUaUgKSlAzcUI5b1JqSnQvNktuMHZLNDRuRSthNlFBQVFtOXRsVzQxMk8rTXZqbzczdThybi9pSHAyT0g2cm4weXNIOEY4NDI5WXBFUGVlVwpaam9BZ05DbmlyNkZ2S3NUWERCMk84RGZQZUJZdUdkdGt0eXkwMlNJQ2gwQUVIb3JpUzNrblVXNCtxNHJxdTBZWjhacEw5dXRydVd0CjdxVElyVXBINkFDQTBOc3o2S2VQaU8xSXQ5S2VZRnpSZHMycTJLaEZaMWVlR1hnSHdUZ0FRT2l0WVA2QnMrN0J1RU14YUF6NjhtRGMKalFYQk9FSEwyOVhyV2hLTSsrcFRhZEo5WllZeUF3QUFNMzNKM1V5ZXhRTDBINHk3U3lrWWQ5OVo2WnJyYlpPYy9hMkwwYytYWUJ3QQpJUFFXMFhlV3B2WlNxazBMeHJWUGNzdUNpUm9WT2dBZzlGWVJIQVRqT3E0QnFuRDFQUXJCdUtEbVlGeis4YmF6UW1mWldBQkE2TlBCCjZyVlhMaVd2cnBIZzdBZi81Z1hqT2hiQk9MdmpqUnAyWHJ2N3E2VjFNeWRGc252b25kVjNFb3dEZ1BZd2RiM2NVM2wzUmhmbE9CaVUKcjA5ZTl3Ny83ZnlYejY0a0ZmYWc0N0x5MnFqa1lyWHEwclNpSHFXN2R0UGw0WW5QUHoyWTJLN3dQdnJxOVZjc3pkOXp0bGZEZWUwTwpuYytEY3h2dUgvOWJrLzk5ZE9UY1B2alVJQkZ5R255MHU0SVM3SXhQakdLR0NRQkE2UFhKMjZiN2w5dFNxdVhiZGViRW5VL0hhemRlCmJpcnZvaXA5Uk9qejk1N3RKVUtXN3A3NlVxb2w4clk1QjczQ3F3ckJUdVhuRmdCZzVvV2VEUExoMkFBZldVcXU2REwwMVlKcVdETVkKWjcvdDBmdmRka3VwbW0xM1VlbmNYbU1vYjV0enUzenBXQU9ubmdQY1J3ZUExdENtZStqcDRQcElNc2hmdC92OHQzMEMzRDc1YlhaLwpPVng5YjAzQnVPTDljdy9HVmQ5RkxUMmZaNUxYMWNrcmRMajNIZVZVNEwzRERvRE8zemtBQUlUdVhYRFMrNy9aeTJLS0c2NTBxZ2pHCitRdnJpYlliQkR1UnlybVYvZnZPNnR1dlhIS2F2SlJNYUZiZmZVWEVNQUVBQ04waldzdGl6bi9wN01ydUd0clNDbE5yQXVPZTFPNnUKZlRpalk1ekZkaE41VDd4UzFtNjRmTW56dVpWMng4dWN3TXcvY0xiOE84UHo2QUNBMEd0QmExbE1hU1huUHhqM3VaeU9jWFpNU3U3dQo3SVI2bnJ3cnZDSVJPNXpQNGI4clA3ZDIyNk5qSEFBZ2RFWHNsOFUwV3pHcy9MbnZlbGJuY3I4VVhYQzhpYXhqQzNsbnNhaHlyUGJuCnM3enBUWkI4Wjl5MlI0VU9BQWhkamJKbUllNkRjK3hVR1I0U3JyNnZ4cVZVOC9mWHoxS3FWVlRvZ1ZyVEd6ckdBUUJDYnlEU3dUbHYKV1V6cC9XcXRnVjhxT2ZjckVzVVRoNmkyQ3IzNDNDNVpUd0pOdHZzZWduRUFnTkM5TXJJc3BzZnFjdjUrd1ZLcTVSV2lueXNTYmxMcQpybjJrWUNsVnQ2cC9sN1VQZVE3R2ZmVXA2ZTJGdk5CamVsNjloeWtCQUJDNnp5cmRiWUQyRTR5YkZKNy9ZTndkT3NHNEUvL3dkRTlRCjlXdGVrWWdkUHZkaDNNNnRlNWdTQUFDaEMxZ1dEdnIybDZITmhOZXFZTnpJU25OdUxLb2ZxNzluNzVjRjI5UTh0d0FBVk9nS2czNXMKdmIzUnZ3dFhQMEF3VGtRYWpKTmxHYUtjN2ZZYW1JOEFBSmh4b2NzYnJtUXZpMW5XaWE2K0tyMFp3YmpKOTR3YWN6WGlvTDFyOGxwOQoxeFYrT3NhTkhlL3Erd2pHQVFCQzkwcTZMR2JISmVSMGFaRGVIZmdudzFOZkdBckd1YmVCOVQvbyt3akczV3daakRNOC9yVWJQUWZqCkhqUUl4ZzNKTzZkUGUxYm9zZmc3VSs4dEZRQ0FHYTNRVFN1dUlHUHc3MXdhL0JjTDVlbU8vMkRjN1VyQnVMdWVibW9QKzloQzNqYm4KUUhxOEJPTUFBS0Vyc0d3aGJ4c1I5WjMzU1BmeEpyMWduSXpUL3E5SUtLMlFkdEF4enVPa0NBQUFvZnNjOU12bGJUTTRtd2t1djhvTApWNitib1dCY1VGRm13TzY0STIvSHlyUG9BSURRMVpFdnQ1bTlMR2JQUXBKVlZuSmF3YmhsbTg4czQvMldLaiszQnNlZG5Oc2xsZTIrCm4yQWNBQ0IwcnhndGkxaytVRStHcCs3YlgwcFY0OUVwMlFURUxSaDMrUGZkdFk5WkJPTXNKZ3RyTjEwZWVUNjMwdFhSc2p2R2ZYSG8KTytOeHV3QUFDRjJqa3JON2h0enZVcXFIK0EvR2ZkWWdHT2V3TU0ySk81OCtiS1ZyT2xtb1FuSUhUVy9jSnh2Mm9VZkpkZ0VBRUxwbwowRjkyYkFCVGRybFllZzlYUHhqbnQ5dVo5UEUxdlk1eDdvbjA0bHNNL3JjTEFJRFF2VmJvZG9PMVd6Q3VmUHZoNnZVS3dUaDV0N1BUCnJaSGNRY2M0ZHlMckNoMmhBd0JDcjFIb3NtZW84NWJGRkMvUjJ1azBKUDF0c2svTmxKeDBvWnpPNm51Vk9zWmRSekFPQUJDNlYrYS8KN0xnczV1aGdQUm1ldW5jb0dPZTdRcXhTY3BOQzZxN2Q0cmlVYXNuMjF6N2lPUmozcGJQaUxuYWQ3TkJqOFhlR2puRUFnTkJyck5JRgpWVnlub3hDTTAxcEs5VE5Ld2JqUFBXMCtNYko0WWtETThHcHdibGRnNkJnSEFBaTlSU3o3cnVMMk1idThYYVhneGljYTJzRTR1KzNyCkw2VnFQNm1pWXh3QUlQUldWZWc2dmNoamllQ0NvQk91M1hCNUE0SnhPK092MDRXU2MzLyt2cjdNUVA1NWlieE5GSGdXSFFBUXVqS0IKK0pueE5Ed1ZHVTBVOHVXZHZIWkdYdnV0YUN1VzNFN0dTMUNoMXk5MGNkZSsxZmNwZFl5N25tQWNBQ0IwcjVRdWkyazJZRStHcCs0WgpXa3JWVE41WmFBejZQUXQ1WngxM2QrM2psNFhlaEQ3ME9hN2Q3RGtZZC85WjZiS3htUk9OK1hzZE9zWlZNNEVCQUpqaENyMU1SckxHCktEMExlZHRzMTVrVHQ2WEJPR041NXgzM1pERHVEb05nbkVQZ3pnT3hjS0xSbW1WeUFRQVF1bEpqbEVUZ09zOTkrNTdBK0ZzOFJocTQKcXljWVp6bDVHZm5PT0Z5SjRENDZBQ0IwTGZRYW8waXJ3M0R0UThyQk9MZmpMZy9HTldjQzAzZWF2RWlXVXVWWmRBQkE2TFVodnYrYgpzeXltdERxc1JuTCt4TnU4WUp6SjVLWGtIS3grb0NBWVovWGt3dWp0bDdVYi9HWUdBQUJtWHVnankySjZGTytKZjNoNk5Cam5kaGxhClk5Q1hQcC9kWGZ1RXAyRGMyT2V4OWxIUHdiZ3ZuSlhlWHNnOHQvUDNuTjFiWmM1UTNudjVDYXAwQUVEbzFWYnBibXRkTDVaV2lHNzQKRDhaOStsenNJdHZTWU56dEpjRzR1aTVGRDNlTTgzc09laGJ5cnVUY0FnQWc5TEw3dis2WHh2dkMvV3BuTU01MmUyVVRvNnF2U0JnRQoyQkp4TDF2SW13b2RBQkI2WXl0MHM4RTVOdDZEN1BjTjEyNXNRREJ1Y3QrS2czRWVLMzhQOUFYN2t4SjVtU2lRZEFjQWhGNUpoUzY5Ck5KNkdweUxqUWQ5dTBsQ3Q1R1NYeHJVcS96b25hK21TcDNZZDR3emZaKzFEQk9NQUFLRjdwWFJaVExQS2EvSys4bDFQSHk2bDZ2Nm8KbU1hZ0wxMHhyTHQySmlNWUozOGtyclAyTWMvQnVQdk9paWRybmV6UTQ5NTNSbWN0QUFBQWhPNmxrbk9ydlB3dnBWcThYV2RPZk9wYwpMQlJjdHVRK1k3R1VhcldTaXgwbmFlV2h4NGFkV3dBQWhEN2UvY3ZmNVdMN1lGdzE5MXExbmh1WDNsdXVOaGdudThWQXh6Z0FRT2lOClEzNjUyQzBZVnk2VWNPMG1oV0NjUFAxOTJscHk5WFZSNnp0TzBnNklLcDRvQUFBZzlOb3ExaUIzV1V5M1VKWitKU2ROZi90OWRHMlgKM1FWczlEckdDVmo5b0orT2NlT3MzVWd3RGdBUXVsZEdsc1cwcTFTSEIvREorOHAzRGdYajNPV3BNZWhMMDkvZHRWc0xnbkZtOHU1awpMZUc2ZHN0bFhvOTMvcDZ6MHRzQTJlZjJycWNMTzhZWnZoZFZPZ0FnOUVxcWREdlpsUWZqR3JJUzJZbFBub3M5cEw4bnhIdml0cXhnCm5NWDY2M3BYSkdMSHlkVGVud1U3ZmtLUGsrOTFtbUVFQUJDNmI0WTd4cm5KYmlsbnUvMEdya1NXTHpsemNpUzMwN09RZDlibnJST00KTTVkM1ZqdFgrMkFjOTlFQkFLRTNxRUszbXhENFhVcjFrSER0STQwTXhwbExydTVtT2tGMlpzQ2lGM3RVZUc3ZDFnRFlXeWIzd3lybgpGZ0FBb1R1STdkSUF2dnBCeDZWVXk3ZmRycmFvR2xjNmhPZFdzSkRLTG1zM1hMNlU4Um4xQkdzQVVLVURBRUxYWUhkWnpLeGduTjI2CjE1UGhxYytOTGFYcXR1MUlkUUxqbU5SZSs5UmwyWklUc3ZaeHo4RzR1OCtLbjJMSTdBYjQrZjF6SytzWUZ6R1VBQUJDOTAxZ1hsM20KVkh5THhsV3IzYUR2UHhoMzZ6bTd0cWltNmU5UG44dWVHTm05UjMwZDQyenY3UWZpV3pWMGpBTUFoSzdBc29XOHM4Z1B4c21vTmhobgpQdmx3VDMrN3RkTDFjMFhDN2NxRXZCdGdkYmRUQUFCbVh1alNlNjErZzNIRDRhbWJsWUp4T2d1TXlGcnBCa3JCT0oyRmNtSmpnV2VqCkZYb0VBSmhkb1NmeWx0Ly92U0d6KzVlMFl0V3A1T1JYRHFLYzdmWXM1RjFWMWRvVGZFNjdyN1ViTDFmcEdFZVZEZ0FJM1RPWGxzVjAKcTZMencxTjNqQVhqM0FiL3FGR1MyMmY5MDVlWnJ4ZHVjZHhyWi93RzQwN2M5WFRQOFh3V2luYzM5QmpraEI3TnYwTVJ3d2tBSVBRcQpKV2NtcE1YU3F0VU4vOEc0VDV5ekVub1FUTDR5SmZlcGMzdHRVWnYzK0Zyc09zRW9PUWZTUng0SnhnRUFRbGRnV1ZCRkY0bElkbms3CnFEWVlseU52SGNsVk5JRlJYRld2TDd3aXdTVjNBRURvYW9PK08vSmdYTFlJd3JXUDZnVGpMT1J0Yzd6TGpwOS9mYXZNbGU5VGxQTi8KajRYMzBMVkNqd0FBTTEyaFMxdWk1aTJMS2I2dnJGSEpCVnJCT0hrUXNKNWdYTW41V0x2cDhpVXYzNW5KOTZWS0J3Q0U3cFBkWlRHTApnbkdPaTI2Y3VIMW9LVlgzQkhqVWlBbk1HT3UzR1FUakhDcll0VnM5QitQdWZOcHRuOHBDajdjWGRBTTAvdzVGRENrQWdOQzFKT2QrCkdkWCt2cklrY0NkZzd1UG5kTllMLytSWU1NNE5qVWYxWXNzRlZHVG4xbnpTUURBT0FCQzZ3cUMvckhRZnZTK2NLRXhmeHppM2laR2YKS3hKdTU2RjhtVno3VmRjMHp5MEFBQlc2dzBTZ09OQjFVQjI2RTY1OXJNVWQ0K3l2QU9oMmpITWpVcG9VYVoxYkFBQ0ViaUdlclBCVQo1TFZpMVphY2pNanBjNnlqTzU2UDBPTkhjb0p4c2trUlZUb0FJSFRmbkxoekxCaG5NMUFYaGFjK1l4aWVLbjYvcURGWEpJWW9EY2JaCjkzUGZrK2VuUEFmalB2ZTBkSktSS2Q0VG43VU14bVcvZDhTd0FnQUkzWC9WMnJPUXQ4MktZY0wwOTQ3L1lOd3Q1OFJWYStZRTV0YWgKWUp5N1JQVTZ4bFVaZWpRN1pvSnhBSURRRlpDdEdHWWFuaXFXZDhhcjRtQ2MrYkVyVFdBVU84YTUvM3Vsam5FN1hISUhBSVN1V3FINwpiUk1hVzhnN2kzRHQ0NWZwQk9OY3E5YmlJT0N5MHVjb1FicUdlWlR6dDVZZDR5Yk9kN2gyeTJVRTR3QUFvYXNJem0weWNCQ2VpckszCmF5enY2aDV4T3JoeTRDYTRmTW5KNzg5WEY0eXpXUTN1WnR1T2NRYm5YSy9sTFFEQTdBcjl4T2NNbDFLMVhXN3p0b0x3bExsUW9rb2sKWjFtdHIzLzJNaTl0VWNmN3lxOS8ybk13N282blZSTHBoK2ZXV040MkV5TUFBSVR1VFhJK2w5dVVDY1YvTU81ajUzcHUrek1pcmtuSgpmZUpjNGNUSWNHRVkvYVZVN2EvQTVKeURIZW5FaUdBY0FDQjA3MmpkLzVVLzkxMTlNRzVTM2xtVloyRXdUckNxbTI3SHVISjVaOG5ZCnZHTmNNODR0QUFBVnVtQkNJRjlLTlZzdTRkb25GSU54WnZJMlB0NUUzTXVCVGl0ZENYM25TcnA0b1p4WStKM1JPcmNBQUFoZFVzbXQKM2V6WU1hNldMbW83ZlF0NTI2d1lwalV4a3AxYjk3N3JlK2YyWThLbFZHMnJmd0FBaE83R2lUdHlnbkhDTmN4UGZQcmNhRERPcll0YQpWTmtFeG1MLzFtOS9zWXJrMW0vekhJeTcvV2x4Q0RCckFqTnhidjFXL3dBQUNGMVFIZmFFOTBRWFM3ZnJWc1g1RDhaOTlMeEsrbnZ1CjQrZFVKa1llem0wc3pFaVloeDVyUHJjQUFBamRaY1d3MFVIYnZLdFkzWUxiSXhiKysvSUpqTStKVVIzbnRueFZ2YWFlV3dDQW1SYTYKOUhMeGtsRjFhQys0Y08yTWRqRE82d1JtV2JoZjlheTg1dEpudnJubkZnQUFvVXNxcnJXUGVWNUtWVmR5T20xUjVaMzM5SVh1MExaMQo3WmJML0o5Yk9zWUJBRUwzejRuYjk0Tng5c3VuRmxicEp6NTV6bjY1emNsdFIwMmN3S3pmSVFqR0ZielArbWM4QitNKzgvVGhhbkJXClBkZDNDaWRWVnVlV2puRUFnTkFySkJCTHpuNjVUZGtLWjg3TTNhd1VqTHNsSXhobm4rNnY0TEs3ZGR0VzgzTkx4emdBUU9pMXN5eVUKWEhFd3puM2I3UTdHMlZldUNwTGJXWGJzdVY1OER1Z1lCd0FJdlVVVnVuUndQZ2hQdVJPdTNkckFZRnpITWhoblBxSFJyZERkSmxaKwp1d0VlN2t1NDlrbUNjUUNBME9zWDNKZ1kxbTd4SEl3cmUzUktSbDl5ckFYMzloMHU1eGN2L3VKbHN1YitIUG91YXg4WEJ1UG9HQWNBCkNMMGFkc05UUlV1cG1rbHFNangxcTJGNHFuajdVYVVUR0VNaHIzOHVJeGhYZXFXai9QNzErbWRmN1BWNFQzeTZlRFU0dzgvQS9OelMKTVE0QUVIcERxblNIUjV2MlgyYmhLZnVnMkduZkJ6cjNrZk05cDMwcHVYSXc5OUZoZVZvdS9xSjdSVUlubkJqUU1RNEFFSHJ6T0ZoSwoxYjI2WENyY3JudFFiRW5wZUdQaGxZT0M5Y0ozRkxZcll0bWhlamFaWk5BeERnQVFlbU1yZEp2cTBtelFsejRTMTEzNzFHV2hldFZxClg2MmJCZVA4YlZjeWVlbTVyTFptTUZtVGQ0ejdGTUU0QUVEb25qbW9MSTNrblRsNFo0V25UcHc1RjJzODkrMUJjbjNod2lWUm9UemQKdDZ0M3lWMXdIdGJPK084WWw2NGhIOUF4RGdBUXVsOU8zRFowLzlmL2MrTmFqNG41cTlBZFdQKzhjQ25Wdk8zZTdqa1k5Nmx6ZXgzagpaQk9neVdEY0o4dzd4dTNMZStSVk9ERUNBRURvb2tHN0ozeHUzTDVqbkprQS9BZmpianF2OGtqZDNNM25EeWRHOXR1ckp4aFh2ajlXCjU3WkEzamJmR1FBQWhDNUFaN25Oa3VlK0RRUlFYOGM0dHdCYjQxcmVkcFNhM2lUbnFtOGhiK1B0QWdBZ2RPMHF6bVc1emFIdFdsWnYKQjNUWFA5M0NZRnl6V3Q3MmxOcjd4czU3dExjUDRmcHRCT01BQUtFM1IzQUhIZU15d2xNblBuRXVkcXplZENXbkhZeHIxckdLbHp4ZAorNlFnR09jMkVRUUFRT2d1N0hZVk0xbHVVMWlsTzFaeXpRekczYWtValB1YzUyRGNyUllkNHl4YXRjNTlQQ01ZWjM4bElHSzRBUUNFCjNxUXFmUTlaTUM3Ly9md0g0MjQ4TDY1YU00TnhIN0VNeGxYWFVNZDl5ZE9pcFZUbGorb1JqQU1BaE80ZG04NXUyYlN0cTFnc25HalkKVFdEa2E4ejdPN2YyeldhY1FvOHVreUlBQUlTdVVjWDVHSnhOKzM3bjAxMi9yWUpnbksrSlJ1Q3d4bndkajY3NW1WUkpKMFhoK21jSQp4Z0VBUXE5SDZBVWlXTHQxTWp3MWQ4dTUyTU8rNlFmajdDY2FrZFBuV0M1UzNhVlVIYS9BckgzS01CaG4zemVlS2gwQUVMcFBUbnd5Ckl6emw3M0V1dStxL2FRMVhjbGkvcXlRWTUvaTQyUHJuUFFmalB1R3dsT3JCSVFUNXJWcVR5Vm9hcEJ3SUx1VVhUWXdBQUJDNnQwck8KSHEyR0svNkRjUjlTQ3NaOStQemhFd05OdWlKaE1JRXA2Uldnc0V4dTRmSzdBQUFJWGNDeTZGK1hkWXh6djdjOEhjRTQ4ODlSdldPYwpRNk9mdk14QTMwTGVuWXlWL0xqa0RnQUl2WTRxcmtSeXhjRTROMm1tZE5jLzI2SmduTTNFcUtKSDF4Smg5d1J0V292MktiYVFkOWF4CmgrdTN2NWhnSEFBZzlFcUViaUc1clBEVTNNZkdnbkhXOTVaM3BhQlJ5ZGtINDBiL1BsTDZISnVSR1JqYjEvWGI4b0p4eHZLbVl4d0EKSVBRcTJPMHFOdHd4enExelhQbmphK1h5N2xSeWFUWVFKOUk3NjNmbkJPT0VhOEd2MytrM0dEZjM4Wkpnbk5uK1RtWUdQa3JIT0FCQQo2Tk5hcFZ2Y1Z6YThOTHYzL3Y2RGNUZWNGeWZTTXlWM2s4TlNxbFZXNmU3SFNzYzRBRURvcmNHbE1ZcVJpSGI2RnZLdXFpVnF1dTI0CktXdkJqeDI3WHNjNC81TU1Pc1lCQUVKdlRZVXVIL1NsbFg5My9mWVhoeTA2M3ZKZ1hQWDNsYlg2QWNTTzJ6c2dYTCtEWUJ3QUlQUmEKQi8yc3g1L1dQNTBSalB2bytWaDZYMWxKY203VnBXMHd6bCtUSHAxemE3aC82NS8xM0RGTzkzZ0JBS0hQTGtWZHhTeWVYZmEvbEdxZApWV3VKbk5idnlRakd5ZThycDUzb0lwOEhPbmZML3JtMWI4OWFlT3RqN3VielpoM2ppb2tZZWdBQW9TdEl6cUh4eUREKzdpdVBDc1YvCk1PNkQ1NldWZExia1B0VFFZRndndmZXeDA1N01BQUFnOUZuL0FJSkEyREhPTlR4Vng4SWxlKzhiU3lwcHhRbU1Uc2M0Ky9hc1F5OUIKTUk1bjBRRUFvVmRmb1F0RlZIN0ozYTBTN3E3Zk1VWEJ1THBXWGpPVzkwN1d2emNMeHRtYzM0T09jWjhuR0FjQUNMMWF3WmswWE1ubwpLalozODNscEpheFZ5UW1DY1R2cEsvSStnVkZmWmM1STNwbjd2SDU3NXIzOW5xQVpFVlU2QUNCMERVYTZpcmtuMDhzbDUzWVZvTVpnCjNNN29hMGlDNi9lK3FEZ1k1emhCV3IvYmN6RHVvK201M1ZseG1hUVZpWGZ1SStmcEdBY0FDTDJSMU4xd0pWOEcvb054MTJjRjQvTGwKYlN5NUd6S0NjVTE0bkN2SWFFM3I0OXpTTVE0QUVIb2pzYjhNYlhZZnZlKzdPdlFqdVozWVF0NXRsNXg3Nk5IMjNOcDliN2prRGdBSQpYWUhZc1lJK0lGei96R1ZkY1hVNCtUN2Q5YzlQV2NlNHFpdDArVlVTOTQ1eHhkK2JjUDFPZ25FQWdORDFCbjM3eEhKdXhUWDM0Zk94CllKS2dLVGxwUC9MSTIwVEI3RXFIWDZGYjNncFl2eU1uR0NmWXB1SzVCUUNFUHJ2TTNYTHVzUHVYdTREekphZXlBRXl0Vld0bi9iNFgKTFZsdjErU0pnWHM4QitOdVBqKzVUSzZIS3dkek40MTFqSE1qNHRjSEFBaTlLVlg2NGFOUStmZVZaZmdQeGwzM2pFby84cmtQRGdYagpQQzdSV3RrRUp2OHpvV01jQUNEMDFoQjArdmFkeEhaTVJOVE04TlJ3eDdqQWFuK0taWFNRRzNDbm5tQ2MyelBqZEl3REFJVGVRR0lMCmVXY04ydUg2N1praEorbUNLTjMxT3lzT3hwbFYxenJCdUdCSHYwSzNYN0RGZjhlNFBjTDF1d2pHQVFCQ1Z4ajBqZVZ0WEhITjNYUmUKT3VoclZYSjl3ZjZrUk5ZVGhjelBjdndaK0FxZVJYZVl4S3gvWHRBeHJ2cHpDd0FJZlhhWisrZzV2ZTVmcGwzVXFoejA1WmZHTyt0ZgpzQWpHV1RTd1diLzNSWkhYYy92aHNhWTN2bGFadXpHalk1elZaS1pUOU1RQUFBQkNWNjNraXZFYm5qcmNMLy9CdVBjLzAvT3dtVW5KClhiOHZUL3Z1YzlWTVlPcFlaYTU0QWtFd0RnQVF1Z0xTNTdQbHdianN3Vi9yc213c3FDd0xnbkU3MHNsQ016ckd1WFFEOUhkL0hnQUEKb2FzTExuL1FEdGZ2c0FqR21WLzY3YTdmVlVQSE9QY2xUN1hhclRidldFMmVGaWpyR0hjM3dUZ0FRT2o2Zzc2UDU3TnZQQjhMbTh0bwpWZWw5d1hHbWZ4STV5YlA4UFhXRjduZ3UxdStrWXh3QUlQUldNSGZ6V1BjdnQvdXRNc2xWT2VoYjNGZk84OVRHRncyRGNiYnRWci9nCk9SaDMwMURIT0kvbllPNEdPc1lCQUVKdlQ1VnVKMGwvd2JoUkFmb1B4cjB2T3hobjZkNUp5VjMzakYyNzFlcHlBejNCNTAvSE9BQkEKNkMxREs4RFdkeXFCTlN2MHZiZUpyYThRU3lSblBsdW9OaGduYTZaRHh6Z0FRT2dOSkJhS0tGei9mRWt3enZZKzY4RlNxbmUzS0JnWApKUEpzNnFJMC92dk14NUpMSEx2Zm1Yc0l4Z0VBUXZjLzZMc3ZvWnBicGM5OWFDZ1kxNnhLVGhTTTY3UXhNeUJnL1Ivb0dBY0FDTDBWCnpIMmtvUHVYdWZETUpPY2hRZTlOY2dMUmJkenZzSlNxd2FSbS9ZdWVnM0VmR3VzWVo3Z2ZwWk8xRHpwMmpCdnRuaGZ4NndNQWhGNTMKbFQ3SllxazgzUVRxUFJoMy9MMUtIZVBlLzR5WlBLdS9JaUc3dCs4YWpDdHZmVXN3RGdBUXVrTFYyaGR1d2U5U3FycUNTNGtsbGJTeAo1Q3duU1lHRzVHenU3YnVHSGkzNjFsZHdiZ0VBb2M4MGRvS2JIUGpEOVRzZGwxSXQzbTUzL1o0YWduR3VsZlM0UE8wMzM3d0tQZmRZCmQyTEh2dlVIaE92M3ZvaGdIQUFnOU1vRUp4ajQ1ejU0UHRiWXJnZjZqdnR5UUdUek9WcHNYa2Zvd3E1OTYzY2JkSXh6bTdSUnBRTUEKUXZmSjNFMzdJU2Zad0I4cENhV2U5Y0pMakx6eDVleGduUFdoam0vM2ZzL0J1QnNzZzNIWis1ZlZUS2M4R0ZmK1lVVDgrZ0FBb1d0SQpUc2FpMG5iOUIrUGU4NHpPRlluM2xRVGpaTTFjWkZXNmZmVTh2SC9sbVFHMysvUUU0d0FBb1N0Z0gyQnpXVzdUYXR1NzkyajFnbkVhCnlYNTVNNWRxT3NiWjdWOWVacUF2V0hWTmEvSUNBQWg5NW9rZHE3Y0R3dlc3SElOeHhTbnA3dnE5THdvYmVFV2lPQmpuZTd2U1k5VloKK1M1Mm5DQWNmbWUrUURBT0FCQzZiOFRMYldZTi9IUFhqd1hqbXZPSWsvU1J1cWowYzJ5SzBFVUJ0cjF6bEV5cW9zS0pRck9PRndBUQordXd5ZCtQUXNwaStKUmZzOUlTUE9EVnhKYkxPeGdNZU9zWmxiZmRMbm9OeDF4c0U0OG9uV2xuTmRBUWQ0eTY5SW41OUFJRFFtMURKCmFTNjNlZmdlL29OeDc5WUp4aDEvYjBFd3J0NUg5WG9XOHM1QzBER3U4SmdKeGdFQVFsZEFhOGxUclNWYXBlZ0Y0OXhXbU5OTGZ3YzcKeTBwWFNhd1h1eG43RXk2NUF3QkNWeEdjZlRVNTJqSHVic3Rnbk5sN2ROZS8wTEpnbk03RXlFK0Y3amE1eWp2VzJFTGVXWDhXYnR4UApNQTRBRUxwL3dia3RuMW9vbzducm5va0Zrd1ROS2wwL0dPZDJCYUI2b1J2czUvcDltZmYyZTA2SFdzMFZHQUJBNkxQSjNBMWp5Mkw2ClhDODhFTGVYYldMVjJ0bDRNQ01ZNTJPSjFpOTdEc1pkTjNSdjMzMnhscXhtT2l2Si8ya1FXSHhtZEl3REFJVGVsQ3E5R0syR0svNkQKY2U5NlJseTFaazAwanIvYmNDblY0dmZXZXg3ZC9WajlkWXd6Mnk0QUFFSVg0SDRadXZoZWE3K2h6eXZId29tR1BObWYvZDU2SGVNOAo5aGtZT2JkQjQ4NHRBQ0QwbVNZV1NDZ2xYTC9IdzFLcWsrL1ZYZitpVWpCT1o2S3hMS2lFZFNTbmQ2eXg0em05RktiYytCTEJPQUJBCjZMN3BDU1NVTy9EUHZmOFo2VVJCcTVMVEM4WTFiWlU1RDAxdmtrbFZaTDNkK2pJU0FJRFFaNWU1RHc1MWpITy9qQm9aQ2NWU2VFRlQKZzNGZnlRbkdDZGw0d0hNdzd2M3lwamRCZGpPZHd6Q2wrNU1NRWI4K0FFRG9UWkRjeUNDOWs3K1Vxcm04czd6Z1B4ajNUcVZnM0x1RQp3YmppRmV4azU5YXRBY3pCbnhXZlcvZlBrV0FjQUNCMEJjd3VRK2UzRUxYcUdHZFIxRFV2R0ZjMGdkRmJoOXlkbktZM3hvY2UrT3NZClY5RzVCUUNFUHRQRUZ2TE9JbHkvZHpMa2xHeWk1OXg4WkQ4WXQzRi9qY0U0K3dtTXpqcmt3Z3JkUXQ3bURYNUtPc1laRUc0OFFEQU8KQUJDNjkwSGZZZkdPVWhrZGYxOUJNSzdlaFV2NndnbE1WRGhSOEw4T3VXRHVrblBWd0dLaWtVeXFJdWVyRVVYdlNaVU9BQWpkTDNQWApuM2RiRm5OMHNJN3lKd3VkNXFXL2hST1lqYSsrVUw2VWF0WjJIL1FiakVzbVZlbDVYZkU5MFRqKzdwS2xWTTNPZWNTdkR3QVF1b2JrClhDdXRvc1lvOHZTMy8yRGNPNTdwZWRqTXBPVGU2UmlNTTFrVVJUYlprdllFME9vR1NEQU9BQkM2QW4xQnBWVlVTZXQwb3BNVEN5WFoKcHZYQ2x3VVR0Znh6Mjl4dWdBQ0EwR2VZd0hLdDhNbS9EZGUvOENMM2puSDU3OTNkK0pKQ01FNStSYUk4R0dlOVJ2cnU1ZjlxbnIyMwpXN0JGcjJQY2d3VGpBQUNoVnljNFFaVisvTDBad1RqN2lVTjFIZVBNOXkzSytmYzlDM21QM2NkWHFscE53M29GeDU2ekdod2Q0d0FBCm9UZU51US9zaDV4a0FiWnl5YmsxSTZtMTRVb2VHdzhaQnVQeTVaMjkzYSsrTVBKNW9NZmZrM0Z2MzBONzMrUHZjdXdZWi9LZEFRQkEKNk1KS1RvYjVmV1U3QWZnUHhyMzlXWjFnM0RzU2VRWTdLNmJ5TnQydTl5cmQxN21WTHdCRE1BNEFFTG9DZGdHMlNTbm5CK01hOW56MgpQckZRa3ZLbFZLdVQzTExqTVphZlcvZHRhb1llQVFDaHp6U3hoYnl6Q0RlK21CRnlrbGYrM1kwSFdocU1hNDdrZW83SFdEYXBpZ1hiCjNQdk9mUFdGQk9NQUFLR3JEUG9XbDhNei9peXJDWWw5SlZ4TlZ6R2RZSnc4TEtZdmRJZDczam1yd2ZXc3R6bmVsWTlnSEFBZ2RML00KdmYrWnZhVlVSVVc2ZytUcVMwUExnM0VQbHdUakhMZS84WkRuWU55NzAzdjdReDNqM01ocXBuTzQvSzZKdkxPNzhrWDgrZ0FBb1N0Vgpjb0pGVmJTNml2a1B4cjFOS1JqMzltY1A1ZWx4dTk2cmRQc3JKUWJuMXFtbExzRTRBRURvdmtuRzVMN2xpbWhtSW1wdVY3RlkrTzkxCmduRkJEY0U0NTNPNzAzZGMwRWY3M0FJQVFwOXBZb3NCUG90dzQzNUJ4N2g4MlhRM0hxdzVHSmY5bWZnSnhsV1RHWkRlQ3REckdQY1EKd1RnQVFPaStTL1NlOEQ1cjVzQi8vRjBXd2JocUc4ejBCUlZyU21ROVVhZ3JNK0RoM09hc0JrZkhPQUJBNkUzaitIdWZjVjlLOVhEQQpOcGVjWGFXb1Y3VzZWS3o3ZjdmeHRZSmduQ0IwdC9HdzUyQ2N5MnB3Qmxja2pyLzlXVHJHQVFCQ2J5alNaNVlYU3l0RXQwclJmekR1CjJtZDdOdkkyZlViNytOdjJnM0V5cWczR21jZzRvR01jQUNEME50RjNxcUkxdW9ycEN5NGxGbHcxS0pLUjFqcmtFcGJ0enVsRWF0M1AKdVRYUElnQUFJSFNCVEdMSnlseWROQmozWlUvQnVOSDM2RzU4UlNFWUorOXpMZ3ZHVlprWktLcWt6UmFSc1EvR21YWVpmSmhnSEFBZwpkTitJdTRwMXNwdVF4STVpMDY3U3BWY09JdU1LdlRHWkFic1Y0SWJKV1ExT25Cbm9FSXdEQUlUdWwrUHZHZXIrNVg1ZnRGaHkxbXVpClh4SlBNeHF1ak8zZnhpTVp3VGpiekVER1o3THhOYy9CdUlQVjRBVEhtaG1NZTl1emhWMEdoZDhaQUFDRVhvdmtpdTcvbG9XbnlydU4KK1EvRy9kMnowa1Zhc3E5SS9QMnpxZUJXQkZjamRLdDA5MlAxa3htWTNEN0JPQUJBNkFxWVhZYTJ2Ly9idDVCM1ZZSkxpUVhTTFphYwo3REowTlIzai9Od0trRDdUenlWM0FFRG9EUlJjdVBGQTFsS3FPejNMUHQvamREZSsrc0xRKzlIS0g2bkxhM203TE55emFoYWw4Yk5QCnNkWDNaUEx2d28ydkVZd0RBSVRldEVFL2MrQS8vdlpuWTZGNHRSNXhxaTRZVi9leEJ1Sjl5bTU2VTVpZzc5UjVpd0VBRVByc2N2emQKZ281eGg0TzRUSExWdG9DVkIrTWVMVmxLMWUxWTA4QmQ1UFhjdnEzZzNyNjVoTE15QTN2Zkdka3Rob2hmSHdBZzlEb2xsejJJbTRlbgo3Q1RnUHhqM1ZxVmczTjlseU5OZWVQb1RHRi9OZElLT2RFbGFnbkVBZ05BVjZEdFViaVlpNml2ZHc1VVNDeWNhWmkxdm15QzU5TjYrClRqTWRPc1lCQUVKdkhPTWQ0K3dILzNEandheGduTGlLNjI0ODNLSmdYS2Vod1RpM3o2aE12TEhEbFkzUjc4d2pCT01BQUtFM1k5QWYKSGNTem1wREVRcGxvU2E1WndUamRxbFc2QUU5bjR4L3BHQWNBQ0wwVkhIK25aVEF1ZXhCM2sxeTVFSm9aalB1Nll6Q3VUSjZQZWc3RwpYVHQyYjkvdFViT3N6QUFkNHdBQW9iZXFTamV2d01xRGNXN1ZuUDlnM0RWS3diaTNPc3BUZXdJemZJdkI3UnpUTVE0QUVIcUw2TnYxClhaOVk5Q092NFVwZjJDdStiY0c0V0hpOHB4V09kVmxwa2tISE9BQkE2STBqS0FvNUdhM1lGVzU4OVlWK2xsSWQzYS91eGo4cUJPTmMKRytxMGNTMzRzZ3JkZlo5aXdTUmg3enZ6S01FNEFFRG8vZ1ZuTG0vamdmLzR0UmJCdUdyWEMrOEw5aWNsTXE3ODdkNGozUGk2ZDhsSgoxNmZQYm5wVHRnQ1AyZnRRcFFNQVF2Zko4WGVrUzZudURJU2JpWXlGWXJlc2FoTWJyblEydm1FWmpLdXBMV3BtMHh2Ny9acWNyRjN6CnJHYVlFZ0FRT2xSV3labUduR3llKzg0ZTlQMEg0OTd5ckxRSlRMSGtiQ2NJbzM4YnFaMWI5OHZqZHNFNGVaZ1NBQkE2Q05BS09XbDEKb3BNU0MvKzlXMXRVOTFTNU93Y2Q0OXd4N3dab04ySGpranNBSUhRMXdVbENUZy9sQk9Oa0RVaTZHMTlUQ3NhNXlkRThHTmVVUjlmawpWMS95bm1LSWhaUEFjT01iQk9NQUFLSDdydUxrSWFmczFibGlEM3RYVDhjNGwyQ2MvTkUxRGNtSjcrM25OTDJoWXh3QUlQU21jZnh0Cno3b3RwV3AyLzdmNWJWRWRwTFQ1elJjc2VUdlcwWDN4RzR3N2FIcmpXYnpIMytLaFkxeEFNQTRBRUxvR1d2ZC9wVzFSL1FmajNtd1gKak52N3M1MlJWNmJrM3R6UTlIY2c3Z2tnN3hobnQvd3VBQ0IwRUtCMS83Y3ZySVlyRGNabHl6dnptZncycGIvTlY0UEwzaytWMEdQQQpKWGNBUU9nSytMai8rL0FMczVkU2xUMG0xdDE0UkNjWVp5SHZMR0g1U1g5ZjJ1U2xmYWd1R0dlK1lFdCt4emlMWTgzNHJNUE5iNzZBCllCd0FJUFJLQm4yN3FpNXI0WkxZdzJURHUrUVNvZlF0NUowbHJDaDNZbVF1NytGTCtKY21SZ3FTNnptdXRuYnA3emEra2RNeHp1MFkKVmM4dEFDRDBtZWI0dFliM2Y5M2Fva3J2dFZaVHRWcFcxcHYvVkI2TU14YWJXZlh2ZG02dnlla1laM2U4azVPMXY5Mzd6bGpJbTQ1eApBSURRYTZuUzdhczZyZnZLM29OeHgvNzJ1WjRnOVYwb3VVUm9Bd3Q1bTFmL3Nrc1MwdU5kektuRTZSZ0hBQWk5Y1FSajkzL3RCMnF2Cjk1VU50aXNsRnY1Nzh3bU1qeVZhWlN3THZoZmVNd01WbkZzQVFPZ3pUU3lRVUVxNDhiV2NZSnlNN3NhakRlb1lWeWE1SUVOeXdzcS8Kc21PMVhma3VFRStLd3MxL0poZ0hBQWpkLzZDdnMzQ0oyNkN2My91Nzc3QWZKcGZHNVpMN3B4Zm9kNHd6ZnJ4czcvYkI1amRmRUlrbgpSZFZsSkFBQW9jOHV4Ly9lc1dQYzZHQWRPVldJNVhKcFpqRHVuejEyakZPY3dCeC84N1BwU25BcnB2TE9DYmhON05PeE56MlgvNTB4CnoyQkUvUG9BQUtGWElUbTd3YnI4dnJMYkVxUCtnM0Z2Y2dqR0dTeGVVaWc1ODg4ZzBqNjNEdW4wL0hNcmV5eU9ZQndBSUhRRitzS3EKdGZ5K3Nwdm9xZy9HbVIyMzFnVEd1K1FTWVM4N1BscFdmbTRsRlRxWDNBRUFvU3NRWkhUL3NpUGNlQ1JuS1ZYWlJLRzc4UTNGWUp4NwpVcnRORXhqcG9qUkx4dDhadSs5TnVQa3RnbkVBQ0IxMEIzMjNTVUhXNmx5eHhuUGZIdmExTDF3Nk5qS3UvTzJrNTE5eThqYThhVE9kCnFLcnZEQUFnZEJCdy9LMnFLNFpKQi83Nkh1Y3FrdHkzY29KeERadkFISHZUYytsNVhYR1FiWEZtNEkzUE5YT1ZPUUJBNktDMllwajAKRVNmL3diZzNQcWVTU0QvMmY1NlRQVEhRVVpOY3RjdmswakVPQUJCNmpRUnEzYi82QXBGb1ZlZ3BjYVdTTTM4djNZNXhic24wcFlxLwpNd0NBMEVGTmNPV0VHMTh2Q01aWkxiazU4bmhWZC9PYkx3aFZxMWJOdGVEdEp3b2FtWUdlb0xWdjBUN0Z3djBLTjc5Tk1BNEFvWU9lCjRPeXJ5dHp1WDhmZnZCK01NNU4zM3Zya2VzRTQ5M0JjVkNvNXQ0bEN1UGt2aWgzakhDdnF6VzhKZzNIVlA1b0lBQWg5TmpsK3piUHkKN2w4bHdUaERlV2U5YnpPRGNmK1NJYm15YXRnTXY4RzQvL1BjWWNjNDl3blFaR2JnRFRtWkFidEpROFN2RHdDaGc0YmtiQWJqeWIvTgpYVzdUUXQ1Wjcrcy9HUGVHM1dDYy8vVDNHMW9hakNzL0YrWWQ0K3c0emM4T0FLR0Rid0sxQUZ0ZlVNRjVyMWlOSlZkVk1NNXdZaVJrCldYQmU4ODlCSUZpaU5hZnlCd0NFRG5KaVIrRWVFRzU4STJjcFZkbXoyZDNOZjFJSnh0bW52MTBtTVA0bVJyTEppMDRpWFZyNWR6Zi8KVmVYY0FnQkNuK2tLdlNlODk1czU4Qjk3MDNPeGgzMnJQdjN0TGpueHhNaDcrbHU2UG4yeTc4aytSUlBuOW05eXpxM2Q0M0ZVNlFBSQpIWHh5L00yT1M2bU9EdHlSVWlYWHpHRGN0d3VDY1o0blJoS092Y0dpWTV4OUlyMG5XSFZONjl3Q0FFS2ZlWnJhVmN4L01PNXZITnVpCmp1NzNVc1oyTmRlWTkzdHU3YTRpTEJwWC8zYmJKUmdIZ05CQmdiN3RvRHoyT0ZyK2ZXVzNKVVcxTDh1V1YrbkYreTBMeHRtdk1lOU8KR21DVEpkTE56MjJOVnlNQUFLSEQzcUFmVzhnNzYxbnljUE9iTCtnYVZYRjJGVjEzODF2S3dUajd5ckpZY3JLcXRWbTNHSXBid0Vydgp6M2MzdjBNd0RnQ2hnOXFnYjlVSXBuemhrbGdnVFQzSjJTYndnNDVwbi9OWWNEVmlyeTNxdnlsMmpIT2NYRzMrYTBZdzd2VVdvVWZ1Cm93TUFRcStHNDMvNzdFb2k3b0dGdkxOa0ZSWEswNTFxcTFiRGlVY2kza2hqdTc2UE56TXpZTDlZaS9uamEvVmZrUUFBaEU2VkxxeW0KL2ExRU5yb2Yvb054LzN0ZmNwNmYwVTYydXhlTWsyMDNxdVdLaEd0bWdJNXhBSURRRzRaODRSSzNsY2pLaGJLa2RMelN4OWNXSzkydQpESjNNUUdCNGJ2UFBBUlU2QUVJSEJXSmhKUjF1L3ZNTHVrWVZ1cDFRdXB2L1VrRXdydW9KVFA3bldIOW13UHhZNVIzanZrc3dEZ0NoCmcyL0U0YW1zZ2YvWUc1K0xoWmRsdGFwMGFlOTEyWHJoK1o5anVQbWRtb0p4QmZ1WTdGTTBjVzVmSit3WXAzZHVBUUNoenk3SDNwVFIKR01WK0ZiYklxMURxRXJwcE1PNDdoc0c0bWhlbU9mWjZnMlk2NWZ1NFpGVDk4enc2QUNEMEJtQjZhZGErTVlxMEd2WWZqSHU5VWpEdQo5YytsMnh3SXIwaEVxaE9ZUm9VZWR3akdBU0IwVUVDck1Vb1RWeUxURExBMUx4ZzMzREhPRFEraHg1M1IxOTRqa2xUb0FBZ2RGQVo5CjZmM3VjUE5iQmNFNDkycTR1L250R1FqRzZiYTg3UW4yeCtGWjlFeDVaNzFIZC9ON3AwSitmQUFJSGVvZTlDY0ZNSGtaK2czN3dUZ2QKZVRaUmNySGxkc1luTitIbWR5c094aGxNdHBKOWlpYk83V3ZUYzJzc2J6ckdBUUJDcjRKamI3UllNU3gvY0k2OFRoYnFyRm9kSlRleApYYmNyRTM2RGNhOGJDc2I1YjhOTHh6Z0FRT2l0cU5KOUxMY3BYK0hNZnpCT1NYTEpka2VEY1c1RTNzK3N2QTN2WXVGMjZSZ0hBQWk5ClFRUnF5MkwyUlZWcm9CaU0wNUJjcHdVZDQwby9tNTN4VjN1YTZRQUFRZ2RCeDdnOXdzMXY1eXlsNnI0S1dVcDM4OSttT0JnM0dTU3IKK05uN25Zd2dtL0d4U3BzU2RUZS9UekFPQUtGRGRZTysrU0NkdFhCSmJEbkkyd2lsdXVPZGxLOTlNTTRzQlI1dS92c3BuV0NjbWJ3egp6ODNtOTA1RkUrZjJyeS9Fd3ZPcWRXNEJBS0hQTHNmZVVCQ01NeCtrbzV4LzM4U3VZZ2JCdUdMNUp1S044dVhaTVgrRWEvSXo5aHVNCmUrMXpnK1Q5VjRUbjFxeGpYS2NSNXhZQUVEcFZ1ckNEbXRaOVpmL0J1TmVPQitNczVIc29zNldNN2E0ay8zNWdJVy96TmVhbjdkd3EKZFFNRUFJUU8wbVV4ZlRaY1VheFlEOTlqcDJjaDd5d1psa3ZPYjd0VnlibGRGdjc3ZGkyVEN3QUlmY2FKQmRMZFcwcjFYdzJYVXJXcgpXTHViMzZrd0dDZS9ESzIxeHJ5c1FuYy9yMFg3SkY4bTl6R0NjUUFJSGFvYjlBV1NPL2I2b1dDYy8rWW1zdVAxdkVpTDA4Um9rbkR6Cis2ZXE2UmhuY2Z6SlBrVVQ1L2F2TGpSMW1WeUF4ckQxZjA5R3lldTY1UFZJOG5weTYwY25yMGJvb01xeHY5a1B4dGt2bnpyOGluTCsKVHZyY3QvOUJYNzVJUzJiNnV5TnZMZXY5ZUkvOTlZWEJ4R3B3OXVjakVsZi8yY2VOMEdHYTViMlRmTWVmU0Y3M0pLOXI5ci92TS9tZAovMzIrSGhXeko3a3dkL0F0cCtpKzhwTGpQcVg0RDhZbGtrdUVuRTVpdW9MUGEybThJaysydTVKc2R5RDhIQ01QbFg3V09RZ0Y1MEIyCmJ2T1BtMkFjdEZiZSs5Lzl4ZDMvbWs5T1ovSTdqOUNySncwNVhWM3JjcHRWVmVpSE1vb0UrN1pZS0UvM3ozRlI3ZHo2UHdkOXgwbUwKeXRVSWdJYkp1OHJ4ck5Gd3liMzZDbDI2UWxxNCtSM0RZSnh0ZU9xN0xRekdOZXNISHd2UFFiajUyS255Ym9CQmdienpPc2I5QjhFNAphSmE4RFM2YlMrZ20yNXk1N3p3VmV2VzRyNDQyS3FNUmVSeDczWE54SW1UcHZxWGJIWGcvWGgzeHBzZC9SakN4MnBYbnNhc3ZyRFRvCldMUFA3VjllaURkL2NNcXRRdGM5dHdCVlY5NjI0K1JNZmVlcDBDdm0yT3NObGxKMWI0d2lEYUUxTXhpWGtmN3V5QjhUODM2OHgvN3EKd29yekFHSWFlaVRwRHJOZGVkdU1relAzbmFkQ3I2OUtEeDByclU3SFZ6QnU5NzFIbXI3NEQ4YjkxWVZCSW1SWk1DNnJhazNrbVd4MwowQmtQb2RsOW5sR25qbUJjVU1HNW5Ydy9nbkV3TFpXM0tUUDNuVWZvZFJBWWhxZnNxNjIraGJ5cnJPTE1nM0haUDk3Rmd1by9GT3lYCmZqQXVzRDdldG9VZUFYazNRZDU4NXp0Y2NxK0wyUG1MZnRBeDdyc0Z3VGozaFV1Nm05OVRDVTh0Rzd4MzBlVmsvK3VGYS8zZ0QwS1AKZWNkU2Zyemg1bitjOGhwNjNQOC9kYmNlSnhnSFp2SnUwR1Z6eWJhN1d6ODVPVlBmZVNyMGV1Z1pmZEhMWlRReU1UajIydWZpelg4Lwo1V083QTVYajlmK29YbnI4Wnh4KzZJZnkvTUdwN3JHLzlCeU1rMWNiaytmMkx5N0VtNCtma241dENNYkJORlRlTnR1ZXFlODhGWG9OCkhIdmRXRERPYlpZYWxRckZiYnVuRlg1czR2VDM1bU9uSXVlSlVZWEJtZDNKd1hESE9EZkt6NjNONmRWZWhBZW92S3V0dkcwNmJjN1UKZDU0S3ZTNjA3djhHZ3ZDVWd1QjJKWGYxaFVFaVpQL0J1S3N2ckNUYkhYUmNBNGJCSlhuR0NsY2tRc3Y5S0QyM2dVa3dMcWg0c2daVQozdlZVM3FaL08xUGZlWVJlSCs3QnVOMTc0cmsvMFBSKzlUV0NIMUNrZEx6MUJ1TUN5NG1SMXJrMUc2RE1NZ051ejZJRDhwNVdlYy84CmQ1NUw3dlZoVmhXT2g5dUNTK0cyY1BQZlQ5a3ZwVHIrbzhpNGRMWDUvVk1hUDRMcWduRjJsL3YwT3NiWmhkYUdYK0hXNHdZZDQrenAKYnYyUVlGemI1VDJEbDgwbCs5SGQrdW5KbWZuT1U2SFhSeStuOHJhWm9XWXRYTkxiL040cDZjeDZxU052VXBOOXZJSGpqeisvQld4NgovR2NFKzdXYktqLzJGeDZEY1FYTmRBTHpiVXljMjZPdnZoQW5RcFpXUHdUanFMeW5vZksySGM5bTRqdVAwR3ZpMkd1Zlcwa3E3UFJMCkZncSs1RkVudTM5NDNPbUlMcDB2S3Z5b2U5SWZkQ0xlS0UxN08xK1JLUDdCeDk3TzdXc3VyR3crZm1vUW1ONUhEeXpPcmYxOTlNSCsKdjBtdmtQU08vdm1GbUY4ZjhwNWllV2R0Ty8wc0gwUG9VRVdWSGdxKzVFVmR4U1JDOXgrTSs4c0xnODBmakFYajNPNEJqMTZSU0NycgpSUFJtRTZQOEgzM1U4UnlNQy9LQ2NZR1hjN3RVSXUvKy92R2tBbC9oWjRhOFowamVXY3hNTUE2aDEwa2RIZVBNZmhTUjB2RktKeHFMCnhoTWp1eCs5VGpBdVVEaTN3YVZ6aTd5Uk4vS3VxVUJCNkpCRk9oRExWZ3o3L3FudS9xSWc0NElUL1NnMkh6dTFkT3pxQzc3dm95OHIKWFRtd2I3YzYrbkhvZEl3VG50dXQvenpWelpEMG8ra0xlVGRTM2t0ajhvN1UzZ3g1MjlEZGV1SmtlUFNxNXdjSUhUVHBlZmh5WnkxYwowa3RFTC8xUjZBWGozSC9nNG1CY3pzZXhteW8vK2hyRmpuSG1PelZjZVUrQXlKRTM4bmJhN2t3RTR4QjZqUno3Nndzcm05OVRXakdzCmljRTREeE9ZemNkUFJjZGVZeGFNc3h3anZBYmpqcjc2d3NyV0QwdlA3YkM4MC9mbXNqbnlSdDQ2MjUySllCeENiMEtWSHFpc0dPWisKdjdyb01USEpCT1l2TGd3Mi95T2pZNXo5STNXalZ5U1N5anFwc0NmbGFmZmpqem9hSGVNT3p5M3lSdDdJdTc3dHprUXdEcUhYVGQzQgp1T0pINGpTTzEzcWlFWmhQWUVMQmoxL2pVYjM3a3YrOUQza2piK1JkNVhaM2JNWkpoQTVlU2F1MU00SXZkN2o1MktsdTJ0YzhRM0NpCkgwWlNUUzhsVlhXbHdUaURYU3dPeHZsZjBjMFpudmxHM3NpN0ZubG4wZDFhRHNPanB3Y0RoQTZhOUR4OHViTVdMdWx0L3VDVTlJZWsKR293TDNIN3dhaDNqdG41NHFwdmUrK1lyaWJ5UmQ2dmxYVFNlSVhUUUkzM2tiUFA3cHdiQysraFJKL3YrYjV4WkRjdWJtMGgrdytKZwpYQ0xlS0cyRGFqd3hNbjh2cjhFNFFON0l1elo1NXdsOXFvTnhDTDBKYUMybHVoZktrZ3h3L2k5RHYrYkNZT3R4LzhHNDNGUzUyUUF3ClVMZ1NBY2diZWRjbjc2eS9uL3BnSEVKdkJuYkJ1TUJRdklGRHg3akp5bDlyQWlQWnRua3dMbC9lcE0yUk4vS2VYbmxYVXFBZ2RNZ2kKRmNzWndaYzZiOFd3bnZSSHV2bjRxYVZqcjJsSng3akpKd2FRTi9KRzNyTXA3eXk2V3o4THc2T3ZuTjVnSEVKdkJqMFBBMExXd2lXOQpSUFErWnJYTjZoaVhQOU4rZEdpQ2hMeVJOL0t1Yk51TmszZlIySUhRUVkvMGtiUE5IeFRjL3pYN1FrZWRzbUJjNFBRN3FyZGpYUForCkQ3Yis4OVJTSXV5UjdTVC8zK2xuZUN2ZktPU052SkYzem5hbk9oaUgwSnRWcFllQ0wvUml6aGZaNkg1MVlGOE5PM1AwMVJjR1d6L00KQ01ibHlMdkRaZk8yU2Z3ZTVJMjhHeUR2TEtZNkdJZlFtMEtGSGVNQ3UvMktsSTQzYTZLQnZGdk8wVDk3dnJmMW81T1J4KzhKOGtiZQpQcmM3MWNFNGhONGNVb0dkRVh5aHc4M0hUM1dQamEwWTV1bTU3NldrcXZaOUgvM3J5V3NGZVU4bFBhZUJFM2tqYi8zdGRyZCtIb1pIClh6R2R3VGlFM3F4QlVQcUZubncrK3pVWGVsdVBuNUwrT0x3SDR4SjVQOW81RExIQnJBa2RlU1B2bWo2N0lKamVZTnp2TWZZMGcvMUgKemdZalgranhWOEYzZi84VjVmeEJiTHF0SEJZNVE5TkZlcTg3ZVYyVHZDS0Z6ZmZ6dnFDTzN6K2pMMy9wdHB1eUg2cmIzc2w0ZWRwbgpyV05VL093U2VVKzhPbE44MlowS3ZVa1lkSXdMM01RcmJlU3l4TWxwdDd3NytXbnplenUrMjkwR1NsMzNxTHlwdkV2a25jR2dNNWJMCk9mSS9CMU43YXcraE40dVJZRnhnL3lPUkxhV2F2OTJJVXpNVjhxNWtzbmIwVDU2UHQzNThFbmtqYitTTjBHZTVRRGNJeGhYL1NQSlcKRExPOVB6L3h3K0RzVElXOHM5Q2FySmtINDVBMzhrYmVDSDBLNlhuNGthUUQ5RWpqaERTaG5vamVXTjZremFkVzN0bmIvdEhKcGFOLworcnhHTjhBbDVJMjhrVGRDbjBtT3ZzWml4YkI4c2pzaDdhMFhIaUx2MlpaM3p1Q3MwZDYzajd5Uk4vSkc2TE5PK2lXK1J2RGp5K3lFCmxJajdLajVhNUozRG9zSjc5WkEzOGtiZUNIM1c2VHY4K0laL0dJL3hFVFpXM21Gbjc1WkkwM3FiK3cvRy9hL240NjJmbkVUZXlCdDUKSS9TWnBtY2g3OTBmQnBmTlc4SmVRNHRIR2pnNFIwckg2OVl4RG5ramIwRG8wOERSVjErSXQvN3pGUEtlbGNsYVF3Ym5yUitmWERyNgpKeFVGNDVBMzhnYUVQa05jaGJ5bmNMTDJwODhQdG41ME1udVZ1ZnJGcGhPTVE5N0lHeEQ2VEEvOGYzNGg1bE9ZV3RKemUzVUR4YWEvCjdqM3lSdDZBMEFHMHlVbWIvMVZTVmZzT0dhYVBjMTJ0ZGlEdWo0cjVEOGE5NnZsNDY0bVQ5UjRqOGtiZUNCMWc1dVNkUmZZei9iTEIKT2gwd3ozamFscysvalpRK2Jsa3dEbmtqYjBEb0FKYnl6dUswa3VEcWxuZjJaL1hUazB0SlZWMWZNTTU2djNkMFBnL2tEUWdkb05YeQp6cXZRdlhMMFQ1NWYyZnJ4eVhTZ0RldVVkOEh4VmhPTVE5N0lHeEE2Z0pLOHMrZ204ZzBUQ1E4VXF0YXdabmxuYmJ2YWpuSElHM2tEClFnZmtyU3kyOGFwMTRQazlScGJKclVuZTFWeVJpSjZQdCtLVHlCdDVBMEtIR1pSM3VDK1cwNTFtdEVmMUg0d2JYeWEzT2UxUnRUN3IKL2Z2b3lCdDVBMEtIV1JENU5ja0Flay9IdE9sS2RZT3pUakF1YU5ReEhwNkhKMDR1SGIzS2R6QnVKejhZMXhSNUsyNGJlUU5DaDlsaQpiOURyZXR5V0x6UVdMbG5aK21sSk1LNitxbFF2R0llOGtUY2dkSmdKOUIvbmNweGtiUDNrWkpoSWVLQnd2R0ZEam5HWWVvSnh5QnNxClpQdS93M0IvOHBxKzVvKzhmSEE5UWdmd1ZiWCs2Zk85clIrZGJPcWc3ejhZMThrSnh0VXZOdjlYSkU0UDRxM2xFSGxERStSOWV2Ky8KdzFjRDAzT0cwR0cyR0Fxc0xSMzlzK2R2VlhpTGRGQ01HalhvQjVjazE5eU9jVjdFZGltd0ZpbnRqNytsVkpFM3VNczdpKzcyTHhiQwpJeSsvT0dqNzhTTjBLSlgzN2c4akdQMWhKTlYwbkZUVnNjS2dIM25lcG8rL2JVN0hPTC95emo3M2NiaDBOQm8wWXlsVjVBMSs1WjMzCkc5QzRDb2ZRb1hueXptRnBmN0R6U1YvMHIvV2F0UGkvREgzVjh5dGJUemdFNDZycHNGYlBVcXIxeUh0bC8zdU12R2RIM25tLzhjZmEKL2praGRPUnQ4Y01ZUVgrNXpYcmtuVVYzNjZjbnc2T3ZxamdZVjE5NzFPck9iZlh5VHZkamVmKy9xYndIakFvekorK3M3OTdwYWZqcwpFRHJ5ZGtXanozbHY2OGNuNjVaMzBmSDZIdndQZzNITjZtM3UvOXkrY2hCdi9UeFVPVEhJRzNsNytCMHNUY1BuaWRDUnQ4TUlxdmdECkNJYUNjZlhKTzY4RmJFM0J1TW83ckVWS242bzRHSWU4a2JmU3VORGQvdVZDZU9SbDdRN0dJWFRrN2Z6alNLcnBLS21xWTRWQlA2cFoKM2xsVUZJeHJSbnZVclorRlMwbFZYV3N3RG5rajc0b245YTBQeGlIMGRnZzgycGRjYmZJdStBSDRGbnEvb2M4cGF5eGNzcklWaCtrQQpFdFlwNzRManJTd1loN3lSZDhYeXp0cHU2NE54Q0wwTkJKMjNKUDk3VFVQRU5reERsdHVzWkFEb2JqMXhNang2bFhJd3Jqa0xrNlFECjg2TWFWeVNRTi9KdWdMeXphSDB3RHFHM2crb2U1NnE3YW4zVjg3MnRuNTVzMGpHT3orQUhucmRkdnBScXRjZW9kMjVmTVlpMy95dEUKM3NpN0NmTE8rdnZXQitNUWVqdm8xZjdqeUJuMHQzNXlzcHN1TnVMNW5lSk9VVENyM2hhd3VrdXAxbitNYWtMZjV5VHlSdDROa0hjVwozZTFmTDRSSC9xaTl3VGlFM2dMU2pteVpmYzZiY2E5WjR6NzZZVEN1VWZmVGQ5cXpsS3FINzhqV3o4TW9yYXA5N2c0eVI5NE5rWGZSCmVJYlFvWUlxUFZCN1ZFenl0NUYzb1FmQ1d3eCs1RjFKMVhyMDlHQmw2MmNHd2JoNkJsQ055Um9nNzZiSU8rODczOXBnSEVKdkM3NFcKdC9EZnBLWGVqbkY2OHM2aXU3VWNob21FQndySEcrb2VvK0ZtQS9WekM4aTdLZkxPb3RYQk9JVGVIdnFxUDVBbVBjNTExZk85clNkTwpLdTIzZU9DcWJpblZhdVY5d0hCZ2plcTh5ZkpPdjRzQjh2YThMNjBPeGlIMDl0QnJnTHl6Q0xkK2VySjc5RlVWQk9PcWwzZWUwUFdDCmNmUTJCK1JkbGJ5ejZHNy9aaUU4OHRKMkJ1TVFla3RJTzdKZDZuTWVOTzdINGY5ZXEvVlNxa29EMStUZm5sYjRITDAyY0VIZXlCdDUKZDZSWEhSRTZLRk4ySDcyK0gwZlVxWFFwMWNya25mZGo5enRaZThWZ1pldm5ic0U0NUkyOGtYZEhvd1ZzSzROeENMMWRIQXE5V1Q4Twp4V0JjcmZMT29ydjFzekE4K3NycWczSElHM2tqNzBxT3NiWEJPSVRlcmdxOTM5QWZoMGFmODk1V0hOWXQ3NkxqOVMzTmtXQWM4a2JlCnlMdTJZMnh0TUE2aHQ2OUNiOTZQSXczR3hTZTc2V0lqbnJjYmQ5TEwrYzNNREhpOUpCZE1McVdLdkpGMzg2UTVmZkxPb3J2OTVFSjQKNUNYdEM4WWg5Qlp4OUZYUHg4Wjl6cXYvNFZVZmpLdHZjTkZhU3ZXVHlCdDVJKzlHYkxlVndUaUUzczRxZmFtQlA3eW9veG1NYTliZwo0djJTWENMd3RDSy9sYTgzOGtiZWpkam5WZ2JqRUhvYmhkNkVGckNUQTFlemwxTDFPd2gwdDM0ZWhrZGZRUldOdkpIM0ZNZzdpMVlHCjR4QjYyL0FWalBQZnBNVi9NTzZWZzk3V3o4TEdEUUw3Z2JWV0wrS0F2SkUzOHE1MlBFUG9rRjJoMXkvdnJHMkhXOHRoTjExc3hQUHgKeGgyVEJqUFZkMWpyOGxWRTNzaDdLdVNkOWJmZDdmN0MwcEhGaTcwMmZlY1Jlc3M0ZXRYemNXR2Y4M3JibytvdXBWcWZ2RW1iSTIvawpQYjN5TGhyUEVEcFVVcVV2TmFTMytmRGZScDAyTEtXS3ZKRTM4a2JlNWJSdXRVR0Uza2FNbGxLdHBjTmE4NVpTUmQ3SUcza2piemRhCmR4OGRvYmVUZmdQa1hja1A0T2dyQnIydG40ZklHM2tqYitSZDlYNUVDQjBxWUtmWDBCOUl1UFd6c0h2MGxkVUU0NUQzRkVqOEYrRTEKeVgvZWdyeVJkeFAzWS91M0MwdEgvckE5d1RpRTNrS09Sb040b3M5NWMzNGdLc0c0Uk40UjhwNUtUaGRYUXNnYmVkZDZqSzBLeGlIMAp0bUowSDcyV0gwamtXK2pCWGpBT2VVOG5mZVE5by9KdXh6RzJLaGlIME50TFUxdkFldjhCSk9KK05QblBvNXp5YWNUZzloSHlSdDcxCkhXT3JnbkcveDREUzRzb20yUDh5QjU2LzFFSEd5NXdsVHMzMHNmM2ZZWGY3RjJIa2ZiTDI4b3V4eCsrZXYrOTFVL2FqQ2R0MTJmYjAKSEdQVXB0OHBGWHBiOGRYbjNQL3NOdHorcjdDN3Y5Z0l0RlRlKzVWSk9wZ3Q3ay9TUXJWdmpPbnRJeXB2S20vOWJVL2Mya1Bvb003UgpWdzVpNno3bmlqK1FzY1M1UmpBT3FwZjM1TjhuVmZxUmx3OThuMXVaMEpFMzh2WWs3eU4vMEw0MTBCSDY5SkEvRUZZbjc5YlBhcEczCkNUdWFrelh6Ym9ESUcza2piNFErMVVLdlZ0NmQvUUc5dHo4UXg2VE5wMWJlV1ZUWERSQjVJMi9ramRCbkJzOTl6ZzNrblQ0cVJ2VTkKTy9MT0drQzloeDZQdk94aXZQMnJCZVNOdkpFM1FwLzVDaDE1STI4dGVXZXhwUGhkWGtMZXlCdDVOL08wUUFWcy9Ud3NIYVdSTi9MMgpQQXBjbFZiVlhvLzFWd3VQSlB0eERmSkczcmxqMUI5Y1pJeWlRcCtKS24wSmVVL2xkUHRKTTRGWDNtSE5mekRPNSswajVJMjhFVHEwCmNzeWZmSVlYZVUvWFpDMnNXZDVaMjIzT01ybklHM2tEUXA4aXZ0N1p2NmVFdktlTm5YVEF1N3FCZzdQL1lOd2ZYWXkzZjcyQXZKRTMKSVBUWkpaRjR6S2N3dGFUbjlrd0RCYVFmakp1Rk1CenlCb1FPVUQ4WmdiWEJrWmNQcnZjdXVJWXVUSkpVMDFGYVZYdmVuM3Bid0NKdgo1STNRQVdaTzNsbHA4L1NSR3E5Q1AvTHlpeXZidjF3WWRJeVQ3VHJ5THFqU1k4OGZkYit5WTBUZXlCdWhBeUR2SExyYnYxZ0lFd2tQCnZGZnB0a0t2cHNOYXZjRTQ1STI4QWFFRGpNaDdyM1d1cmJ3N09Xbno5Ti83Rm5weE1LNis5cWorZzNFdnZSaHYvMllCZVNOdlFPZ0EKbGNvN1QzS1BlZDcxZE5BOVU3TzhzN2E5cExUdG5zcTJrVGZ5UnVnQXlOdGlBRDJ0SkxoR1NpS3BwcU8wcXZiOGpuS2hJMi9ramRBQgprTGR3Y1BaL0dmcVBMNjVzLzJvb0dOZXN4N25xRDhZaGIrUU5DQjFhTHZKZmhOL3ZOS2UzK1FIZDdWOHVoRWRlNWprWUZ6Z0U0Nm9SClVMWEJPT1NOdkFHaHcxUnlkYzN5THFwYUI1NjNhZDR4cmxvQitiOGk4WktMOGZhVEM4Z2JlUU5DaHhraUhmQ2lSdlEySDkyMmJqQ3UKV1FLcUp4aUh2QUVRT2t3VE83MDlvVGR1Y0Q2dDhJNjloaDNqSlpKcU9rcXJhb1hqMVcwQmk3d0JvUU9ZTXhSWTZ4eDV1ZmVlOC8wbQppVzNvYnpVV0xsblovbzJuam5IKzVkYnNwVlNSTnlCMEFHZDVwMVh6ZU5yOE1ZVkIzLy9nNk9jNTcrNzJyeGZDUk1JRGhhbzFyUFFZCnpXak9VcXJJR3hBNmdGZDU1MVZ4ZnF2V2wxM3NiZjl5b1c1NUZ4MnZiNkhiQitPcXVWenQvOXd1WG95Myt3djFIUi95Qm9RT3lIdWMKUzRHMWNQc1hDOTEwc1JIUHU1Y09yRkhOOHM0VGVyWEJ1UHJ1TmVzdnBZcThBUkE2MUNMdm9vRS9WaGowbzVybG5ZVnVNSzVodmMyVAphanBLcTJyUCsxSkhDMWprRFFnZGtMZkJBQnAxL045SFgwNys5N3FhNVYzSjQxeEhYbnB4WmZ0Smo4RTR2ODk1TjI4cFZlUU5DQjJRCnR4ZDVaMUZkZUtyKzFIdDMremNMWVNMaGdjTHhoa3I3TFBuODZnL0dJVzhBaEk2OFZlU2RWOFg1clZyLytPSmcrMWNMSzhtK2RHdVUKZDlIeCtoWjZlVEN1bmc1ci9zL3RIMTZNdDMrN2dMd0JFUG9NRSt3T3JrL1VMTzhzd3UxZkxuU1B2TXh6TUM3b0ZEZVlxZllZeHlXbgpHNHhyVG50VXZXQmM4YmFSTndCQ24xN1NCaTdidndqcmxuZlJ3Qjk3M3VxeXRkQ3J1U1N2RTR3TGFqN0duTzBtMVhTVVZ0VUtrN1VsCjVBMkEwR2VZSGJPRWNQWDNtcU9PVHRLOVNjYzRYS0g3bmF5OTVPTEtkaThqR05lTTFMdkdaTzJUeWVzKzVBMWd4dS94RVV3bHZjekIKZWZ6bGMrQTMyN1p1ZUtvWngzaEFkL3ZKaFZCQnNqMlZZNVIvZHQ3UGJTTHlBVElIUU9pelRyOFJZcHY4VzQwKzU0Tmt1eXMxeTd1eQpLcjNqNjNFdS85K1BKWDUyQUFnZE5LcTQrdVdkUmJqOTZ3V05SSHF2a21PMDM2Nkc1R0x4TWVwTWZCQTZBRUlINzFYcnl4ekNTZjdsClhXVWx0OXdBZVdkdHQ3cWxWT3M3eG9OSnhyM2J2MU80eFFBQXhoQ0ttMTd5ZzNIMXRrZU5PbFVFNDVvVEZQTTdXVnU4dUxMZDN3L0cKMVhPTWNZZTBPUUJDaHhxRTNvemU1c1BiWGxUWWRrOTVuMTMvdnB2SU4wd2tQRkE0M3JDQ1kwVGVBQWdkYWljb0NVOU4xK05jZyswbgpGOUtHTlYybGZaYjhmVE9XVWtYZUFBZ2RXbDJoMXkzdkxNTHQzeXgwMDhWR0ZJNDNxbG5lZVVLdmRpbFY1QTJBMEdGNk9QTEhGK1B0Clh5L1VMZThpeWNXZUR6bTdZMXo5N1ZIMWczRkI2ZC8yOWo4ZjVBMkEwS0hGVmJyYkpXN2RxajdxYUFUamdrWWQ0L0RreGU5azdROHYKcm16L0xuTXAxZDVZNVIzekV3QkE2REJMUXEvK2tuejF3Ymo2Ymp0MHQzKzdFQ1lTSG5oKzEvUXlmaGQ1QXdCQ253MzZEUkxiTVA2cgoxcVdMZyszZWZqQ3VXWm1CZytQMUt2UkU0TmZ6OVFhQVlXZ3NNODFvOWYzdWRLUU5UTUx0SnhVNnhnVU9sOTMxamxGMUFnTUFnTkJuCmlDTXY5WFFadGoyOXY1Y2Jkb3dIMnpyTnR4RUFFRHBJc1VzMVY5YzZOS3J0V0t0dmowcUZEZ0RxY0E5OU5vUXVid0ZySzdaeWRKZFMKcmZjWVNac0RBRUlINy9SVnhXYTdiYzNIdVJZdkRyWi9LK3dZaDd3QkFLRkRJL0hkNTl4ZmIvaHd1Ny9RVFJjYlVhalNJK1FOQUFnZApwb29qTDdrWWJ6L3AyREZPZjJHWDZqckdJVzhBUU9nd0JaUTNtS2xuVmJhb1U4VlNxc2diQUJBNlRLWFFtN09rcWs0d0Rua0RBRUtICnFhUnNLZFZxNUoyRlJwL3p3ZmJ2TGdYamtEY0FJSFNZdWdxOWJubG5FVzcvZHFHYkxqYmllUSt1WWxVeEFKaTkyZzFtZ3UzK3drNUQKdjBGWEpVS25jZ1lBRUVLbnVGbXUwbDNrN2IvRFdzU3BBUUJBNktBbDlPcmFveTV5YWdBQTVIQVBmWGJvRjBwV0E3TzArVEtuQmdBQQpvWU50aFU1dmN3Q0FxWVJRM0F5eC9WdFB3VGprRFFCQWhRNjFWK2wyejM0amJ3QUFoQTR0RXpyeUJnQkE2TkFLK3NnYkFBQ2hROXZKClhrb1ZlUU1BVE1VUUR6UEY5dThXSGtIZUFBQUFBQUFBQUFBQUFBQUFBQUNaL0g4QkJnQWdDWmFqRnNtWlJ3QUFBQUJKUlU1RXJrSmcKZ2c9PQoiCiAgICAgICBpZD0iaW1hZ2U1NiIgLz4KICA8L2c+Cjwvc3ZnPgo= + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - nonResourceURLs: + - /api/v2/alerts + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cloudcredential.openshift.io + resources: + - credentialsrequests + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - apiservers + - dnses + - proxies + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - apiGroups: + - loki.grafana.com + resources: + - alertingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - loki.grafana.com + resources: + - alertingrules/finalizers + verbs: + - update + - apiGroups: + - loki.grafana.com + resources: + - alertingrules/status + verbs: + - get + - patch + - update + - apiGroups: + - loki.grafana.com + resources: + - lokistacks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - loki.grafana.com + resources: + - lokistacks/finalizers + verbs: + - update + - apiGroups: + - loki.grafana.com + resources: + - lokistacks/status + verbs: + - get + - patch + - update + - apiGroups: + - loki.grafana.com + resources: + - recordingrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - loki.grafana.com + resources: + - recordingrules/finalizers + verbs: + - update + - apiGroups: + - loki.grafana.com + resources: + - recordingrules/status + verbs: + - get + - patch + - update + - apiGroups: + - loki.grafana.com + resources: + - rulerconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - loki.grafana.com + resources: + - rulerconfigs/finalizers + verbs: + - update + - apiGroups: + - loki.grafana.com + resources: + - rulerconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + verbs: + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers/api + verbs: + - create + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - servicemonitors + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: loki-operator-controller-manager + deployments: + - label: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + control-plane: controller-manager + name: loki-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + name: loki-operator-controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + name: loki-operator-controller-manager + spec: + containers: + - args: + - --config=controller_manager_config.yaml + command: + - /manager + env: + - name: RELATED_IMAGE_LOKI + value: docker.io/grafana/loki:3.1.1 + - name: RELATED_IMAGE_GATEWAY + value: quay.io/observatorium/api:latest + - name: RELATED_IMAGE_OPA + value: quay.io/observatorium/opa-openshift:latest + image: docker.io/grafana/loki-operator:0.6.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8080 + name: metrics + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {} + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: webhook-cert + readOnly: true + - mountPath: /controller_manager_config.yaml + name: manager-config + subPath: controller_manager_config.yaml + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + serviceAccountName: loki-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: webhook-cert + secret: + defaultMode: 420 + secretName: loki-operator-controller-manager-service-cert + - configMap: + name: loki-operator-manager-config + name: manager-config + permissions: + - rules: + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: loki-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - logging + - loki + links: + - name: Documentation + url: https://loki-operator.dev/ + maintainers: + - email: loki-operator-team@googlegroups.com + name: Grafana Loki SIG Operator + maturity: alpha + minKubeVersion: 1.21.1 + provider: + name: Grafana Loki SIG Operator + relatedImages: + - image: docker.io/grafana/loki:3.1.1 + name: loki + - image: quay.io/observatorium/api:latest + name: gateway + - image: quay.io/observatorium/opa-openshift:latest + name: opa + replaces: loki-operator.v0.6.1 + version: 0.6.2 + webhookdefinitions: + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + conversionCRDs: + - alertingrules.loki.grafana.com + deploymentName: loki-operator-controller-manager + generateName: calertingrules.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + conversionCRDs: + - lokistacks.loki.grafana.com + deploymentName: loki-operator-controller-manager + generateName: clokistacks.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + conversionCRDs: + - recordingrules.loki.grafana.com + deploymentName: loki-operator-controller-manager + generateName: crecordingrules.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + conversionCRDs: + - rulerconfigs.loki.grafana.com + deploymentName: loki-operator-controller-manager + generateName: crulerconfigs.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: loki-operator-controller-manager + failurePolicy: Fail + generateName: valertingrule.loki.grafana.com + rules: + - apiGroups: + - loki.grafana.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - alertingrules + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-loki-grafana-com-v1-alertingrule + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: loki-operator-controller-manager + failurePolicy: Fail + generateName: vlokistack.loki.grafana.com + rules: + - apiGroups: + - loki.grafana.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - lokistacks + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-loki-grafana-com-v1-lokistack + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: loki-operator-controller-manager + failurePolicy: Fail + generateName: vrecordingrule.loki.grafana.com + rules: + - apiGroups: + - loki.grafana.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - recordingrules + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-loki-grafana-com-v1-recordingrule + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: loki-operator-controller-manager + failurePolicy: Fail + generateName: vrulerconfig.loki.grafana.com + rules: + - apiGroups: + - loki.grafana.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - rulerconfigs + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-loki-grafana-com-v1-rulerconfig diff --git a/operators/loki-operator/0.6.2/manifests/loki.grafana.com_alertingrules.yaml b/operators/loki-operator/0.6.2/manifests/loki.grafana.com_alertingrules.yaml new file mode 100644 index 00000000000..a1761382e4b --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki.grafana.com_alertingrules.yaml @@ -0,0 +1,388 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: alertingrules.loki.grafana.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: loki-operator-webhook-service + namespace: loki-operator + path: /convert + port: 443 + conversionReviewVersions: + - v1 + - v1beta1 + group: loki.grafana.com + names: + kind: AlertingRule + listKind: AlertingRuleList + plural: alertingrules + singular: alertingrule + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: AlertingRule is the Schema for the alertingrules API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AlertingRuleSpec defines the desired state of AlertingRule + properties: + groups: + description: List of groups for alerting rules. + items: + description: AlertingRuleGroup defines a group of Loki alerting + rules. + properties: + interval: + default: 1m + description: |- + Interval defines the time interval between evaluation of the given + alerting rule. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + limit: + description: Limit defines the number of alerts an alerting + rule can produce. 0 is no limit. + format: int32 + type: integer + name: + description: Name of the alerting rule group. Must be unique + within all alerting rules. + type: string + rules: + description: Rules defines a list of alerting rules + items: + description: AlertingRuleGroupSpec defines the spec for a + Loki alerting rule. + properties: + alert: + description: The name of the alert. Must be a valid label + value. + type: string + annotations: + additionalProperties: + type: string + description: Annotations to add to each alert. + type: object + expr: + description: |- + The LogQL expression to evaluate. Every evaluation cycle this is + evaluated at the current time, and all resultant time series become + pending/firing alerts. + type: string + for: + description: |- + Alerts are considered firing once they have been returned for this long. + Alerts which have not yet fired for long enough are considered pending. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + labels: + additionalProperties: + type: string + description: Labels to add to each alert. + type: object + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + tenantID: + description: TenantID of tenant where the alerting rules are evaluated + in. + type: string + required: + - tenantID + type: object + status: + description: AlertingRuleStatus defines the observed state of AlertingRule + properties: + conditions: + description: Conditions of the AlertingRule generation health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: AlertingRule is the Schema for the alertingrules API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AlertingRuleSpec defines the desired state of AlertingRule + properties: + groups: + description: List of groups for alerting rules. + items: + description: AlertingRuleGroup defines a group of Loki alerting + rules. + properties: + interval: + default: 1m + description: |- + Interval defines the time interval between evaluation of the given + alerting rule. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + limit: + description: Limit defines the number of alerts an alerting + rule can produce. 0 is no limit. + format: int32 + type: integer + name: + description: Name of the alerting rule group. Must be unique + within all alerting rules. + type: string + rules: + description: Rules defines a list of alerting rules + items: + description: AlertingRuleGroupSpec defines the spec for a + Loki alerting rule. + properties: + alert: + description: The name of the alert. Must be a valid label + value. + type: string + annotations: + additionalProperties: + type: string + description: Annotations to add to each alert. + type: object + expr: + description: |- + The LogQL expression to evaluate. Every evaluation cycle this is + evaluated at the current time, and all resultant time series become + pending/firing alerts. + type: string + for: + description: |- + Alerts are considered firing once they have been returned for this long. + Alerts which have not yet fired for long enough are considered pending. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + labels: + additionalProperties: + type: string + description: Labels to add to each alert. + type: object + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + tenantID: + description: TenantID of tenant where the alerting rules are evaluated + in. + type: string + required: + - tenantID + type: object + status: + description: AlertingRuleStatus defines the observed state of AlertingRule + properties: + conditions: + description: Conditions of the AlertingRule generation health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/loki-operator/0.6.2/manifests/loki.grafana.com_lokistacks.yaml b/operators/loki-operator/0.6.2/manifests/loki.grafana.com_lokistacks.yaml new file mode 100644 index 00000000000..c11f81be9c5 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki.grafana.com_lokistacks.yaml @@ -0,0 +1,5296 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: lokistacks.loki.grafana.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: loki-operator-webhook-service + namespace: loki-operator + path: /convert + port: 443 + conversionReviewVersions: + - v1 + - v1beta1 + group: loki.grafana.com + names: + categories: + - logging + kind: LokiStack + listKind: LokiStackList + plural: lokistacks + singular: lokistack + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: LokiStack is the Schema for the lokistacks API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LokiStack CR spec field. + properties: + hashRing: + description: HashRing defines the spec for the distributed hash ring + configuration. + properties: + memberlist: + description: MemberList configuration spec + properties: + enableIPv6: + description: |- + EnableIPv6 enables IPv6 support for the memberlist based hash ring. + + + Currently this also forces the instanceAddrType to podIP to avoid local address lookup + for the memberlist. + type: boolean + instanceAddrType: + description: |- + InstanceAddrType defines the type of address to use to advertise to the ring. + Defaults to the first address from any private network interfaces of the current pod. + Alternatively the public pod IP can be used in case private networks (RFC 1918 and RFC 6598) + are not available. + enum: + - default + - podIP + type: string + type: object + type: + default: memberlist + description: Type of hash ring implementation that should be used + enum: + - memberlist + type: string + required: + - type + type: object + limits: + description: Limits defines the limits to be applied to log stream + processing. + properties: + global: + description: Global defines the limits applied globally across + the cluster. + properties: + ingestion: + description: IngestionLimits defines the limits applied on + ingested log streams. + properties: + ingestionBurstSize: + description: |- + IngestionBurstSize defines the local rate-limited sample size per + distributor replica. It should be set to the set at least to the + maximum logs size expected in a single push request. + format: int32 + type: integer + ingestionRate: + description: IngestionRate defines the sample size per + second. Units MB. + format: int32 + type: integer + maxGlobalStreamsPerTenant: + description: |- + MaxGlobalStreamsPerTenant defines the maximum number of active streams + per tenant, across the cluster. + format: int32 + type: integer + maxLabelNameLength: + description: |- + MaxLabelNameLength defines the maximum number of characters allowed + for label keys in log streams. + format: int32 + type: integer + maxLabelNamesPerSeries: + description: |- + MaxLabelNamesPerSeries defines the maximum number of label names per series + in each log stream. + format: int32 + type: integer + maxLabelValueLength: + description: |- + MaxLabelValueLength defines the maximum number of characters allowed + for label values in log streams. + format: int32 + type: integer + maxLineSize: + description: MaxLineSize defines the maximum line size + on ingestion path. Units in Bytes. + format: int32 + type: integer + perStreamDesiredRate: + description: |- + PerStreamDesiredRate defines the desired ingestion rate per second that LokiStack should + target applying automatic stream sharding. Units MB. + format: int32 + type: integer + perStreamRateLimit: + description: PerStreamRateLimit defines the maximum byte + rate per second per stream. Units MB. + format: int32 + type: integer + perStreamRateLimitBurst: + description: PerStreamRateLimitBurst defines the maximum + burst bytes per stream. Units MB. + format: int32 + type: integer + type: object + otlp: + description: |- + OTLP to configure which resource, scope and log attributes + to store as labels or structured metadata or drop them altogether + for all tenants. + properties: + indexedResourceAttributes: + description: |- + IndexedResourceAttributes contains the global configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + items: + type: string + type: array + logAttributes: + description: |- + LogAttributes contains the configuration for log attributes + to store them as index labels or structured metadata or drop them altogether. + items: + description: |- + OTLPAttributesSpec contains the configuration for a set of attributes + to store them as index labels or structured metadata or drop them altogether. + properties: + action: + description: |- + Action defines the indexing action for the selected attributes. They + can be either added to structured metadata or drop altogether. + enum: + - structured_metadata + - drop + type: string + attributes: + description: Attributes allows choosing the attributes + by listing their names. + items: + type: string + type: array + regex: + description: Regex allows choosing the attributes + by matching a regular expression. + type: string + required: + - action + type: object + type: array + resourceAttributes: + description: |- + ResourceAttributes contains the configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + properties: + attributes: + description: |- + Attributes contains the configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + items: + description: |- + OTLPResourceAttributesConfigSpec contains the configuration for a set of resource attributes + to store them as index labels or structured metadata or drop them altogether. + properties: + action: + description: |- + Action defines the indexing action for the selected resoure attributes. They + can be either indexed as labels, added to structured metadata or drop altogether. + enum: + - index_label + - structured_metadata + - drop + type: string + attributes: + description: |- + Attributes is the list of attributes to configure indexing or drop them + altogether. + items: + type: string + type: array + regex: + description: Regex allows choosing the attributes + by matching a regular expression. + type: string + type: object + type: array + ignoreDefaults: + description: |- + IgnoreDefaults controls whether to ignore the global configuration for resource attributes + indexed as labels. + + + If IgnoreDefaults is true, then this spec needs to contain at least one mapping to a index label. + type: boolean + type: object + scopeAttributes: + description: |- + ScopeAttributes contains the configuration for scope attributes + to store them as index labels or structured metadata or drop them altogether. + items: + description: |- + OTLPAttributesSpec contains the configuration for a set of attributes + to store them as index labels or structured metadata or drop them altogether. + properties: + action: + description: |- + Action defines the indexing action for the selected attributes. They + can be either added to structured metadata or drop altogether. + enum: + - structured_metadata + - drop + type: string + attributes: + description: Attributes allows choosing the attributes + by listing their names. + items: + type: string + type: array + regex: + description: Regex allows choosing the attributes + by matching a regular expression. + type: string + required: + - action + type: object + type: array + type: object + queries: + description: QueryLimits defines the limit applied on querying + log streams. + properties: + cardinalityLimit: + description: CardinalityLimit defines the cardinality + limit for index queries. + format: int32 + type: integer + maxChunksPerQuery: + description: |- + MaxChunksPerQuery defines the maximum number of chunks + that can be fetched by a single query. + format: int32 + type: integer + maxEntriesLimitPerQuery: + description: |- + MaxEntriesLimitsPerQuery defines the maximum number of log entries + that will be returned for a query. + format: int32 + type: integer + maxQuerySeries: + description: |- + MaxQuerySeries defines the maximum of unique series + that is returned by a metric query. + format: int32 + type: integer + maxVolumeSeries: + description: MaxVolumeSeries defines the maximum number + of aggregated series in a log-volume response + format: int32 + type: integer + queryTimeout: + default: 3m + description: Timeout when querying ingesters or storage + during the execution of a query request. + type: string + type: object + retention: + description: Retention defines how long logs are kept in storage. + properties: + days: + description: Days contains the number of days logs are + kept. + minimum: 1 + type: integer + streams: + description: Stream defines the log stream. + items: + description: RetentionStreamSpec defines a log stream + with separate retention time. + properties: + days: + description: Days contains the number of days logs + are kept. + minimum: 1 + type: integer + priority: + default: 1 + description: Priority defines the priority of this + selector compared to other retention rules. + format: int32 + type: integer + selector: + description: Selector contains the LogQL query used + to define the log stream. + type: string + required: + - days + - selector + type: object + type: array + required: + - days + type: object + type: object + tenants: + additionalProperties: + description: LimitsTemplateSpec defines the limits applied + at ingestion or query path. + properties: + ingestion: + description: IngestionLimits defines the limits applied + on ingested log streams. + properties: + ingestionBurstSize: + description: |- + IngestionBurstSize defines the local rate-limited sample size per + distributor replica. It should be set to the set at least to the + maximum logs size expected in a single push request. + format: int32 + type: integer + ingestionRate: + description: IngestionRate defines the sample size per + second. Units MB. + format: int32 + type: integer + maxGlobalStreamsPerTenant: + description: |- + MaxGlobalStreamsPerTenant defines the maximum number of active streams + per tenant, across the cluster. + format: int32 + type: integer + maxLabelNameLength: + description: |- + MaxLabelNameLength defines the maximum number of characters allowed + for label keys in log streams. + format: int32 + type: integer + maxLabelNamesPerSeries: + description: |- + MaxLabelNamesPerSeries defines the maximum number of label names per series + in each log stream. + format: int32 + type: integer + maxLabelValueLength: + description: |- + MaxLabelValueLength defines the maximum number of characters allowed + for label values in log streams. + format: int32 + type: integer + maxLineSize: + description: MaxLineSize defines the maximum line size + on ingestion path. Units in Bytes. + format: int32 + type: integer + perStreamDesiredRate: + description: |- + PerStreamDesiredRate defines the desired ingestion rate per second that LokiStack should + target applying automatic stream sharding. Units MB. + format: int32 + type: integer + perStreamRateLimit: + description: PerStreamRateLimit defines the maximum + byte rate per second per stream. Units MB. + format: int32 + type: integer + perStreamRateLimitBurst: + description: PerStreamRateLimitBurst defines the maximum + burst bytes per stream. Units MB. + format: int32 + type: integer + type: object + otlp: + description: |- + OTLP to configure which resource, scope and log attributes + to store as labels or structured metadata or drop them altogether + for a single tenants. + properties: + logAttributes: + description: |- + LogAttributes contains the configuration for log attributes + to store them as index labels or structured metadata or drop them altogether. + items: + description: |- + OTLPAttributesSpec contains the configuration for a set of attributes + to store them as index labels or structured metadata or drop them altogether. + properties: + action: + description: |- + Action defines the indexing action for the selected attributes. They + can be either added to structured metadata or drop altogether. + enum: + - structured_metadata + - drop + type: string + attributes: + description: Attributes allows choosing the attributes + by listing their names. + items: + type: string + type: array + regex: + description: Regex allows choosing the attributes + by matching a regular expression. + type: string + required: + - action + type: object + type: array + resourceAttributes: + description: |- + ResourceAttributes contains the configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + properties: + attributes: + description: |- + Attributes contains the configuration for resource attributes + to store them as index labels or structured metadata or drop them altogether. + items: + description: |- + OTLPResourceAttributesConfigSpec contains the configuration for a set of resource attributes + to store them as index labels or structured metadata or drop them altogether. + properties: + action: + description: |- + Action defines the indexing action for the selected resoure attributes. They + can be either indexed as labels, added to structured metadata or drop altogether. + enum: + - index_label + - structured_metadata + - drop + type: string + attributes: + description: |- + Attributes is the list of attributes to configure indexing or drop them + altogether. + items: + type: string + type: array + regex: + description: Regex allows choosing the attributes + by matching a regular expression. + type: string + type: object + type: array + ignoreDefaults: + description: |- + IgnoreDefaults controls whether to ignore the global configuration for resource attributes + indexed as labels. + + + If IgnoreDefaults is true, then this spec needs to contain at least one mapping to a index label. + type: boolean + type: object + scopeAttributes: + description: |- + ScopeAttributes contains the configuration for scope attributes + to store them as index labels or structured metadata or drop them altogether. + items: + description: |- + OTLPAttributesSpec contains the configuration for a set of attributes + to store them as index labels or structured metadata or drop them altogether. + properties: + action: + description: |- + Action defines the indexing action for the selected attributes. They + can be either added to structured metadata or drop altogether. + enum: + - structured_metadata + - drop + type: string + attributes: + description: Attributes allows choosing the attributes + by listing their names. + items: + type: string + type: array + regex: + description: Regex allows choosing the attributes + by matching a regular expression. + type: string + required: + - action + type: object + type: array + type: object + queries: + description: QueryLimits defines the limit applied on querying + log streams. + properties: + blocked: + description: Blocked defines the list of rules to block + matching queries. + items: + description: BlockedQuerySpec defines the rule spec + for queries to be blocked. + minProperties: 1 + properties: + hash: + description: Hash is a 32-bit FNV-1 hash of the + query string. + format: int32 + type: integer + pattern: + description: Pattern defines the pattern matching + the queries to be blocked. + type: string + regex: + description: Regex defines if the pattern is a + regular expression. If false the pattern will + be used only for exact matches. + type: boolean + types: + description: Types defines the list of query types + that should be considered for blocking. + items: + description: BlockedQueryType defines which + type of query a blocked query should apply + to. + enum: + - filter + - limited + - metric + type: string + type: array + type: object + type: array + cardinalityLimit: + description: CardinalityLimit defines the cardinality + limit for index queries. + format: int32 + type: integer + maxChunksPerQuery: + description: |- + MaxChunksPerQuery defines the maximum number of chunks + that can be fetched by a single query. + format: int32 + type: integer + maxEntriesLimitPerQuery: + description: |- + MaxEntriesLimitsPerQuery defines the maximum number of log entries + that will be returned for a query. + format: int32 + type: integer + maxQuerySeries: + description: |- + MaxQuerySeries defines the maximum of unique series + that is returned by a metric query. + format: int32 + type: integer + maxVolumeSeries: + description: MaxVolumeSeries defines the maximum number + of aggregated series in a log-volume response + format: int32 + type: integer + queryTimeout: + default: 3m + description: Timeout when querying ingesters or storage + during the execution of a query request. + type: string + type: object + retention: + description: Retention defines how long logs are kept in + storage. + properties: + days: + description: Days contains the number of days logs are + kept. + minimum: 1 + type: integer + streams: + description: Stream defines the log stream. + items: + description: RetentionStreamSpec defines a log stream + with separate retention time. + properties: + days: + description: Days contains the number of days + logs are kept. + minimum: 1 + type: integer + priority: + default: 1 + description: Priority defines the priority of + this selector compared to other retention rules. + format: int32 + type: integer + selector: + description: Selector contains the LogQL query + used to define the log stream. + type: string + required: + - days + - selector + type: object + type: array + required: + - days + type: object + type: object + description: Tenants defines the limits applied per tenant. + type: object + type: object + managementState: + default: Managed + description: |- + ManagementState defines if the CR should be managed by the operator or not. + Default is managed. + enum: + - Managed + - Unmanaged + type: string + proxy: + description: Proxy defines the spec for the object proxy to configure + cluster proxy information. + properties: + httpProxy: + description: HTTPProxy configures the HTTP_PROXY/http_proxy env + variable. + type: string + httpsProxy: + description: HTTPSProxy configures the HTTPS_PROXY/https_proxy + env variable. + type: string + noProxy: + description: NoProxy configures the NO_PROXY/no_proxy env variable. + type: string + type: object + replication: + description: Replication defines the configuration for Loki data replication. + properties: + factor: + description: Factor defines the policy for log stream replication. + format: int32 + minimum: 1 + type: integer + zones: + description: |- + Zones defines an array of ZoneSpec that the scheduler will try to satisfy. + IMPORTANT: Make sure that the replication factor defined is less than or equal to the number of available zones. + items: + description: ZoneSpec defines the spec to support zone-aware + component deployments. + properties: + maxSkew: + default: 1 + description: MaxSkew describes the maximum degree to which + Pods can be unevenly distributed. + type: integer + topologyKey: + description: TopologyKey is the key that defines a topology + in the Nodes' labels. + type: string + required: + - maxSkew + - topologyKey + type: object + type: array + type: object + replicationFactor: + description: |- + Deprecated: Please use replication.factor instead. This field will be removed in future versions of this CRD. + ReplicationFactor defines the policy for log stream replication. + format: int32 + minimum: 1 + type: integer + rules: + description: Rules defines the spec for the ruler component. + properties: + enabled: + description: Enabled defines a flag to enable/disable the ruler + component + type: boolean + namespaceSelector: + description: |- + Namespaces to be selected for PrometheusRules discovery. If unspecified, only + the same namespace as the LokiStack object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A selector to select which LokiRules to mount for loading alerting/recording + rules from. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - enabled + type: object + size: + description: Size defines one of the support Loki deployment scale + out sizes. + enum: + - 1x.demo + - 1x.extra-small + - 1x.small + - 1x.medium + type: string + storage: + description: Storage defines the spec for the object storage endpoint + to store logs. + properties: + schemas: + default: + - effectiveDate: "2020-10-11" + version: v11 + description: Schemas for reading and writing logs. + items: + description: ObjectStorageSchema defines a schema version and + the date when it will become effective. + properties: + effectiveDate: + description: |- + EffectiveDate contains a date in YYYY-MM-DD format which is interpreted in the UTC time zone. + + + The configuration always needs at least one schema that is currently valid. This means that when creating a new + LokiStack it is recommended to add a schema with the latest available version and an effective date of "yesterday". + New schema versions added to the configuration always needs to be placed "in the future", so that Loki can start + using it once the day rolls over. + pattern: ^([0-9]{4,})([-]([0-9]{2})){2}$ + type: string + version: + description: Version for writing and reading logs. + enum: + - v11 + - v12 + - v13 + type: string + required: + - effectiveDate + - version + type: object + minItems: 1 + type: array + secret: + description: |- + Secret for object storage authentication. + Name of a secret in the same namespace as the LokiStack custom resource. + properties: + credentialMode: + description: |- + CredentialMode can be used to set the desired credential mode for authenticating with the object storage. + If this is not set, then the operator tries to infer the credential mode from the provided secret and its + own configuration. + enum: + - static + - token + - token-cco + type: string + name: + description: Name of a secret in the namespace configured + for object storage secrets. + type: string + type: + description: Type of object storage that should be used + enum: + - azure + - gcs + - s3 + - swift + - alibabacloud + type: string + required: + - name + - type + type: object + tls: + description: TLS configuration for reaching the object storage + endpoint. + properties: + caKey: + description: |- + Key is the data key of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. + If empty, it defaults to "service-ca.crt". + type: string + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. + type: string + required: + - caName + type: object + required: + - secret + type: object + storageClassName: + description: Storage class name defines the storage class for ingester/querier + PVCs. + type: string + template: + description: Template defines the resource/limits/tolerations/nodeselectors + per component. + properties: + compactor: + description: Compactor defines the compaction component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + podAntiAffinity: + description: |- + PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods + of a component. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + distributor: + description: Distributor defines the distributor component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + podAntiAffinity: + description: |- + PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods + of a component. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + gateway: + description: Gateway defines the lokistack gateway component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + podAntiAffinity: + description: |- + PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods + of a component. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + indexGateway: + description: IndexGateway defines the index gateway component + spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + podAntiAffinity: + description: |- + PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods + of a component. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + ingester: + description: Ingester defines the ingester component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + podAntiAffinity: + description: |- + PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods + of a component. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + querier: + description: Querier defines the querier component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + podAntiAffinity: + description: |- + PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods + of a component. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + queryFrontend: + description: QueryFrontend defines the query frontend component + spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + podAntiAffinity: + description: |- + PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods + of a component. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + ruler: + description: Ruler defines the ruler component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + podAntiAffinity: + description: |- + PodAntiAffinity defines the pod anti affinity scheduling rules to schedule pods + of a component. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + tenants: + description: Tenants defines the per-tenant authentication and authorization + spec for the lokistack-gateway component. + properties: + authentication: + description: Authentication defines the lokistack-gateway component + authentication configuration spec per tenant. + items: + description: AuthenticationSpec defines the oidc configuration + per tenant for lokiStack Gateway component. + properties: + mTLS: + description: TLSConfig defines the spec for the mTLS tenant's + authentication. + properties: + ca: + description: CA defines the spec for the custom CA for + tenant's authentication. + properties: + caKey: + description: |- + Key is the data key of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. + If empty, it defaults to "service-ca.crt". + type: string + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. + type: string + required: + - caName + type: object + required: + - ca + type: object + oidc: + description: OIDC defines the spec for the OIDC tenant's + authentication. + properties: + groupClaim: + description: Group claim field from ID Token + type: string + issuerCA: + description: IssuerCA defines the spec for the issuer + CA for tenant's authentication. + properties: + caKey: + description: |- + Key is the data key of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. + If empty, it defaults to "service-ca.crt". + type: string + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. + type: string + required: + - caName + type: object + issuerURL: + description: IssuerURL defines the URL for issuer. + type: string + redirectURL: + description: RedirectURL defines the URL for redirect. + type: string + secret: + description: Secret defines the spec for the clientID + and clientSecret for tenant's authentication. + properties: + name: + description: Name of a secret in the namespace configured + for tenant secrets. + type: string + required: + - name + type: object + usernameClaim: + description: User claim field from ID Token + type: string + required: + - issuerURL + - secret + type: object + tenantId: + description: TenantID defines the id of the tenant. + type: string + tenantName: + description: TenantName defines the name of the tenant. + type: string + required: + - tenantId + - tenantName + type: object + type: array + authorization: + description: Authorization defines the lokistack-gateway component + authorization configuration spec per tenant. + properties: + opa: + description: OPA defines the spec for the third-party endpoint + for tenant's authorization. + properties: + url: + description: URL defines the third-party endpoint for + authorization. + type: string + required: + - url + type: object + roleBindings: + description: RoleBindings defines configuration to bind a + set of roles to a set of subjects. + items: + description: RoleBindingsSpec binds a set of roles to a + set of subjects. + properties: + name: + type: string + roles: + items: + type: string + type: array + subjects: + items: + description: Subject represents a subject that has + been bound to a role. + properties: + kind: + description: SubjectKind is a kind of LokiStack + Gateway RBAC subject. + enum: + - user + - group + type: string + name: + type: string + required: + - kind + - name + type: object + type: array + required: + - name + - roles + - subjects + type: object + type: array + roles: + description: Roles defines a set of permissions to interact + with a tenant. + items: + description: RoleSpec describes a set of permissions to + interact with a tenant. + properties: + name: + type: string + permissions: + items: + description: PermissionType is a LokiStack Gateway + RBAC permission. + enum: + - read + - write + type: string + type: array + resources: + items: + type: string + type: array + tenants: + items: + type: string + type: array + required: + - name + - permissions + - resources + - tenants + type: object + type: array + type: object + mode: + default: openshift-logging + description: Mode defines the mode in which lokistack-gateway + component will be configured. + enum: + - static + - dynamic + - openshift-logging + - openshift-network + type: string + openshift: + description: Openshift defines the configuration specific to Openshift + modes. + properties: + adminGroups: + description: |- + AdminGroups defines a list of groups, whose members are considered to have admin-privileges by the Loki Operator. + Setting this to an empty array disables admin groups. + + + By default the following groups are considered admin-groups: + - system:cluster-admins + - cluster-admin + - dedicated-admin + items: + type: string + type: array + type: object + required: + - mode + type: object + required: + - size + - storage + - storageClassName + type: object + status: + description: LokiStack CR spec Status. + properties: + components: + description: |- + Components provides summary of all Loki pod status grouped + per component. + properties: + compactor: + additionalProperties: + items: + type: string + type: array + description: Compactor is a map to the pod status of the compactor + pod. + type: object + distributor: + additionalProperties: + items: + type: string + type: array + description: Distributor is a map to the per pod status of the + distributor deployment + type: object + gateway: + additionalProperties: + items: + type: string + type: array + description: Gateway is a map to the per pod status of the lokistack + gateway deployment. + type: object + indexGateway: + additionalProperties: + items: + type: string + type: array + description: IndexGateway is a map to the per pod status of the + index gateway statefulset + type: object + ingester: + additionalProperties: + items: + type: string + type: array + description: Ingester is a map to the per pod status of the ingester + statefulset + type: object + querier: + additionalProperties: + items: + type: string + type: array + description: Querier is a map to the per pod status of the querier + deployment + type: object + queryFrontend: + additionalProperties: + items: + type: string + type: array + description: QueryFrontend is a map to the per pod status of the + query frontend deployment + type: object + ruler: + additionalProperties: + items: + type: string + type: array + description: Ruler is a map to the per pod status of the lokistack + ruler statefulset. + type: object + type: object + conditions: + description: Conditions of the Loki deployment health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + storage: + description: |- + Storage provides summary of all changes that have occurred + to the storage configuration. + properties: + credentialMode: + description: CredentialMode contains the authentication mode used + for accessing the object storage. + enum: + - static + - token + - token-cco + type: string + schemas: + description: |- + Schemas is a list of schemas which have been applied + to the LokiStack. + items: + description: ObjectStorageSchema defines a schema version and + the date when it will become effective. + properties: + effectiveDate: + description: |- + EffectiveDate contains a date in YYYY-MM-DD format which is interpreted in the UTC time zone. + + + The configuration always needs at least one schema that is currently valid. This means that when creating a new + LokiStack it is recommended to add a schema with the latest available version and an effective date of "yesterday". + New schema versions added to the configuration always needs to be placed "in the future", so that Loki can start + using it once the day rolls over. + pattern: ^([0-9]{4,})([-]([0-9]{2})){2}$ + type: string + version: + description: Version for writing and reading logs. + enum: + - v11 + - v12 + - v13 + type: string + required: + - effectiveDate + - version + type: object + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: LokiStack is the Schema for the lokistacks API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: LokiStackSpec defines the desired state of LokiStack + properties: + limits: + description: Limits defines the per-tenant limits to be applied to + log stream processing and the per-tenant the config overrides. + properties: + global: + description: Global defines the limits applied globally across + the cluster. + properties: + ingestion: + description: IngestionLimits defines the limits applied on + ingested log streams. + properties: + ingestionBurstSize: + description: |- + IngestionBurstSize defines the local rate-limited sample size per + distributor replica. It should be set to the set at least to the + maximum logs size expected in a single push request. + format: int32 + type: integer + ingestionRate: + description: IngestionRate defines the sample size per + second. Units MB. + format: int32 + type: integer + maxGlobalStreamsPerTenant: + description: |- + MaxGlobalStreamsPerTenant defines the maximum number of active streams + per tenant, across the cluster. + format: int32 + type: integer + maxLabelNameLength: + description: |- + MaxLabelNameLength defines the maximum number of characters allowed + for label keys in log streams. + format: int32 + type: integer + maxLabelNamesPerSeries: + description: |- + MaxLabelNamesPerSeries defines the maximum number of label names per series + in each log stream. + format: int32 + type: integer + maxLabelValueLength: + description: |- + MaxLabelValueLength defines the maximum number of characters allowed + for label values in log streams. + format: int32 + type: integer + maxLineSize: + description: MaxLineSize defines the maximum line size + on ingestion path. Units in Bytes. + format: int32 + type: integer + type: object + queries: + description: QueryLimits defines the limit applied on querying + log streams. + properties: + maxChunksPerQuery: + description: |- + MaxChunksPerQuery defines the maximum number of chunks + that can be fetched by a single query. + format: int32 + type: integer + maxEntriesLimitPerQuery: + description: |- + MaxEntriesLimitsPerQuery defines the maximum number of log entries + that will be returned for a query. + format: int32 + type: integer + maxQuerySeries: + description: |- + MaxQuerySeries defines the maximum of unique series + that is returned by a metric query. + format: int32 + type: integer + type: object + type: object + tenants: + additionalProperties: + description: LimitsTemplateSpec defines the limits and overrides + applied per-tenant. + properties: + ingestion: + description: IngestionLimits defines the limits applied + on ingested log streams. + properties: + ingestionBurstSize: + description: |- + IngestionBurstSize defines the local rate-limited sample size per + distributor replica. It should be set to the set at least to the + maximum logs size expected in a single push request. + format: int32 + type: integer + ingestionRate: + description: IngestionRate defines the sample size per + second. Units MB. + format: int32 + type: integer + maxGlobalStreamsPerTenant: + description: |- + MaxGlobalStreamsPerTenant defines the maximum number of active streams + per tenant, across the cluster. + format: int32 + type: integer + maxLabelNameLength: + description: |- + MaxLabelNameLength defines the maximum number of characters allowed + for label keys in log streams. + format: int32 + type: integer + maxLabelNamesPerSeries: + description: |- + MaxLabelNamesPerSeries defines the maximum number of label names per series + in each log stream. + format: int32 + type: integer + maxLabelValueLength: + description: |- + MaxLabelValueLength defines the maximum number of characters allowed + for label values in log streams. + format: int32 + type: integer + maxLineSize: + description: MaxLineSize defines the maximum line size + on ingestion path. Units in Bytes. + format: int32 + type: integer + type: object + queries: + description: QueryLimits defines the limit applied on querying + log streams. + properties: + maxChunksPerQuery: + description: |- + MaxChunksPerQuery defines the maximum number of chunks + that can be fetched by a single query. + format: int32 + type: integer + maxEntriesLimitPerQuery: + description: |- + MaxEntriesLimitsPerQuery defines the maximum number of log entries + that will be returned for a query. + format: int32 + type: integer + maxQuerySeries: + description: |- + MaxQuerySeries defines the maximum of unique series + that is returned by a metric query. + format: int32 + type: integer + type: object + type: object + description: Tenants defines the limits and overrides applied + per tenant. + type: object + type: object + managementState: + default: Managed + description: |- + ManagementState defines if the CR should be managed by the operator or not. + Default is managed. + enum: + - Managed + - Unmanaged + type: string + replicationFactor: + default: 1 + description: ReplicationFactor defines the policy for log stream replication. + format: int32 + minimum: 1 + type: integer + rules: + description: Rules defines the spec for the ruler component + properties: + enabled: + description: Enabled defines a flag to enable/disable the ruler + component + type: boolean + namespaceSelector: + description: |- + Namespaces to be selected for PrometheusRules discovery. If unspecified, only + the same namespace as the LokiStack object is in is used. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + A selector to select which LokiRules to mount for loading alerting/recording + rules from. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - enabled + type: object + size: + description: Size defines one of the support Loki deployment scale + out sizes. + enum: + - 1x.extra-small + - 1x.small + - 1x.medium + type: string + storage: + description: Storage defines the spec for the object storage endpoint + to store logs. + properties: + schemas: + default: + - effectiveDate: "2020-10-11" + version: v11 + description: Schemas for reading and writing logs. + items: + description: |- + ObjectStorageSchema defines the requirements needed to configure a new + storage schema. + properties: + effectiveDate: + description: |- + EffectiveDate is the date in UTC that the schema will be applied on. + To ensure readibility of logs, this date should be before the current + date in UTC. + pattern: ^([0-9]{4,})([-]([0-9]{2})){2}$ + type: string + version: + description: Version for writing and reading logs. + enum: + - v11 + - v12 + type: string + required: + - effectiveDate + - version + type: object + minItems: 1 + type: array + secret: + description: |- + Secret for object storage authentication. + Name of a secret in the same namespace as the LokiStack custom resource. + properties: + name: + description: Name of a secret in the namespace configured + for object storage secrets. + type: string + type: + description: Type of object storage that should be used + enum: + - azure + - gcs + - s3 + - swift + type: string + required: + - name + - type + type: object + tls: + description: TLS configuration for reaching the object storage + endpoint. + properties: + caName: + description: |- + CA is the name of a ConfigMap containing a CA certificate. + It needs to be in the same namespace as the LokiStack custom resource. + type: string + type: object + required: + - secret + type: object + storageClassName: + description: Storage class name defines the storage class for ingester/querier + PVCs. + type: string + template: + description: Template defines the resource/limits/tolerations/nodeselectors + per component + properties: + compactor: + description: Compactor defines the compaction component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + distributor: + description: Distributor defines the distributor component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + gateway: + description: Gateway defines the lokistack gateway component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + indexGateway: + description: IndexGateway defines the index gateway component + spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + ingester: + description: Ingester defines the ingester component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + querier: + description: Querier defines the querier component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + queryFrontend: + description: QueryFrontend defines the query frontend component + spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + ruler: + description: Ruler defines the ruler component spec. + properties: + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines the labels required by a node to schedule + the component onto it. + type: object + replicas: + description: Replicas defines the number of replica pods of + the component. + format: int32 + type: integer + tolerations: + description: |- + Tolerations defines the tolerations required by a node to schedule + the component onto it. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + tenants: + description: Tenants defines the per-tenant authentication and authorization + spec for the lokistack-gateway component. + properties: + authentication: + description: Authentication defines the lokistack-gateway component + authentication configuration spec per tenant. + items: + description: AuthenticationSpec defines the oidc configuration + per tenant for lokiStack Gateway component. + properties: + oidc: + description: OIDC defines the spec for the OIDC tenant's + authentication. + properties: + groupClaim: + description: Group claim field from ID Token + type: string + issuerURL: + description: IssuerURL defines the URL for issuer. + type: string + redirectURL: + description: RedirectURL defines the URL for redirect. + type: string + secret: + description: Secret defines the spec for the clientID, + clientSecret and issuerCAPath for tenant's authentication. + properties: + name: + description: Name of a secret in the namespace configured + for tenant secrets. + type: string + required: + - name + type: object + usernameClaim: + description: User claim field from ID Token + type: string + required: + - issuerURL + - secret + type: object + tenantId: + description: TenantID defines the id of the tenant. + type: string + tenantName: + description: TenantName defines the name of the tenant. + type: string + required: + - oidc + - tenantId + - tenantName + type: object + type: array + authorization: + description: Authorization defines the lokistack-gateway component + authorization configuration spec per tenant. + properties: + opa: + description: OPA defines the spec for the third-party endpoint + for tenant's authorization. + properties: + url: + description: URL defines the third-party endpoint for + authorization. + type: string + required: + - url + type: object + roleBindings: + description: RoleBindings defines configuration to bind a + set of roles to a set of subjects. + items: + description: RoleBindingsSpec binds a set of roles to a + set of subjects. + properties: + name: + type: string + roles: + items: + type: string + type: array + subjects: + items: + description: Subject represents a subject that has + been bound to a role. + properties: + kind: + description: SubjectKind is a kind of LokiStack + Gateway RBAC subject. + enum: + - user + - group + type: string + name: + type: string + required: + - kind + - name + type: object + type: array + required: + - name + - roles + - subjects + type: object + type: array + roles: + description: Roles defines a set of permissions to interact + with a tenant. + items: + description: RoleSpec describes a set of permissions to + interact with a tenant. + properties: + name: + type: string + permissions: + items: + description: PermissionType is a LokiStack Gateway + RBAC permission. + enum: + - read + - write + type: string + type: array + resources: + items: + type: string + type: array + tenants: + items: + type: string + type: array + required: + - name + - permissions + - resources + - tenants + type: object + type: array + type: object + mode: + default: openshift-logging + description: Mode defines the mode in which lokistack-gateway + component will be configured. + enum: + - static + - dynamic + - openshift-logging + type: string + required: + - mode + type: object + required: + - size + - storage + - storageClassName + type: object + status: + description: LokiStackStatus defines the observed state of LokiStack + properties: + components: + description: |- + Components provides summary of all Loki pod status grouped + per component. + properties: + compactor: + additionalProperties: + items: + type: string + type: array + description: Compactor is a map to the pod status of the compactor + pod. + type: object + distributor: + additionalProperties: + items: + type: string + type: array + description: Distributor is a map to the per pod status of the + distributor deployment + type: object + gateway: + additionalProperties: + items: + type: string + type: array + description: Gateway is a map to the per pod status of the lokistack + gateway deployment. + type: object + indexGateway: + additionalProperties: + items: + type: string + type: array + description: IndexGateway is a map to the per pod status of the + index gateway statefulset + type: object + ingester: + additionalProperties: + items: + type: string + type: array + description: Ingester is a map to the per pod status of the ingester + statefulset + type: object + querier: + additionalProperties: + items: + type: string + type: array + description: Querier is a map to the per pod status of the querier + deployment + type: object + queryFrontend: + additionalProperties: + items: + type: string + type: array + description: QueryFrontend is a map to the per pod status of the + query frontend deployment + type: object + ruler: + additionalProperties: + items: + type: string + type: array + description: Ruler is a map to the per pod status of the lokistack + ruler statefulset. + type: object + type: object + conditions: + description: Conditions of the Loki deployment health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + storage: + description: |- + Storage provides summary of all changes that have occurred + to the storage configuration. + properties: + schemas: + description: |- + Schemas is a list of schemas which have been applied + to the LokiStack. + items: + description: |- + ObjectStorageSchema defines the requirements needed to configure a new + storage schema. + properties: + effectiveDate: + description: |- + EffectiveDate is the date in UTC that the schema will be applied on. + To ensure readibility of logs, this date should be before the current + date in UTC. + pattern: ^([0-9]{4,})([-]([0-9]{2})){2}$ + type: string + version: + description: Version for writing and reading logs. + enum: + - v11 + - v12 + type: string + required: + - effectiveDate + - version + type: object + type: array + type: object + type: object + type: object + served: false + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/loki-operator/0.6.2/manifests/loki.grafana.com_recordingrules.yaml b/operators/loki-operator/0.6.2/manifests/loki.grafana.com_recordingrules.yaml new file mode 100644 index 00000000000..91df47a6c68 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki.grafana.com_recordingrules.yaml @@ -0,0 +1,361 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: recordingrules.loki.grafana.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: loki-operator-webhook-service + namespace: loki-operator + path: /convert + port: 443 + conversionReviewVersions: + - v1 + - v1beta1 + group: loki.grafana.com + names: + kind: RecordingRule + listKind: RecordingRuleList + plural: recordingrules + singular: recordingrule + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: RecordingRule is the Schema for the recordingrules API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RecordingRuleSpec defines the desired state of RecordingRule + properties: + groups: + description: List of groups for recording rules. + items: + description: RecordingRuleGroup defines a group of Loki recording + rules. + properties: + interval: + default: 1m + description: |- + Interval defines the time interval between evaluation of the given + recoding rule. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + limit: + description: Limit defines the number of series a recording + rule can produce. 0 is no limit. + format: int32 + type: integer + name: + description: Name of the recording rule group. Must be unique + within all recording rules. + type: string + rules: + description: Rules defines a list of recording rules + items: + description: RecordingRuleGroupSpec defines the spec for a + Loki recording rule. + properties: + expr: + description: |- + The LogQL expression to evaluate. Every evaluation cycle this is + evaluated at the current time, and all resultant time series become + pending/firing alerts. + type: string + labels: + additionalProperties: + type: string + description: Labels to add to each recording rule. + type: object + record: + description: The name of the time series to output to. + Must be a valid metric name. + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + tenantID: + description: TenantID of tenant where the recording rules are evaluated + in. + type: string + required: + - tenantID + type: object + status: + description: RecordingRuleStatus defines the observed state of RecordingRule + properties: + conditions: + description: Conditions of the RecordingRule generation health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RecordingRule is the Schema for the recordingrules API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RecordingRuleSpec defines the desired state of RecordingRule + properties: + groups: + description: List of groups for recording rules. + items: + description: RecordingRuleGroup defines a group of Loki recording + rules. + properties: + interval: + default: 1m + description: |- + Interval defines the time interval between evaluation of the given + recoding rule. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + limit: + description: Limit defines the number of series a recording + rule can produce. 0 is no limit. + format: int32 + type: integer + name: + description: Name of the recording rule group. Must be unique + within all recording rules. + type: string + rules: + description: Rules defines a list of recording rules + items: + description: RecordingRuleGroupSpec defines the spec for a + Loki recording rule. + properties: + expr: + description: |- + The LogQL expression to evaluate. Every evaluation cycle this is + evaluated at the current time, and all resultant time series become + pending/firing alerts. + type: string + record: + description: The name of the time series to output to. + Must be a valid metric name. + type: string + required: + - expr + type: object + type: array + required: + - name + - rules + type: object + type: array + tenantID: + description: TenantID of tenant where the recording rules are evaluated + in. + type: string + required: + - tenantID + type: object + status: + description: RecordingRuleStatus defines the observed state of RecordingRule + properties: + conditions: + description: Conditions of the RecordingRule generation health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/loki-operator/0.6.2/manifests/loki.grafana.com_rulerconfigs.yaml b/operators/loki-operator/0.6.2/manifests/loki.grafana.com_rulerconfigs.yaml new file mode 100644 index 00000000000..594a2d724d9 --- /dev/null +++ b/operators/loki-operator/0.6.2/manifests/loki.grafana.com_rulerconfigs.yaml @@ -0,0 +1,1386 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.6.2 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.6.2 + name: rulerconfigs.loki.grafana.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: loki-operator-webhook-service + namespace: loki-operator + path: /convert + port: 443 + conversionReviewVersions: + - v1 + - v1beta1 + group: loki.grafana.com + names: + kind: RulerConfig + listKind: RulerConfigList + plural: rulerconfigs + singular: rulerconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: RulerConfig is the Schema for the rulerconfigs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RulerConfigSpec defines the desired state of Ruler + properties: + alertmanager: + description: Defines alert manager configuration to notify on firing + alerts. + properties: + client: + description: Client configuration for reaching the alertmanager + endpoint. + properties: + basicAuth: + description: Basic authentication configuration for reaching + the alertmanager endpoints. + properties: + password: + description: The subject's password for the basic authentication + configuration. + type: string + username: + description: The subject's username for the basic authentication + configuration. + type: string + type: object + headerAuth: + description: Header authentication configuration for reaching + the alertmanager endpoints. + properties: + credentials: + description: The credentials for the header authentication + configuration. + type: string + credentialsFile: + description: The credentials file for the Header authentication + configuration. It is mutually exclusive with `credentials`. + type: string + type: + description: The authentication type for the header authentication + configuration. + type: string + type: object + tls: + description: TLS configuration for reaching the alertmanager + endpoints. + properties: + caPath: + description: The CA certificate file path for the TLS + configuration. + type: string + certPath: + description: The client-side certificate file path for + the TLS configuration. + type: string + insecureSkipVerify: + description: Skip validating server certificate. + type: boolean + keyPath: + description: The client-side key file path for the TLS + configuration. + type: string + serverName: + description: The server name to validate in the alertmanager + server certificates. + type: string + type: object + type: object + discovery: + description: Defines the configuration for DNS-based discovery + of AlertManager hosts. + properties: + enableSRV: + description: Use DNS SRV records to discover Alertmanager + hosts. + type: boolean + refreshInterval: + default: 1m + description: How long to wait between refreshing DNS resolutions + of Alertmanager hosts. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + enableV2: + description: If enabled, then requests to Alertmanager use the + v2 API. + type: boolean + endpoints: + description: |- + List of AlertManager URLs to send notifications to. Each Alertmanager URL is treated as + a separate group in the configuration. Multiple Alertmanagers in HA per group can be + supported by using DNS resolution (See EnableDNSDiscovery). + items: + type: string + type: array + externalLabels: + additionalProperties: + type: string + description: Additional labels to add to all alerts. + type: object + externalUrl: + description: URL for alerts return path. + type: string + notificationQueue: + description: Defines the configuration for the notification queue + to AlertManager hosts. + properties: + capacity: + default: 10000 + description: Capacity of the queue for notifications to be + sent to the Alertmanager. + format: int32 + type: integer + forGracePeriod: + default: 10m + description: |- + Minimum duration between alert and restored "for" state. This is maintained + only for alerts with configured "for" time greater than the grace period. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + forOutageTolerance: + default: 1h + description: Max time to tolerate outage for restoring "for" + state of alert. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + resendDelay: + default: 1m + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + timeout: + default: 10s + description: HTTP timeout duration when sending notifications + to the Alertmanager. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + relabelConfigs: + description: List of alert relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. + It defines `` and `` sections of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace' + enum: + - drop + - hashmod + - keep + - labeldrop + - labelkeep + - labelmap + - replace + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + default: (.*) + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + default: $1 + description: |- + Replacement value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + default: ; + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is concatenated + using the configured separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: |- + Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + type: string + required: + - sourceLabels + type: object + type: array + required: + - endpoints + type: object + evaluationInterval: + default: 1m + description: Interval on how frequently to evaluate rules. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + overrides: + additionalProperties: + description: RulerOverrides defines the overrides applied per-tenant. + properties: + alertmanager: + description: AlertManagerOverrides defines the overrides to + apply to the alertmanager config. + properties: + client: + description: Client configuration for reaching the alertmanager + endpoint. + properties: + basicAuth: + description: Basic authentication configuration for + reaching the alertmanager endpoints. + properties: + password: + description: The subject's password for the basic + authentication configuration. + type: string + username: + description: The subject's username for the basic + authentication configuration. + type: string + type: object + headerAuth: + description: Header authentication configuration for + reaching the alertmanager endpoints. + properties: + credentials: + description: The credentials for the header authentication + configuration. + type: string + credentialsFile: + description: The credentials file for the Header + authentication configuration. It is mutually exclusive + with `credentials`. + type: string + type: + description: The authentication type for the header + authentication configuration. + type: string + type: object + tls: + description: TLS configuration for reaching the alertmanager + endpoints. + properties: + caPath: + description: The CA certificate file path for the + TLS configuration. + type: string + certPath: + description: The client-side certificate file path + for the TLS configuration. + type: string + insecureSkipVerify: + description: Skip validating server certificate. + type: boolean + keyPath: + description: The client-side key file path for the + TLS configuration. + type: string + serverName: + description: The server name to validate in the + alertmanager server certificates. + type: string + type: object + type: object + discovery: + description: Defines the configuration for DNS-based discovery + of AlertManager hosts. + properties: + enableSRV: + description: Use DNS SRV records to discover Alertmanager + hosts. + type: boolean + refreshInterval: + default: 1m + description: How long to wait between refreshing DNS + resolutions of Alertmanager hosts. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + enableV2: + description: If enabled, then requests to Alertmanager use + the v2 API. + type: boolean + endpoints: + description: |- + List of AlertManager URLs to send notifications to. Each Alertmanager URL is treated as + a separate group in the configuration. Multiple Alertmanagers in HA per group can be + supported by using DNS resolution (See EnableDNSDiscovery). + items: + type: string + type: array + externalLabels: + additionalProperties: + type: string + description: Additional labels to add to all alerts. + type: object + externalUrl: + description: URL for alerts return path. + type: string + notificationQueue: + description: Defines the configuration for the notification + queue to AlertManager hosts. + properties: + capacity: + default: 10000 + description: Capacity of the queue for notifications + to be sent to the Alertmanager. + format: int32 + type: integer + forGracePeriod: + default: 10m + description: |- + Minimum duration between alert and restored "for" state. This is maintained + only for alerts with configured "for" time greater than the grace period. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + forOutageTolerance: + default: 1h + description: Max time to tolerate outage for restoring + "for" state of alert. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + resendDelay: + default: 1m + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + timeout: + default: 10s + description: HTTP timeout duration when sending notifications + to the Alertmanager. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + relabelConfigs: + description: List of alert relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. + It defines `` and `` sections of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace' + enum: + - drop + - hashmod + - keep + - labeldrop + - labelkeep + - labelmap + - replace + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + default: (.*) + description: Regular expression against which the + extracted value is matched. Default is '(.*)' + type: string + replacement: + default: $1 + description: |- + Replacement value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + default: ; + description: Separator placed between concatenated + source label values. default is ';'. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is concatenated + using the configured separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: |- + Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + type: string + required: + - sourceLabels + type: object + type: array + required: + - endpoints + type: object + type: object + description: Overrides defines the config overrides to be applied + per-tenant. + type: object + pollInterval: + default: 1m + description: Interval on how frequently to poll for new rule definitions. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + remoteWrite: + description: Defines a remote write endpoint to write recording rule + metrics. + properties: + client: + description: Defines the configuration for remote write client. + properties: + additionalHeaders: + additionalProperties: + type: string + description: Additional HTTP headers to be sent along with + each remote write request. + type: object + authorization: + description: Type of authorzation to use to access the remote + write endpoint + enum: + - basic + - header + type: string + authorizationSecretName: + description: Name of a secret in the namespace configured + for authorization secrets. + type: string + followRedirects: + default: true + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + name: + description: Name of the remote write config, which if specified + must be unique among remote write configs. + type: string + proxyUrl: + description: Optional proxy URL. + type: string + relabelConfigs: + description: List of remote write relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. + It defines `` and `` sections of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace' + enum: + - drop + - hashmod + - keep + - labeldrop + - labelkeep + - labelmap + - replace + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + default: (.*) + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + default: $1 + description: |- + Replacement value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + default: ; + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is concatenated + using the configured separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: |- + Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + type: string + required: + - sourceLabels + type: object + type: array + timeout: + default: 30s + description: Timeout for requests to the remote write endpoint. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - authorization + - authorizationSecretName + - name + - url + type: object + enabled: + description: Enable remote-write functionality. + type: boolean + queue: + description: Defines the configuration for remote write client + queue. + properties: + batchSendDeadline: + default: 5s + description: Maximum time a sample will wait in buffer. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + capacity: + default: 2500 + description: Number of samples to buffer per shard before + we block reading of more + format: int32 + type: integer + maxBackOffPeriod: + default: 100ms + description: Maximum retry delay. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + maxSamplesPerSend: + default: 500 + description: Maximum number of samples per send. + format: int32 + type: integer + maxShards: + default: 200 + description: Maximum number of shards, i.e. amount of concurrency. + format: int32 + type: integer + minBackOffPeriod: + default: 30ms + description: Initial retry delay. Gets doubled for every retry. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + minShards: + default: 200 + description: Minimum number of shards, i.e. amount of concurrency. + format: int32 + type: integer + type: object + refreshPeriod: + default: 10s + description: Minimum period to wait between refreshing remote-write + reconfigurations. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + type: object + status: + description: RulerConfigStatus defines the observed state of RulerConfig + properties: + conditions: + description: Conditions of the RulerConfig health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RulerConfig is the Schema for the rulerconfigs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RulerConfigSpec defines the desired state of Ruler + properties: + alertmanager: + description: Defines alert manager configuration to notify on firing + alerts. + properties: + client: + description: Client configuration for reaching the alertmanager + endpoint. + properties: + basicAuth: + description: Basic authentication configuration for reaching + the alertmanager endpoints. + properties: + password: + description: The subject's password for the basic authentication + configuration. + type: string + username: + description: The subject's username for the basic authentication + configuration. + type: string + type: object + headerAuth: + description: Header authentication configuration for reaching + the alertmanager endpoints. + properties: + credentials: + description: The credentials for the header authentication + configuration. + type: string + credentialsFile: + description: The credentials file for the Header authentication + configuration. It is mutually exclusive with `credentials`. + type: string + type: + description: The authentication type for the header authentication + configuration. + type: string + type: object + tls: + description: TLS configuration for reaching the alertmanager + endpoints. + properties: + caPath: + description: The CA certificate file path for the TLS + configuration. + type: string + certPath: + description: The client-side certificate file path for + the TLS configuration. + type: string + keyPath: + description: The client-side key file path for the TLS + configuration. + type: string + serverName: + description: The server name to validate in the alertmanager + server certificates. + type: string + type: object + type: object + discovery: + description: Defines the configuration for DNS-based discovery + of AlertManager hosts. + properties: + enableSRV: + description: Use DNS SRV records to discover Alertmanager + hosts. + type: boolean + refreshInterval: + default: 1m + description: How long to wait between refreshing DNS resolutions + of Alertmanager hosts. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + enableV2: + description: If enabled, then requests to Alertmanager use the + v2 API. + type: boolean + endpoints: + description: |- + List of AlertManager URLs to send notifications to. Each Alertmanager URL is treated as + a separate group in the configuration. Multiple Alertmanagers in HA per group can be + supported by using DNS resolution (See EnableDNSDiscovery). + items: + type: string + type: array + externalLabels: + additionalProperties: + type: string + description: Additional labels to add to all alerts. + type: object + externalUrl: + description: URL for alerts return path. + type: string + notificationQueue: + description: Defines the configuration for the notification queue + to AlertManager hosts. + properties: + capacity: + default: 10000 + description: Capacity of the queue for notifications to be + sent to the Alertmanager. + format: int32 + type: integer + forGracePeriod: + default: 10m + description: |- + Minimum duration between alert and restored "for" state. This is maintained + only for alerts with configured "for" time greater than the grace period. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + forOutageTolerance: + default: 1h + description: Max time to tolerate outage for restoring "for" + state of alert. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + resendDelay: + default: 1m + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + timeout: + default: 10s + description: HTTP timeout duration when sending notifications + to the Alertmanager. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + relabelConfigs: + description: List of alert relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. + It defines `` and `` sections of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace' + enum: + - drop + - hashmod + - keep + - labeldrop + - labelkeep + - labelmap + - replace + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + default: (.*) + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + default: $1 + description: |- + Replacement value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + default: ; + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is concatenated + using the configured separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: |- + Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + type: string + required: + - sourceLabels + type: object + type: array + required: + - endpoints + type: object + evaluationInterval: + default: 1m + description: Interval on how frequently to evaluate rules. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + overrides: + additionalProperties: + description: RulerOverrides defines the overrides applied per-tenant. + properties: + alertmanager: + description: AlertManagerOverrides defines the overrides to + apply to the alertmanager config. + properties: + client: + description: Client configuration for reaching the alertmanager + endpoint. + properties: + basicAuth: + description: Basic authentication configuration for + reaching the alertmanager endpoints. + properties: + password: + description: The subject's password for the basic + authentication configuration. + type: string + username: + description: The subject's username for the basic + authentication configuration. + type: string + type: object + headerAuth: + description: Header authentication configuration for + reaching the alertmanager endpoints. + properties: + credentials: + description: The credentials for the header authentication + configuration. + type: string + credentialsFile: + description: The credentials file for the Header + authentication configuration. It is mutually exclusive + with `credentials`. + type: string + type: + description: The authentication type for the header + authentication configuration. + type: string + type: object + tls: + description: TLS configuration for reaching the alertmanager + endpoints. + properties: + caPath: + description: The CA certificate file path for the + TLS configuration. + type: string + certPath: + description: The client-side certificate file path + for the TLS configuration. + type: string + keyPath: + description: The client-side key file path for the + TLS configuration. + type: string + serverName: + description: The server name to validate in the + alertmanager server certificates. + type: string + type: object + type: object + discovery: + description: Defines the configuration for DNS-based discovery + of AlertManager hosts. + properties: + enableSRV: + description: Use DNS SRV records to discover Alertmanager + hosts. + type: boolean + refreshInterval: + default: 1m + description: How long to wait between refreshing DNS + resolutions of Alertmanager hosts. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + enableV2: + description: If enabled, then requests to Alertmanager use + the v2 API. + type: boolean + endpoints: + description: |- + List of AlertManager URLs to send notifications to. Each Alertmanager URL is treated as + a separate group in the configuration. Multiple Alertmanagers in HA per group can be + supported by using DNS resolution (See EnableDNSDiscovery). + items: + type: string + type: array + externalLabels: + additionalProperties: + type: string + description: Additional labels to add to all alerts. + type: object + externalUrl: + description: URL for alerts return path. + type: string + notificationQueue: + description: Defines the configuration for the notification + queue to AlertManager hosts. + properties: + capacity: + default: 10000 + description: Capacity of the queue for notifications + to be sent to the Alertmanager. + format: int32 + type: integer + forGracePeriod: + default: 10m + description: |- + Minimum duration between alert and restored "for" state. This is maintained + only for alerts with configured "for" time greater than the grace period. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + forOutageTolerance: + default: 1h + description: Max time to tolerate outage for restoring + "for" state of alert. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + resendDelay: + default: 1m + description: Minimum amount of time to wait before resending + an alert to Alertmanager. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + timeout: + default: 10s + description: HTTP timeout duration when sending notifications + to the Alertmanager. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + relabelConfigs: + description: List of alert relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. + It defines `` and `` sections of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace' + enum: + - drop + - hashmod + - keep + - labeldrop + - labelkeep + - labelmap + - replace + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + default: (.*) + description: Regular expression against which the + extracted value is matched. Default is '(.*)' + type: string + replacement: + default: $1 + description: |- + Replacement value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + default: ; + description: Separator placed between concatenated + source label values. default is ';'. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is concatenated + using the configured separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: |- + Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + type: string + required: + - sourceLabels + type: object + type: array + required: + - endpoints + type: object + type: object + description: Overrides defines the config overrides to be applied + per-tenant. + type: object + pollInterval: + default: 1m + description: Interval on how frequently to poll for new rule definitions. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + remoteWrite: + description: Defines a remote write endpoint to write recording rule + metrics. + properties: + client: + description: Defines the configuration for remote write client. + properties: + additionalHeaders: + additionalProperties: + type: string + description: Additional HTTP headers to be sent along with + each remote write request. + type: object + authorization: + description: Type of authorzation to use to access the remote + write endpoint + enum: + - basic + - header + type: string + authorizationSecretName: + description: Name of a secret in the namespace configured + for authorization secrets. + type: string + followRedirects: + default: true + description: Configure whether HTTP requests follow HTTP 3xx + redirects. + type: boolean + name: + description: Name of the remote write config, which if specified + must be unique among remote write configs. + type: string + proxyUrl: + description: Optional proxy URL. + type: string + relabelConfigs: + description: List of remote write relabel configurations. + items: + description: |- + RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. + It defines `` and `` sections of Prometheus configuration. + More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace' + enum: + - drop + - hashmod + - keep + - labeldrop + - labelkeep + - labelmap + - replace + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + default: (.*) + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + default: $1 + description: |- + Replacement value against which a regex replace is performed if the + regular expression matches. Regex capture groups are available. Default is '$1' + type: string + separator: + default: ; + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: |- + The source labels select values from existing labels. Their content is concatenated + using the configured separator and matched against the configured regular expression + for the replace, keep, and drop actions. + items: + type: string + type: array + targetLabel: + description: |- + Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. Regex capture groups are available. + type: string + required: + - sourceLabels + type: object + type: array + timeout: + default: 30s + description: Timeout for requests to the remote write endpoint. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + url: + description: The URL of the endpoint to send samples to. + type: string + required: + - authorization + - authorizationSecretName + - name + - url + type: object + enabled: + description: Enable remote-write functionality. + type: boolean + queue: + description: Defines the configuration for remote write client + queue. + properties: + batchSendDeadline: + default: 5s + description: Maximum time a sample will wait in buffer. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + capacity: + default: 2500 + description: Number of samples to buffer per shard before + we block reading of more + format: int32 + type: integer + maxBackOffPeriod: + default: 100ms + description: Maximum retry delay. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + maxSamplesPerSend: + default: 500 + description: Maximum number of samples per send. + format: int32 + type: integer + maxShards: + default: 200 + description: Maximum number of shards, i.e. amount of concurrency. + format: int32 + type: integer + minBackOffPeriod: + default: 30ms + description: Initial retry delay. Gets doubled for every retry. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + minShards: + default: 200 + description: Minimum number of shards, i.e. amount of concurrency. + format: int32 + type: integer + type: object + refreshPeriod: + default: 10s + description: Minimum period to wait between refreshing remote-write + reconfigurations. + pattern: ((([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?|0) + type: string + type: object + type: object + status: + description: RulerConfigStatus defines the observed state of RulerConfig + properties: + conditions: + description: Conditions of the RulerConfig health. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: false + storage: false + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/loki-operator/0.6.2/metadata/annotations.yaml b/operators/loki-operator/0.6.2/metadata/annotations.yaml new file mode 100644 index 00000000000..f17f3ab1caa --- /dev/null +++ b/operators/loki-operator/0.6.2/metadata/annotations.yaml @@ -0,0 +1,15 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: loki-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-unknown + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/loki-operator/0.6.2/tests/scorecard/config.yaml b/operators/loki-operator/0.6.2/tests/scorecard/config.yaml new file mode 100644 index 00000000000..fde2af8b260 --- /dev/null +++ b/operators/loki-operator/0.6.2/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/mariadb-operator/0.31.0/manifests/helm.mariadb.mmontes.io_mariadboperators.yaml b/operators/mariadb-operator/0.31.0/manifests/helm.mariadb.mmontes.io_mariadboperators.yaml new file mode 100644 index 00000000000..9b9f6fbc0e8 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/helm.mariadb.mmontes.io_mariadboperators.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: mariadboperators.helm.mariadb.mmontes.io +spec: + group: helm.mariadb.mmontes.io + names: + kind: MariadbOperator + listKind: MariadbOperatorList + plural: mariadboperators + singular: mariadboperator + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MariadbOperator is the Schema for the mariadboperators API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of MariadbOperator + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of MariadbOperator + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_backups.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_backups.yaml new file mode 100644 index 00000000000..89ac34f9954 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_backups.yaml @@ -0,0 +1,3819 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: backups.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: Backup + listKind: BackupList + plural: backups + shortNames: + - bmdb + singular: backup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Complete")].status + name: Complete + type: string + - jsonPath: .status.conditions[?(@.type=="Complete")].message + name: Status + type: string + - jsonPath: .spec.mariaDbRef.name + name: MariaDB + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API. It is used to define + backup jobs and its storage. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + backoffLimit: + description: BackoffLimit defines the maximum number of attempts to + successfully take a Backup. + format: int32 + type: integer + databases: + description: Databases defines the logical databases to be backed + up. If not provided, all databases are backed up. + items: + type: string + type: array + failedJobsHistoryLimit: + description: FailedJobsHistoryLimit defines the maximum number of + failed Jobs to be displayed. + format: int32 + minimum: 0 + type: integer + ignoreGlobalPriv: + description: |- + IgnoreGlobalPriv indicates to ignore the mysql.global_priv in backups. + If not provided, it will default to true when the referred MariaDB instance has Galera enabled and otherwise to false. + See: https://github.com/mariadb-operator/mariadb-operator/issues/556 + type: boolean + imagePullSecrets: + description: ImagePullSecrets is the list of pull Secrets to be used + to pull the image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + inheritMetadata: + description: InheritMetadata defines the metadata to be inherited + by children resources. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + logLevel: + default: info + description: LogLevel to be used n the Backup Job. It defaults to + 'info'. + type: string + mariaDbRef: + description: MariaDBRef is a reference to a MariaDB object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + waitForIt: + default: true + description: WaitForIt indicates whether the controller using + this reference should wait for MariaDB to be ready. + type: boolean + type: object + x-kubernetes-map-type: atomic + maxRetention: + description: |- + MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job. + It defaults to 30 days. + type: string + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to be used in the Pod. + type: object + podMetadata: + description: PodMetadata defines extra metadata for the Pod. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podSecurityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName to be used in the Pod. + type: string + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + default: OnFailure + description: RestartPolicy to be added to the Backup Pod. + enum: + - Always + - OnFailure + - Never + type: string + schedule: + description: Schedule defines when the Backup will be taken. + properties: + cron: + description: Cron is a cron expression that defines the schedule. + type: string + suspend: + default: false + description: Suspend defines whether the schedule is active or + not. + type: boolean + required: + - cron + type: object + securityContext: + description: SecurityContext holds security configuration that will + be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to be used by the Pods. + type: string + storage: + description: Storage to be used in the Backup. + properties: + persistentVolumeClaim: + description: PersistentVolumeClaim is a Kubernetes PVC specification. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + s3: + description: S3 defines the configuration to store backups in + a S3 compatible storage. + properties: + accessKeyIdSecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret + key containing the S3 access key id. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + description: Bucket is the name Name of the bucket to store + backups. + type: string + endpoint: + description: Endpoint is the S3 API endpoint without scheme. + type: string + prefix: + description: 'Prefix indicates a folder/subfolder in the bucket. + For example: mariadb/ or mariadb/backups. A trailing slash + ''/'' is added if not provided.' + type: string + region: + description: Region is the S3 region name to use. + type: string + secretAccessKeySecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret + key containing the S3 secret key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecretKeyRef: + description: SessionTokenSecretKeyRef is a reference to a + Secret key containing the S3 session token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tls: + description: TLS provides the configuration required to establish + TLS connections with S3. + properties: + caSecretKeyRef: + description: |- + CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enabled: + description: Enabled is a flag to enable TLS. + type: boolean + type: object + required: + - accessKeyIdSecretKeyRef + - bucket + - endpoint + - secretAccessKeySecretKeyRef + type: object + volume: + description: Volume is a Kubernetes volume specification. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in + the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to + shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external CSI + drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and + uid are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to + the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + type: object + type: object + successfulJobsHistoryLimit: + description: SuccessfulJobsHistoryLimit defines the maximum number + of successful Jobs to be displayed. + format: int32 + minimum: 0 + type: integer + timeZone: + description: TimeZone defines the timezone associated with the cron + expression. + type: string + tolerations: + description: Tolerations to be used in the Pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + required: + - mariaDbRef + - storage + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + conditions: + description: Conditions for the Backup object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_connections.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_connections.yaml new file mode 100644 index 00000000000..e2b0c799ee1 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_connections.yaml @@ -0,0 +1,327 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: connections.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: Connection + listKind: ConnectionList + plural: connections + shortNames: + - cmdb + singular: connection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .spec.secretName + name: Secret + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Connection is the Schema for the connections API. It is used + to configure connection strings for the applications connecting to MariaDB. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConnectionSpec defines the desired state of Connection + properties: + database: + description: Database to use when configuring the Connection. + type: string + healthCheck: + description: HealthCheck to be used in the Connection. + properties: + interval: + description: Interval used to perform health checks. + type: string + retryInterval: + description: RetryInterval is the interval used to perform health + check retries. + type: string + type: object + host: + description: Host to connect to. If not provided, it defaults to the + MariaDB host or to the MaxScale host. + type: string + mariaDbRef: + description: MariaDBRef is a reference to the MariaDB to connect to. + Either MariaDBRef or MaxScaleRef must be provided. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + waitForIt: + default: true + description: WaitForIt indicates whether the controller using + this reference should wait for MariaDB to be ready. + type: boolean + type: object + x-kubernetes-map-type: atomic + maxScaleRef: + description: MaxScaleRef is a reference to the MaxScale to connect + to. Either MariaDBRef or MaxScaleRef must be provided. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + params: + additionalProperties: + type: string + description: Params to be used in the Connection. + type: object + passwordSecretKeyRef: + description: |- + PasswordSecretKeyRef is a reference to the password to use for configuring the Connection. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + port: + description: Port to connect to. If not provided, it defaults to the + MariaDB port or to the first MaxScale listener. + format: int32 + type: integer + secretName: + description: SecretName to be used in the Connection. + type: string + secretTemplate: + description: SecretTemplate to be used in the Connection. + properties: + databaseKey: + description: DatabaseKey to be used in the Secret. + type: string + format: + description: Format to be used in the Secret. + type: string + hostKey: + description: HostKey to be used in the Secret. + type: string + key: + description: Key to be used in the Secret. + type: string + metadata: + description: Metadata to be added to the Secret object. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + passwordKey: + description: PasswordKey to be used in the Secret. + type: string + portKey: + description: PortKey to be used in the Secret. + type: string + usernameKey: + description: UsernameKey to be used in the Secret. + type: string + type: object + serviceName: + description: ServiceName to be used in the Connection. + type: string + username: + description: Username to use for configuring the Connection. + type: string + required: + - passwordSecretKeyRef + - username + type: object + status: + description: ConnectionStatus defines the observed state of Connection + properties: + conditions: + description: Conditions for the Connection object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_databases.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_databases.yaml new file mode 100644 index 00000000000..32e8d4dd7bb --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_databases.yaml @@ -0,0 +1,215 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: databases.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: Database + listKind: DatabaseList + plural: databases + shortNames: + - dmdb + singular: database + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .spec.characterSet + name: CharSet + type: string + - jsonPath: .spec.collate + name: Collate + type: string + - jsonPath: .spec.mariaDbRef.name + name: MariaDB + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.name + name: Name + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Database is the Schema for the databases API. It is used to define + a logical database as if you were running a 'CREATE DATABASE' statement. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatabaseSpec defines the desired state of Database + properties: + characterSet: + default: utf8 + description: CharacterSet to use in the Database. + type: string + cleanupPolicy: + description: CleanupPolicy defines the behavior for cleaning up a + SQL resource. + enum: + - Skip + - Delete + type: string + collate: + default: utf8_general_ci + description: Collate to use in the Database. + type: string + mariaDbRef: + description: MariaDBRef is a reference to a MariaDB object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + waitForIt: + default: true + description: WaitForIt indicates whether the controller using + this reference should wait for MariaDB to be ready. + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: Name overrides the default Database name provided by + metadata.name. + maxLength: 80 + type: string + requeueInterval: + description: RequeueInterval is used to perform requeue reconciliations. + type: string + retryInterval: + description: RetryInterval is the interval used to perform retries. + type: string + required: + - mariaDbRef + type: object + status: + description: DatabaseStatus defines the observed state of Database + properties: + conditions: + description: Conditions for the Database object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_grants.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_grants.yaml new file mode 100644 index 00000000000..1636a6b68d1 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_grants.yaml @@ -0,0 +1,232 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: grants.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: Grant + listKind: GrantList + plural: grants + shortNames: + - gmdb + singular: grant + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .spec.database + name: Database + type: string + - jsonPath: .spec.table + name: Table + type: string + - jsonPath: .spec.username + name: Username + type: string + - jsonPath: .spec.grantOption + name: GrantOpt + type: string + - jsonPath: .spec.mariaDbRef.name + name: MariaDB + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Grant is the Schema for the grants API. It is used to define + grants as if you were running a 'GRANT' statement. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: GrantSpec defines the desired state of Grant + properties: + cleanupPolicy: + description: CleanupPolicy defines the behavior for cleaning up a + SQL resource. + enum: + - Skip + - Delete + type: string + database: + default: '*' + description: Database to use in the Grant. + type: string + grantOption: + default: false + description: GrantOption to use in the Grant. + type: boolean + host: + description: Host to use in the Grant. It can be localhost, an IP + or '%'. + type: string + mariaDbRef: + description: MariaDBRef is a reference to a MariaDB object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + waitForIt: + default: true + description: WaitForIt indicates whether the controller using + this reference should wait for MariaDB to be ready. + type: boolean + type: object + x-kubernetes-map-type: atomic + privileges: + description: Privileges to use in the Grant. + items: + type: string + minItems: 1 + type: array + requeueInterval: + description: RequeueInterval is used to perform requeue reconciliations. + type: string + retryInterval: + description: RetryInterval is the interval used to perform retries. + type: string + table: + default: '*' + description: Table to use in the Grant. + type: string + username: + description: Username to use in the Grant. + type: string + required: + - mariaDbRef + - privileges + - username + type: object + status: + description: GrantStatus defines the observed state of Grant + properties: + conditions: + description: Conditions for the Grant object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_mariadbs.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_mariadbs.yaml new file mode 100644 index 00000000000..1b92f9ce80b --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_mariadbs.yaml @@ -0,0 +1,25215 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: mariadbs.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: MariaDB + listKind: MariaDBList + plural: mariadbs + shortNames: + - mdb + singular: mariadb + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .status.currentPrimary + name: Primary Pod + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: MariaDB is the Schema for the mariadbs API. It is used to define + MariaDB clusters. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MariaDBSpec defines the desired state of MariaDB + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + bootstrapFrom: + description: BootstrapFrom defines a source to bootstrap from. + properties: + backupRef: + description: BackupRef is a reference to a Backup object. It has + priority over S3 and Volume. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + restoreJob: + description: RestoreJob defines additional properties for the + Job used to perform the Restore. + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + metadata: + description: Metadata defines additional metadata for the + bootstrap Jobs. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + s3: + description: S3 defines the configuration to restore backups from + a S3 compatible storage. It has priority over Volume. + properties: + accessKeyIdSecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret + key containing the S3 access key id. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + description: Bucket is the name Name of the bucket to store + backups. + type: string + endpoint: + description: Endpoint is the S3 API endpoint without scheme. + type: string + prefix: + description: 'Prefix indicates a folder/subfolder in the bucket. + For example: mariadb/ or mariadb/backups. A trailing slash + ''/'' is added if not provided.' + type: string + region: + description: Region is the S3 region name to use. + type: string + secretAccessKeySecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret + key containing the S3 secret key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecretKeyRef: + description: SessionTokenSecretKeyRef is a reference to a + Secret key containing the S3 session token. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tls: + description: TLS provides the configuration required to establish + TLS connections with S3. + properties: + caSecretKeyRef: + description: |- + CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enabled: + description: Enabled is a flag to enable TLS. + type: boolean + type: object + required: + - accessKeyIdSecretKeyRef + - bucket + - endpoint + - secretAccessKeySecretKeyRef + type: object + targetRecoveryTime: + description: |- + TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective. + It is used to determine the closest restoration source in time. + format: date-time + type: string + volume: + description: Volume is a Kubernetes Volume object that contains + a backup. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in + the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to + shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external CSI + drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and + uid are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to + the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + type: object + type: object + command: + description: Command to be used in the Container. + items: + type: string + type: array + connection: + description: |- + Connection defines a template to configure the general Connection object. + This Connection provides the initial User access to the initial Database. + It will make use of the Service to route network traffic to all Pods. + properties: + healthCheck: + description: HealthCheck to be used in the Connection. + properties: + interval: + description: Interval used to perform health checks. + type: string + retryInterval: + description: RetryInterval is the interval used to perform + health check retries. + type: string + type: object + params: + additionalProperties: + type: string + description: Params to be used in the Connection. + type: object + port: + description: Port to connect to. If not provided, it defaults + to the MariaDB port or to the first MaxScale listener. + format: int32 + type: integer + secretName: + description: SecretName to be used in the Connection. + type: string + secretTemplate: + description: SecretTemplate to be used in the Connection. + properties: + databaseKey: + description: DatabaseKey to be used in the Secret. + type: string + format: + description: Format to be used in the Secret. + type: string + hostKey: + description: HostKey to be used in the Secret. + type: string + key: + description: Key to be used in the Secret. + type: string + metadata: + description: Metadata to be added to the Secret object. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + passwordKey: + description: PasswordKey to be used in the Secret. + type: string + portKey: + description: PortKey to be used in the Secret. + type: string + usernameKey: + description: UsernameKey to be used in the Secret. + type: string + type: object + serviceName: + description: ServiceName to be used in the Connection. + type: string + type: object + database: + description: Database is the name of the initial Database. + type: string + env: + description: Env represents the environment variables to be injected + in a container. + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap and + Secrets) to environment variables to be injected in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + galera: + description: Replication configures high availability via Galera. + properties: + agent: + description: GaleraAgent is a sidecar agent that co-operates with + mariadb-operator. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables to be + injected in a container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected in + the container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + gracefulShutdownTimeout: + description: GracefulShutdownTimeout is the time we give to + the agent container in order to gracefully terminate in-flight + requests. + type: string + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One + of `Always`, `Never` or `IfNotPresent`. If not defined, + it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + kubernetesAuth: + description: KubernetesAuth to be used by the agent container + properties: + authDelegatorRoleName: + description: |- + AuthDelegatorRoleName is the name of the ClusterRoleBinding that is associated with the "system:auth-delegator" ClusterRole. + It is necessary for creating TokenReview objects in order for the agent to validate the service account token. + type: string + enabled: + description: Enabled is a flag to enable KubernetesAuth + type: boolean + type: object + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + port: + description: Port where the agent will be listening for connections. + format: int32 + type: integer + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + availableWhenDonor: + description: AvailableWhenDonor indicates whether a donor node + should be responding to queries. It defaults to false. + type: boolean + config: + description: GaleraConfig defines storage options for the Galera + configuration files. + properties: + reuseStorageVolume: + description: |- + ReuseStorageVolume indicates that storage volume used by MariaDB should be reused to store the Galera configuration files. + It defaults to false, which implies that a dedicated volume for the Galera configuration files is provisioned. + type: boolean + volumeClaimTemplate: + description: VolumeClaimTemplate is a template for the PVC + that will contain the Galera configuration files shared + between the InitContainer, Agent and MariaDB. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + metadata: + description: Metadata to be added to the PVC metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + type: object + enabled: + description: Enabled is a flag to enable Galera. + type: boolean + galeraLibPath: + description: |- + GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided. + More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider. + type: string + initContainer: + description: InitContainer is an init container that runs in the + MariaDB Pod and co-operates with mariadb-operator. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables to be + injected in a container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected in + the container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One + of `Always`, `Never` or `IfNotPresent`. If not defined, + it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + initJob: + description: InitJob defines a Job that co-operates with mariadb-operator + by performing initialization tasks. + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + metadata: + description: Metadata defines additional metadata for the + bootstrap Jobs. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + primary: + description: Primary is the Galera configuration for the primary + node. + properties: + automaticFailover: + description: AutomaticFailover indicates whether the operator + should automatically update PodIndex to perform an automatic + primary failover. + type: boolean + podIndex: + description: PodIndex is the StatefulSet index of the primary + node. The user may change this field to perform a manual + switchover. + type: integer + type: object + providerOptions: + additionalProperties: + type: string + description: |- + ProviderOptions is map of Galera configuration parameters. + More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_provider_options. + type: object + recovery: + description: |- + GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy. + More info: https://galeracluster.com/library/documentation/crash-recovery.html. + properties: + clusterBootstrapTimeout: + description: |- + ClusterBootstrapTimeout is the time limit for bootstrapping a cluster. + Once this timeout is reached, the Galera recovery state is reset and a new cluster bootstrap will be attempted. + type: string + clusterHealthyTimeout: + description: |- + ClusterHealthyTimeout represents the duration at which a Galera cluster, that consistently failed health checks, + is considered unhealthy, and consequently the Galera recovery process will be initiated by the operator. + type: string + clusterMonitorInterval: + description: ClusterMonitorInterval represents the interval + used to monitor the Galera cluster health. + type: string + enabled: + description: Enabled is a flag to enable GaleraRecovery. + type: boolean + forceClusterBootstrapInPod: + description: |- + ForceClusterBootstrapInPod allows you to manually initiate the bootstrap process in a specific Pod. + IMPORTANT: Use this option only in exceptional circumstances. Not selecting the Pod with the highest sequence number may result in data loss. + IMPORTANT: Ensure you unset this field after completing the bootstrap to allow the operator to choose the appropriate Pod to bootstrap from in an event of cluster recovery. + type: string + job: + description: Job defines a Job that co-operates with mariadb-operator + by performing the Galera cluster recovery . + properties: + metadata: + description: Metadata defines additional metadata for + the Galera recovery Jobs. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podAffinity: + description: PodAffinity indicates whether the recovery + Jobs should run in the same Node as the MariaDB Pods. + It defaults to true. + type: boolean + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + minClusterSize: + anyOf: + - type: integer + - type: string + description: |- + MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%). + If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated. + It defaults to '1' replica. + x-kubernetes-int-or-string: true + podRecoveryTimeout: + description: PodRecoveryTimeout is the time limit for recevorying + the sequence of a Pod during the cluster recovery. + type: string + podSyncTimeout: + description: PodSyncTimeout is the time limit for a Pod to + join the cluster after having performed a cluster bootstrap + during the cluster recovery. + type: string + type: object + replicaThreads: + description: |- + ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel. + More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_slave_threads. + type: integer + sst: + description: |- + SST is the Snapshot State Transfer used when new Pods join the cluster. + More info: https://galeracluster.com/library/documentation/sst.html. + enum: + - rsync + - mariabackup + - mysqldump + type: string + type: object + image: + description: |- + Image name to be used by the MariaDB instances. The supported format is `:`. + Only MariaDB official images are supported. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One of `Always`, + `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: ImagePullSecrets is the list of pull Secrets to be used + to pull the image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + inheritMetadata: + description: InheritMetadata defines the metadata to be inherited + by children resources. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + initContainers: + description: InitContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables to be + injected in a container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected in the + container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One of + `Always`, `Never` or `IfNotPresent`. If not defined, it defaults + to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + maxScale: + description: |- + MaxScale is the MaxScale specification that defines the MaxScale resource to be used with the current MariaDB. + When enabling this field, MaxScaleRef is automatically set. + properties: + admin: + description: Admin configures the admin REST API and GUI. + properties: + guiEnabled: + description: GuiEnabled indicates whether the admin GUI should + be enabled. + type: boolean + port: + description: Port where the admin REST API and GUI will be + exposed. + format: int32 + type: integer + type: object + auth: + description: Auth defines the credentials required for MaxScale + to connect to MariaDB. + properties: + adminPasswordSecretKeyRef: + description: AdminPasswordSecretKeyRef is Secret key reference + to the admin password to call the admin REST API. It is + defaulted if not provided. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + adminUsername: + description: AdminUsername is an admin username to call the + admin REST API. It is defaulted if not provided. + type: string + clientMaxConnections: + description: |- + ClientMaxConnections defines the maximum number of connections that the client can establish. + If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. + It defaults to 30 times the number of MaxScale replicas. + format: int32 + type: integer + clientPasswordSecretKeyRef: + description: |- + ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientUsername: + description: ClientUsername is the user to connect to MaxScale. + It is defaulted if not provided. + type: string + deleteDefaultAdmin: + description: DeleteDefaultAdmin determines whether the default + admin user should be deleted after the initial configuration. + If not provided, it defaults to true. + type: boolean + generate: + description: |- + Generate defies whether the operator should generate users and grants for MaxScale to work. + It only supports MariaDBs specified via spec.mariaDbRef. + type: boolean + metricsPasswordSecretKeyRef: + description: |- + MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + metricsUsername: + description: MetricsUsername is an metrics username to call + the REST API. It is defaulted if metrics are enabled. + type: string + monitorMaxConnections: + description: |- + MonitorMaxConnections defines the maximum number of connections that the monitor can establish. + If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. + It defaults to 30 times the number of MaxScale replicas. + format: int32 + type: integer + monitorPasswordSecretKeyRef: + description: |- + MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + monitorUsername: + description: MonitorUsername is the user used by MaxScale + monitor to connect to MariaDB server. It is defaulted if + not provided. + type: string + serverMaxConnections: + description: |- + ServerMaxConnections defines the maximum number of connections that the server can establish. + If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. + It defaults to 30 times the number of MaxScale replicas. + format: int32 + type: integer + serverPasswordSecretKeyRef: + description: |- + ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverUsername: + description: ServerUsername is the user used by MaxScale to + connect to MariaDB server. It is defaulted if not provided. + type: string + syncMaxConnections: + description: |- + SyncMaxConnections defines the maximum number of connections that the sync can establish. + If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. + It defaults to 30 times the number of MaxScale replicas. + format: int32 + type: integer + syncPasswordSecretKeyRef: + description: |- + SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + syncUsername: + description: MonitoSyncUsernamerUsername is the user used + by MaxScale config sync to connect to MariaDB server. It + is defaulted when HA is enabled. + type: string + type: object + config: + description: Config defines the MaxScale configuration. + properties: + params: + additionalProperties: + type: string + description: |- + Params is a key value pair of parameters to be used in the MaxScale static configuration file. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#global-settings. + type: object + sync: + description: Sync defines how to replicate configuration across + MaxScale replicas. It is defaulted when HA is enabled. + properties: + database: + description: Database is the MariaDB logical database + where the 'maxscale_config' table will be created in + order to persist and synchronize config changes. If + not provided, it defaults to 'mysql'. + type: string + interval: + description: Interval defines the config synchronization + interval. It is defaulted if not provided. + type: string + timeout: + description: Interval defines the config synchronization + timeout. It is defaulted if not provided. + type: string + type: object + volumeClaimTemplate: + description: VolumeClaimTemplate provides a template to define + the PVCs for storing MaxScale runtime configuration files. + It is defaulted if not provided. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + metadata: + description: Metadata to be added to the PVC metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + type: object + connection: + description: Connection provides a template to define the Connection + for MaxScale. + properties: + healthCheck: + description: HealthCheck to be used in the Connection. + properties: + interval: + description: Interval used to perform health checks. + type: string + retryInterval: + description: RetryInterval is the interval used to perform + health check retries. + type: string + type: object + params: + additionalProperties: + type: string + description: Params to be used in the Connection. + type: object + port: + description: Port to connect to. If not provided, it defaults + to the MariaDB port or to the first MaxScale listener. + format: int32 + type: integer + secretName: + description: SecretName to be used in the Connection. + type: string + secretTemplate: + description: SecretTemplate to be used in the Connection. + properties: + databaseKey: + description: DatabaseKey to be used in the Secret. + type: string + format: + description: Format to be used in the Secret. + type: string + hostKey: + description: HostKey to be used in the Secret. + type: string + key: + description: Key to be used in the Secret. + type: string + metadata: + description: Metadata to be added to the Secret object. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + passwordKey: + description: PasswordKey to be used in the Secret. + type: string + portKey: + description: PortKey to be used in the Secret. + type: string + usernameKey: + description: UsernameKey to be used in the Secret. + type: string + type: object + serviceName: + description: ServiceName to be used in the Connection. + type: string + type: object + enabled: + description: Enabled is a flag to enable a MaxScale instance to + be used with the current MariaDB. + type: boolean + guiKubernetesService: + description: GuiKubernetesService define a template for a Kubernetes + Service object to connect to MaxScale's GUI. + properties: + allocateLoadBalancerNodePorts: + description: AllocateLoadBalancerNodePorts Service field. + type: boolean + externalTrafficPolicy: + description: ExternalTrafficPolicy Service field. + type: string + loadBalancerIP: + description: LoadBalancerIP Service field. + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges Service field. + items: + type: string + type: array + metadata: + description: Metadata to be added to the Service metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + sessionAffinity: + description: SessionAffinity Service field. + type: string + type: + default: ClusterIP + description: Type is the Service type. One of `ClusterIP`, + `NodePort` or `LoadBalancer`. If not defined, it defaults + to `ClusterIP`. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + image: + description: |- + Image name to be used by the MaxScale instances. The supported format is `:`. + Only MariaDB official images are supported. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One of + `Always`, `Never` or `IfNotPresent`. If not defined, it defaults + to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + kubernetesService: + description: KubernetesService defines a template for a Kubernetes + Service object to connect to MaxScale. + properties: + allocateLoadBalancerNodePorts: + description: AllocateLoadBalancerNodePorts Service field. + type: boolean + externalTrafficPolicy: + description: ExternalTrafficPolicy Service field. + type: string + loadBalancerIP: + description: LoadBalancerIP Service field. + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges Service field. + items: + type: string + type: array + metadata: + description: Metadata to be added to the Service metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + sessionAffinity: + description: SessionAffinity Service field. + type: string + type: + default: ClusterIP + description: Type is the Service type. One of `ClusterIP`, + `NodePort` or `LoadBalancer`. If not defined, it defaults + to `ClusterIP`. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + metrics: + description: Metrics configures metrics and how to scrape them. + properties: + enabled: + description: Enabled is a flag to enable Metrics + type: boolean + exporter: + description: Exporter defines the metrics exporter container. + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in + the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables + to be injected in a container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected + in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Image name to be used as metrics exporter. The supported format is `:`. + Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. + One of `Always`, `Never` or `IfNotPresent`. If not defined, + it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: ImagePullSecrets is the list of pull Secrets + to be used to pull the image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: InitContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables + to be injected in a container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via + ConfigMap and Secrets) to environment variables + to be injected in the container. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB + instances. The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. + One of `Always`, `Never` or `IfNotPresent`. If + not defined, it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource + requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to be used in the Pod. + type: object + podMetadata: + description: PodMetadata defines extra metadata for the + Pod. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podSecurityContext: + description: SecurityContext holds pod-level security + attributes and common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + port: + description: Port where the exporter will be listening + for connections. + format: int32 + type: integer + priorityClassName: + description: PriorityClassName to be used in the Pod. + type: string + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to be used by the Pods. + type: string + sidecarContainers: + description: SidecarContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables + to be injected in a container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via + ConfigMap and Secrets) to environment variables + to be injected in the container. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB + instances. The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. + One of `Always`, `Never` or `IfNotPresent`. If + not defined, it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource + requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX + capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + tolerations: + description: Tolerations to be used in the Pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints to be used in the + Pod. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes to be used in the Pod. + items: + description: Volume represents a named volume in a pod + that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data + Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data + disk in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk + in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: + single blob disk per storage account Managed: + azure managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File + Service mount on the host and bind mount to the + pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret + that contains Azure Storage Account Name and + Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on + the host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph tree, + default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API + about the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API + volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query + over volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding + reference to the PersistentVolume + backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and + then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun + number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver + to use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field + holds extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume + attached to a kubelet's host machine. This depends + on the Flocker control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a Flocker + dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for + the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified + Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun + number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for + iSCSI target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets + host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies + Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx + volume attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a + Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the + volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about + the configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and + uid are supported.' + properties: + apiVersion: + description: Version of + the schema the FieldPath + is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the + field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path + is the relative path name + of the file to be created. + Must not be absolute or contain + the ''..'' path. Must be utf-8 + encoded. The first item of + the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container + name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the + output format of the exposed + resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about + the secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: key is the key + to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify + whether the Secret or its key must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to + project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount + on the host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of + the ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of + the ScaleIO Protection Domain for the configured + storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage + system as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere + volume attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + serviceMonitor: + description: ServiceMonitor defines the ServiceMonior object. + properties: + interval: + description: Interval for scraping metrics. + type: string + jobLabel: + description: JobLabel to add to the ServiceMonitor object. + type: string + prometheusRelease: + description: PrometheusRelease is the release label to + add to the ServiceMonitor object. + type: string + scrapeTimeout: + description: ScrapeTimeout defines the timeout for scraping + metrics. + type: string + type: object + type: object + monitor: + description: Monitor monitors MariaDB server instances. + properties: + cooperativeMonitoring: + description: CooperativeMonitoring enables coordination between + multiple MaxScale instances running monitors. It is defaulted + when HA is enabled. + enum: + - majority_of_all + - majority_of_running + type: string + interval: + description: Interval used to monitor MariaDB servers. It + is defaulted if not provided. + type: string + module: + description: Module is the module to use to monitor MariaDB + servers. It is mandatory when no MariaDB reference is provided. + type: string + name: + description: Name is the identifier of the monitor. It is + defaulted if not provided. + type: string + params: + additionalProperties: + type: string + description: |- + Params defines extra parameters to pass to the monitor. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/. + Monitor specific parameter are also suported: + https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters. + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration. + type: object + suspend: + default: false + description: |- + Suspend indicates whether the current resource should be suspended or not. + This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. + type: boolean + type: object + podDisruptionBudget: + description: PodDisruptionBudget defines the budget for replica + availability. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: MaxUnavailable defines the number of maximum + unavailable Pods. + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: MinAvailable defines the number of minimum available + Pods. + x-kubernetes-int-or-string: true + type: object + replicas: + description: Replicas indicates the number of desired instances. + format: int32 + type: integer + requeueInterval: + description: RequeueInterval is used to perform requeue reconciliations. + type: string + services: + description: Services define how the traffic is forwarded to the + MariaDB servers. + items: + description: Services define how the traffic is forwarded to + the MariaDB servers. + properties: + listener: + description: MaxScaleListener defines how the MaxScale server + will listen for connections. + properties: + name: + description: Name is the identifier of the listener. + It is defaulted if not provided + type: string + params: + additionalProperties: + type: string + description: |- + Params defines extra parameters to pass to the listener. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1. + type: object + port: + description: Port is the network port where the MaxScale + server will listen. + format: int32 + type: integer + protocol: + description: Protocol is the MaxScale protocol to use + when communicating with the client. If not provided, + it defaults to MariaDBProtocol. + type: string + suspend: + default: false + description: |- + Suspend indicates whether the current resource should be suspended or not. + This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. + type: boolean + required: + - port + type: object + name: + description: Name is the identifier of the MaxScale service. + type: string + params: + additionalProperties: + type: string + description: |- + Params defines extra parameters to pass to the service. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1. + Router specific parameter are also suported: + https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration. + https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration. + type: object + router: + description: Router is the type of router to use. + enum: + - readwritesplit + - readconnroute + type: string + suspend: + default: false + description: |- + Suspend indicates whether the current resource should be suspended or not. + This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. + type: boolean + required: + - listener + - name + - router + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy for the + StatefulSet object. + properties: + rollingUpdate: + description: RollingUpdate is used to communicate parameters + when Type is RollingUpdateStatefulSetStrategyType. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding up. This can not be 0. + Defaults to 1. This field is alpha-level and is only honored by servers that enable the + MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to + Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it + will be counted towards MaxUnavailable. + x-kubernetes-int-or-string: true + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be partitioned + for updates. During a rolling update, all pods from ordinal Replicas-1 to + Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. + This is helpful in being able to do a canary based deployment. The default value is 0. + format: int32 + type: integer + type: object + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + type: object + maxScaleRef: + description: |- + MaxScaleRef is a reference to a MaxScale resource to be used with the current MariaDB. + Providing this field implies delegating high availability tasks such as primary failover to MaxScale. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + metrics: + description: Metrics configures metrics and how to scrape them. + properties: + enabled: + description: Enabled is a flag to enable Metrics + type: boolean + exporter: + description: Exporter defines the metrics exporter container. + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables to be + injected in a container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected in + the container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Image name to be used as metrics exporter. The supported format is `:`. + Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One + of `Always`, `Never` or `IfNotPresent`. If not defined, + it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: ImagePullSecrets is the list of pull Secrets + to be used to pull the image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: InitContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables + to be injected in a container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via + ConfigMap and Secrets) to environment variables to + be injected in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. + One of `Always`, `Never` or `IfNotPresent`. If not + defined, it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource + requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to be used in the Pod. + type: object + podMetadata: + description: PodMetadata defines extra metadata for the Pod. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podSecurityContext: + description: SecurityContext holds pod-level security attributes + and common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + port: + description: Port where the exporter will be listening for + connections. + format: int32 + type: integer + priorityClassName: + description: PriorityClassName to be used in the Pod. + type: string + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to be used by the Pods. + type: string + sidecarContainers: + description: SidecarContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables + to be injected in a container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via + ConfigMap and Secrets) to environment variables to + be injected in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. + One of `Always`, `Never` or `IfNotPresent`. If not + defined, it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource + requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + tolerations: + description: Tolerations to be used in the Pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints to be used in the Pod. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes to be used in the Pod. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + passwordSecretKeyRef: + description: |- + PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serviceMonitor: + description: ServiceMonitor defines the ServiceMonior object. + properties: + interval: + description: Interval for scraping metrics. + type: string + jobLabel: + description: JobLabel to add to the ServiceMonitor object. + type: string + prometheusRelease: + description: PrometheusRelease is the release label to add + to the ServiceMonitor object. + type: string + scrapeTimeout: + description: ScrapeTimeout defines the timeout for scraping + metrics. + type: string + type: object + username: + description: Username is the username of the monitoring user used + by the exporter. + type: string + type: object + myCnf: + description: |- + MyCnf allows to specify the my.cnf file mounted by Mariadb. + Updating this field will trigger an update to the Mariadb resource. + type: string + myCnfConfigMapKeyRef: + description: |- + MyCnfConfigMapKeyRef is a reference to the my.cnf config file provided via a ConfigMap. + If not provided, it will be defaulted with a reference to a ConfigMap containing the MyCnf field. + If the referred ConfigMap is labeled with "k8s.mariadb.com/watch", an update to the Mariadb resource will be triggered when the ConfigMap is updated. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to be used in the Pod. + type: object + passwordHashSecretKeyRef: + description: |- + PasswordHashSecretKeyRef is a reference to the password hash to be used by the initial User. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + passwordPlugin: + description: PasswordPlugin is a reference to the password plugin + and arguments to be used by the initial User. + properties: + pluginArgSecretKeyRef: + description: |- + PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + pluginNameSecretKeyRef: + description: |- + PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + passwordSecretKeyRef: + description: |- + PasswordSecretKeyRef is a reference to a Secret that contains the password to be used by the initial User. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should be generated + if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + podDisruptionBudget: + description: PodDisruptionBudget defines the budget for replica availability. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: MaxUnavailable defines the number of maximum unavailable + Pods. + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: MinAvailable defines the number of minimum available + Pods. + x-kubernetes-int-or-string: true + type: object + podMetadata: + description: PodMetadata defines extra metadata for the Pod. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podSecurityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + port: + default: 3306 + description: Port where the instances will be listening for connections. + format: int32 + type: integer + primaryConnection: + description: |- + PrimaryConnection defines a template to configure the primary Connection object. + This Connection provides the initial User access to the initial Database. + It will make use of the PrimaryService to route network traffic to the primary Pod. + properties: + healthCheck: + description: HealthCheck to be used in the Connection. + properties: + interval: + description: Interval used to perform health checks. + type: string + retryInterval: + description: RetryInterval is the interval used to perform + health check retries. + type: string + type: object + params: + additionalProperties: + type: string + description: Params to be used in the Connection. + type: object + port: + description: Port to connect to. If not provided, it defaults + to the MariaDB port or to the first MaxScale listener. + format: int32 + type: integer + secretName: + description: SecretName to be used in the Connection. + type: string + secretTemplate: + description: SecretTemplate to be used in the Connection. + properties: + databaseKey: + description: DatabaseKey to be used in the Secret. + type: string + format: + description: Format to be used in the Secret. + type: string + hostKey: + description: HostKey to be used in the Secret. + type: string + key: + description: Key to be used in the Secret. + type: string + metadata: + description: Metadata to be added to the Secret object. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + passwordKey: + description: PasswordKey to be used in the Secret. + type: string + portKey: + description: PortKey to be used in the Secret. + type: string + usernameKey: + description: UsernameKey to be used in the Secret. + type: string + type: object + serviceName: + description: ServiceName to be used in the Connection. + type: string + type: object + primaryService: + description: |- + PrimaryService defines a template to configure the primary Service object. + The network traffic of this Service will be routed to the primary Pod. + properties: + allocateLoadBalancerNodePorts: + description: AllocateLoadBalancerNodePorts Service field. + type: boolean + externalTrafficPolicy: + description: ExternalTrafficPolicy Service field. + type: string + loadBalancerIP: + description: LoadBalancerIP Service field. + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges Service field. + items: + type: string + type: array + metadata: + description: Metadata to be added to the Service metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + sessionAffinity: + description: SessionAffinity Service field. + type: string + type: + default: ClusterIP + description: Type is the Service type. One of `ClusterIP`, `NodePort` + or `LoadBalancer`. If not defined, it defaults to `ClusterIP`. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + priorityClassName: + description: PriorityClassName to be used in the Pod. + type: string + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + replicas: + default: 1 + description: Replicas indicates the number of desired instances. + format: int32 + type: integer + replicasAllowEvenNumber: + default: false + description: disables the validation check for an odd number of replicas. + type: boolean + replication: + description: Replication configures high availability via replication. + This feature is still in alpha, use Galera if you are looking for + a more production-ready HA. + properties: + enabled: + description: Enabled is a flag to enable Replication. + type: boolean + primary: + description: Primary is the replication configuration for the + primary node. + properties: + automaticFailover: + description: AutomaticFailover indicates whether the operator + should automatically update PodIndex to perform an automatic + primary failover. + type: boolean + podIndex: + description: PodIndex is the StatefulSet index of the primary + node. The user may change this field to perform a manual + switchover. + type: integer + type: object + probesEnabled: + description: |- + ProbesEnabled indicates to use replication specific liveness and readiness probes. + This probes check that the primary can receive queries and that the replica has the replication thread running. + type: boolean + replica: + description: ReplicaReplication is the replication configuration + for the replica nodes. + properties: + connectionRetries: + description: ConnectionRetries to be used when the replica + connects to the primary. + type: integer + connectionTimeout: + description: ConnectionTimeout to be used when the replica + connects to the primary. + type: string + gtid: + description: |- + Gtid indicates which Global Transaction ID should be used when connecting a replica to the master. + See: https://mariadb.com/kb/en/gtid/#using-current_pos-vs-slave_pos. + enum: + - CurrentPos + - SlavePos + type: string + replPasswordSecretKeyRef: + description: ReplPasswordSecretKeyRef provides a reference + to the Secret to use as password for the replication user. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + syncTimeout: + description: |- + SyncTimeout defines the timeout for a replica to be synced with the primary when performing a primary switchover. + If the timeout is reached, the replica GTID will be reset and the switchover will continue. + type: string + waitPoint: + description: |- + WaitPoint defines whether the transaction should wait for ACK before committing to the storage engine. + More info: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point. + enum: + - AfterSync + - AfterCommit + type: string + type: object + syncBinlog: + description: |- + SyncBinlog indicates whether the binary log should be synchronized to the disk after every event. + It trades off performance for consistency. + See: https://mariadb.com/kb/en/replication-and-binary-log-system-variables/#sync_binlog. + type: boolean + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + rootEmptyPassword: + description: RootEmptyPassword indicates if the root password should + be empty. Don't use this feature in production, it is only intended + for development and test environments. + type: boolean + rootPasswordSecretKeyRef: + description: RootPasswordSecretKeyRef is a reference to a Secret key + containing the root password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should be generated + if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secondaryConnection: + description: |- + SecondaryConnection defines a template to configure the secondary Connection object. + This Connection provides the initial User access to the initial Database. + It will make use of the SecondaryService to route network traffic to the secondary Pods. + properties: + healthCheck: + description: HealthCheck to be used in the Connection. + properties: + interval: + description: Interval used to perform health checks. + type: string + retryInterval: + description: RetryInterval is the interval used to perform + health check retries. + type: string + type: object + params: + additionalProperties: + type: string + description: Params to be used in the Connection. + type: object + port: + description: Port to connect to. If not provided, it defaults + to the MariaDB port or to the first MaxScale listener. + format: int32 + type: integer + secretName: + description: SecretName to be used in the Connection. + type: string + secretTemplate: + description: SecretTemplate to be used in the Connection. + properties: + databaseKey: + description: DatabaseKey to be used in the Secret. + type: string + format: + description: Format to be used in the Secret. + type: string + hostKey: + description: HostKey to be used in the Secret. + type: string + key: + description: Key to be used in the Secret. + type: string + metadata: + description: Metadata to be added to the Secret object. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + passwordKey: + description: PasswordKey to be used in the Secret. + type: string + portKey: + description: PortKey to be used in the Secret. + type: string + usernameKey: + description: UsernameKey to be used in the Secret. + type: string + type: object + serviceName: + description: ServiceName to be used in the Connection. + type: string + type: object + secondaryService: + description: |- + SecondaryService defines a template to configure the secondary Service object. + The network traffic of this Service will be routed to the secondary Pods. + properties: + allocateLoadBalancerNodePorts: + description: AllocateLoadBalancerNodePorts Service field. + type: boolean + externalTrafficPolicy: + description: ExternalTrafficPolicy Service field. + type: string + loadBalancerIP: + description: LoadBalancerIP Service field. + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges Service field. + items: + type: string + type: array + metadata: + description: Metadata to be added to the Service metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + sessionAffinity: + description: SessionAffinity Service field. + type: string + type: + default: ClusterIP + description: Type is the Service type. One of `ClusterIP`, `NodePort` + or `LoadBalancer`. If not defined, it defaults to `ClusterIP`. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + securityContext: + description: SecurityContext holds security configuration that will + be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + service: + description: |- + Service defines a template to configure the general Service object. + The network traffic of this Service will be routed to all Pods. + properties: + allocateLoadBalancerNodePorts: + description: AllocateLoadBalancerNodePorts Service field. + type: boolean + externalTrafficPolicy: + description: ExternalTrafficPolicy Service field. + type: string + loadBalancerIP: + description: LoadBalancerIP Service field. + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges Service field. + items: + type: string + type: array + metadata: + description: Metadata to be added to the Service metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + sessionAffinity: + description: SessionAffinity Service field. + type: string + type: + default: ClusterIP + description: Type is the Service type. One of `ClusterIP`, `NodePort` + or `LoadBalancer`. If not defined, it defaults to `ClusterIP`. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to be used by the Pods. + type: string + sidecarContainers: + description: SidecarContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables to be + injected in a container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected in the + container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One of + `Always`, `Never` or `IfNotPresent`. If not defined, it defaults + to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + storage: + description: Storage defines the storage options to be used for provisioning + the PVCs mounted by MariaDB. + properties: + ephemeral: + description: Ephemeral indicates whether to use ephemeral storage + in the PVCs. It is only compatible with non HA MariaDBs. + type: boolean + resizeInUseVolumes: + description: |- + ResizeInUseVolumes indicates whether the PVCs can be resized. The 'StorageClassName' used should have 'allowVolumeExpansion' set to 'true' to allow resizing. + It defaults to true. + type: boolean + size: + anyOf: + - type: integer + - type: string + description: Size of the PVCs to be mounted by MariaDB. Required + if not provided in 'VolumeClaimTemplate'. It superseeds the + storage size specified in 'VolumeClaimTemplate'. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClassName: + description: |- + StorageClassName to be used to provision the PVCS. It superseeds the 'StorageClassName' specified in 'VolumeClaimTemplate'. + If not provided, the default 'StorageClass' configured in the cluster is used. + type: string + volumeClaimTemplate: + description: VolumeClaimTemplate provides a template to define + the PVCs. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + metadata: + description: Metadata to be added to the PVC metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + waitForVolumeResize: + description: |- + WaitForVolumeResize indicates whether to wait for the PVCs to be resized before marking the MariaDB object as ready. This will block other operations such as cluster recovery while the resize is in progress. + It defaults to true. + type: boolean + type: object + suspend: + default: false + description: |- + Suspend indicates whether the current resource should be suspended or not. + This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. + type: boolean + timeZone: + description: TimeZone sets the default timezone. If not provided, + it defaults to SYSTEM and the timezone data is not loaded. + type: string + tolerations: + description: Tolerations to be used in the Pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints to be used in the Pod. + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines how a MariaDB resource is updated. + properties: + rollingUpdate: + description: RollingUpdate defines parameters for the RollingUpdate + type. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding up. This can not be 0. + Defaults to 1. This field is alpha-level and is only honored by servers that enable the + MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to + Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it + will be counted towards MaxUnavailable. + x-kubernetes-int-or-string: true + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be partitioned + for updates. During a rolling update, all pods from ordinal Replicas-1 to + Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. + This is helpful in being able to do a canary based deployment. The default value is 0. + format: int32 + type: integer + type: object + type: + default: ReplicasFirstPrimaryLast + description: Type defines the type of updates. One of `ReplicasFirstPrimaryLast`, + `RollingUpdate` or `OnDelete`. If not defined, it defaults to + `ReplicasFirstPrimaryLast`. + enum: + - ReplicasFirstPrimaryLast + - RollingUpdate + - OnDelete + type: string + type: object + username: + description: |- + Username is the initial username to be created by the operator once MariaDB is ready. It has all privileges on the initial database. + The initial User will have ALL PRIVILEGES in the initial Database. + type: string + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes to be used in the Pod. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + x-kubernetes-validations: + - message: 'An odd number of MariaDB instances (mariadb.spec.replicas) + is required to avoid split brain situations. Use ''mariadb.spec.replicasAllowEvenNumber: + true'' to disable this validation.' + rule: self.replicas %2 == 1 || self.replicasAllowEvenNumber + status: + description: MariaDBStatus defines the observed state of MariaDB + properties: + conditions: + description: Conditions for the Mariadb object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + currentPrimary: + description: CurrentPrimary is the primary Pod. + type: string + currentPrimaryPodIndex: + description: CurrentPrimaryPodIndex is the primary Pod index. + type: integer + galeraRecovery: + description: GaleraRecovery is the Galera recovery current state. + properties: + bootstrap: + description: Bootstrap indicates when and in which Pod the cluster + bootstrap process has been performed. + properties: + pod: + type: string + time: + format: date-time + type: string + type: object + podsRestarted: + description: PodsRestarted that the Pods have been restarted after + the cluster bootstrap. + type: boolean + recovered: + additionalProperties: + properties: + seqno: + type: integer + uuid: + type: string + required: + - seqno + - uuid + type: object + description: State is a per Pod representation of the sequence + recovery process. + type: object + state: + additionalProperties: + properties: + safeToBootstrap: + type: boolean + seqno: + type: integer + uuid: + type: string + version: + type: string + required: + - safeToBootstrap + - seqno + - uuid + - version + type: object + description: State is a per Pod representation of the Galera state + file (grastate.dat). + type: object + type: object + replicas: + description: Replicas indicates the number of current instances. + format: int32 + type: integer + replicationStatus: + additionalProperties: + type: string + description: ReplicationStatus is the replication current state for + each Pod. + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_maxscales.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_maxscales.yaml new file mode 100644 index 00000000000..73a8cfd0a17 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_maxscales.yaml @@ -0,0 +1,12472 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: maxscales.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: MaxScale + listKind: MaxScaleList + plural: maxscales + shortNames: + - mxs + singular: maxscale + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .status.primaryServer + name: Primary Server + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: MaxScale is the Schema for the maxscales API. It is used to define + MaxScale clusters. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MaxScaleSpec defines the desired state of MaxScale. + properties: + admin: + description: Admin configures the admin REST API and GUI. + properties: + guiEnabled: + description: GuiEnabled indicates whether the admin GUI should + be enabled. + type: boolean + port: + description: Port where the admin REST API and GUI will be exposed. + format: int32 + type: integer + type: object + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + auth: + description: Auth defines the credentials required for MaxScale to + connect to MariaDB. + properties: + adminPasswordSecretKeyRef: + description: AdminPasswordSecretKeyRef is Secret key reference + to the admin password to call the admin REST API. It is defaulted + if not provided. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + adminUsername: + description: AdminUsername is an admin username to call the admin + REST API. It is defaulted if not provided. + type: string + clientMaxConnections: + description: |- + ClientMaxConnections defines the maximum number of connections that the client can establish. + If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. + It defaults to 30 times the number of MaxScale replicas. + format: int32 + type: integer + clientPasswordSecretKeyRef: + description: |- + ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + clientUsername: + description: ClientUsername is the user to connect to MaxScale. + It is defaulted if not provided. + type: string + deleteDefaultAdmin: + description: DeleteDefaultAdmin determines whether the default + admin user should be deleted after the initial configuration. + If not provided, it defaults to true. + type: boolean + generate: + description: |- + Generate defies whether the operator should generate users and grants for MaxScale to work. + It only supports MariaDBs specified via spec.mariaDbRef. + type: boolean + metricsPasswordSecretKeyRef: + description: |- + MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + metricsUsername: + description: MetricsUsername is an metrics username to call the + REST API. It is defaulted if metrics are enabled. + type: string + monitorMaxConnections: + description: |- + MonitorMaxConnections defines the maximum number of connections that the monitor can establish. + If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. + It defaults to 30 times the number of MaxScale replicas. + format: int32 + type: integer + monitorPasswordSecretKeyRef: + description: |- + MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + monitorUsername: + description: MonitorUsername is the user used by MaxScale monitor + to connect to MariaDB server. It is defaulted if not provided. + type: string + serverMaxConnections: + description: |- + ServerMaxConnections defines the maximum number of connections that the server can establish. + If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. + It defaults to 30 times the number of MaxScale replicas. + format: int32 + type: integer + serverPasswordSecretKeyRef: + description: |- + ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverUsername: + description: ServerUsername is the user used by MaxScale to connect + to MariaDB server. It is defaulted if not provided. + type: string + syncMaxConnections: + description: |- + SyncMaxConnections defines the maximum number of connections that the sync can establish. + If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections. + It defaults to 30 times the number of MaxScale replicas. + format: int32 + type: integer + syncPasswordSecretKeyRef: + description: |- + SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + generate: + default: false + description: Generate indicates whether the Secret should + be generated if the Secret referenced is not present. + type: boolean + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + syncUsername: + description: MonitoSyncUsernamerUsername is the user used by MaxScale + config sync to connect to MariaDB server. It is defaulted when + HA is enabled. + type: string + type: object + command: + description: Command to be used in the Container. + items: + type: string + type: array + config: + description: Config defines the MaxScale configuration. + properties: + params: + additionalProperties: + type: string + description: |- + Params is a key value pair of parameters to be used in the MaxScale static configuration file. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#global-settings. + type: object + sync: + description: Sync defines how to replicate configuration across + MaxScale replicas. It is defaulted when HA is enabled. + properties: + database: + description: Database is the MariaDB logical database where + the 'maxscale_config' table will be created in order to + persist and synchronize config changes. If not provided, + it defaults to 'mysql'. + type: string + interval: + description: Interval defines the config synchronization interval. + It is defaulted if not provided. + type: string + timeout: + description: Interval defines the config synchronization timeout. + It is defaulted if not provided. + type: string + type: object + volumeClaimTemplate: + description: VolumeClaimTemplate provides a template to define + the PVCs for storing MaxScale runtime configuration files. It + is defaulted if not provided. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + metadata: + description: Metadata to be added to the PVC metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + type: object + connection: + description: Connection provides a template to define the Connection + for MaxScale. + properties: + healthCheck: + description: HealthCheck to be used in the Connection. + properties: + interval: + description: Interval used to perform health checks. + type: string + retryInterval: + description: RetryInterval is the interval used to perform + health check retries. + type: string + type: object + params: + additionalProperties: + type: string + description: Params to be used in the Connection. + type: object + port: + description: Port to connect to. If not provided, it defaults + to the MariaDB port or to the first MaxScale listener. + format: int32 + type: integer + secretName: + description: SecretName to be used in the Connection. + type: string + secretTemplate: + description: SecretTemplate to be used in the Connection. + properties: + databaseKey: + description: DatabaseKey to be used in the Secret. + type: string + format: + description: Format to be used in the Secret. + type: string + hostKey: + description: HostKey to be used in the Secret. + type: string + key: + description: Key to be used in the Secret. + type: string + metadata: + description: Metadata to be added to the Secret object. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + passwordKey: + description: PasswordKey to be used in the Secret. + type: string + portKey: + description: PortKey to be used in the Secret. + type: string + usernameKey: + description: UsernameKey to be used in the Secret. + type: string + type: object + serviceName: + description: ServiceName to be used in the Connection. + type: string + type: object + env: + description: Env represents the environment variables to be injected + in a container. + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap and + Secrets) to environment variables to be injected in the container. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in + the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + guiKubernetesService: + description: GuiKubernetesService defines a template for a Kubernetes + Service object to connect to MaxScale's GUI. + properties: + allocateLoadBalancerNodePorts: + description: AllocateLoadBalancerNodePorts Service field. + type: boolean + externalTrafficPolicy: + description: ExternalTrafficPolicy Service field. + type: string + loadBalancerIP: + description: LoadBalancerIP Service field. + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges Service field. + items: + type: string + type: array + metadata: + description: Metadata to be added to the Service metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + sessionAffinity: + description: SessionAffinity Service field. + type: string + type: + default: ClusterIP + description: Type is the Service type. One of `ClusterIP`, `NodePort` + or `LoadBalancer`. If not defined, it defaults to `ClusterIP`. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + image: + description: |- + Image name to be used by the MaxScale instances. The supported format is `:`. + Only MaxScale official images are supported. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One of `Always`, + `Never` or `IfNotPresent`. If not defined, it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: ImagePullSecrets is the list of pull Secrets to be used + to pull the image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + inheritMetadata: + description: InheritMetadata defines the metadata to be inherited + by children resources. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + initContainers: + description: InitContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables to be + injected in a container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected in the + container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One of + `Always`, `Never` or `IfNotPresent`. If not defined, it defaults + to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + kubernetesService: + description: KubernetesService defines a template for a Kubernetes + Service object to connect to MaxScale. + properties: + allocateLoadBalancerNodePorts: + description: AllocateLoadBalancerNodePorts Service field. + type: boolean + externalTrafficPolicy: + description: ExternalTrafficPolicy Service field. + type: string + loadBalancerIP: + description: LoadBalancerIP Service field. + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges Service field. + items: + type: string + type: array + metadata: + description: Metadata to be added to the Service metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + sessionAffinity: + description: SessionAffinity Service field. + type: string + type: + default: ClusterIP + description: Type is the Service type. One of `ClusterIP`, `NodePort` + or `LoadBalancer`. If not defined, it defaults to `ClusterIP`. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + type: object + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + mariaDbRef: + description: MariaDBRef is a reference to the MariaDB that MaxScale + points to. It is used to initialize the servers field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + waitForIt: + default: true + description: WaitForIt indicates whether the controller using + this reference should wait for MariaDB to be ready. + type: boolean + type: object + x-kubernetes-map-type: atomic + metrics: + description: Metrics configures metrics and how to scrape them. + properties: + enabled: + description: Enabled is a flag to enable Metrics + type: boolean + exporter: + description: Exporter defines the metrics exporter container. + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables to be + injected in a container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected in + the container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Image name to be used as metrics exporter. The supported format is `:`. + Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One + of `Always`, `Never` or `IfNotPresent`. If not defined, + it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: ImagePullSecrets is the list of pull Secrets + to be used to pull the image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: InitContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables + to be injected in a container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via + ConfigMap and Secrets) to environment variables to + be injected in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. + One of `Always`, `Never` or `IfNotPresent`. If not + defined, it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource + requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to be used in the Pod. + type: object + podMetadata: + description: PodMetadata defines extra metadata for the Pod. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podSecurityContext: + description: SecurityContext holds pod-level security attributes + and common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + port: + description: Port where the exporter will be listening for + connections. + format: int32 + type: integer + priorityClassName: + description: PriorityClassName to be used in the Pod. + type: string + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to be used by the Pods. + type: string + sidecarContainers: + description: SidecarContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables + to be injected in a container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via + ConfigMap and Secrets) to environment variables to + be injected in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. + One of `Always`, `Never` or `IfNotPresent`. If not + defined, it defaults to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource + requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + tolerations: + description: Tolerations to be used in the Pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints to be used in the Pod. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes to be used in the Pod. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + serviceMonitor: + description: ServiceMonitor defines the ServiceMonior object. + properties: + interval: + description: Interval for scraping metrics. + type: string + jobLabel: + description: JobLabel to add to the ServiceMonitor object. + type: string + prometheusRelease: + description: PrometheusRelease is the release label to add + to the ServiceMonitor object. + type: string + scrapeTimeout: + description: ScrapeTimeout defines the timeout for scraping + metrics. + type: string + type: object + type: object + monitor: + description: Monitor monitors MariaDB server instances. It is required + if 'spec.mariaDbRef' is not provided. + properties: + cooperativeMonitoring: + description: CooperativeMonitoring enables coordination between + multiple MaxScale instances running monitors. It is defaulted + when HA is enabled. + enum: + - majority_of_all + - majority_of_running + type: string + interval: + description: Interval used to monitor MariaDB servers. It is defaulted + if not provided. + type: string + module: + description: Module is the module to use to monitor MariaDB servers. + It is mandatory when no MariaDB reference is provided. + type: string + name: + description: Name is the identifier of the monitor. It is defaulted + if not provided. + type: string + params: + additionalProperties: + type: string + description: |- + Params defines extra parameters to pass to the monitor. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/. + Monitor specific parameter are also suported: + https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters. + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration. + type: object + suspend: + default: false + description: |- + Suspend indicates whether the current resource should be suspended or not. + This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. + type: boolean + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to be used in the Pod. + type: object + podDisruptionBudget: + description: PodDisruptionBudget defines the budget for replica availability. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: MaxUnavailable defines the number of maximum unavailable + Pods. + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + description: MinAvailable defines the number of minimum available + Pods. + x-kubernetes-int-or-string: true + type: object + podMetadata: + description: PodMetadata defines extra metadata for the Pod. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podSecurityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName to be used in the Pod. + type: string + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number must + be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows + repeated headers. + items: + description: HTTPHeader describes a custom header to be + used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + replicas: + default: 1 + description: Replicas indicates the number of desired instances. + format: int32 + type: integer + requeueInterval: + description: RequeueInterval is used to perform requeue reconciliations. + If not defined, it defaults to 10s. + type: string + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that will + be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + servers: + description: Servers are the MariaDB servers to forward traffic to. + It is required if 'spec.mariaDbRef' is not provided. + items: + description: MaxScaleServer defines a MariaDB server to forward + traffic to. + properties: + address: + description: Address is the network address of the MariaDB server. + type: string + maintenance: + description: Maintenance indicates whether the server is in + maintenance mode. + type: boolean + name: + description: Name is the identifier of the MariaDB server. + type: string + params: + additionalProperties: + type: string + description: |- + Params defines extra parameters to pass to the server. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#server_1. + type: object + port: + description: Port is the network port of the MariaDB server. + If not provided, it defaults to 3306. + format: int32 + type: integer + protocol: + description: Protocol is the MaxScale protocol to use when communicating + with this MariaDB server. If not provided, it defaults to + MariaDBBackend. + type: string + required: + - address + - name + type: object + type: array + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to be used by the Pods. + type: string + services: + description: Services define how the traffic is forwarded to the MariaDB + servers. It is defaulted if not provided. + items: + description: Services define how the traffic is forwarded to the + MariaDB servers. + properties: + listener: + description: MaxScaleListener defines how the MaxScale server + will listen for connections. + properties: + name: + description: Name is the identifier of the listener. It + is defaulted if not provided + type: string + params: + additionalProperties: + type: string + description: |- + Params defines extra parameters to pass to the listener. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1. + type: object + port: + description: Port is the network port where the MaxScale + server will listen. + format: int32 + type: integer + protocol: + description: Protocol is the MaxScale protocol to use when + communicating with the client. If not provided, it defaults + to MariaDBProtocol. + type: string + suspend: + default: false + description: |- + Suspend indicates whether the current resource should be suspended or not. + This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. + type: boolean + required: + - port + type: object + name: + description: Name is the identifier of the MaxScale service. + type: string + params: + additionalProperties: + type: string + description: |- + Params defines extra parameters to pass to the service. + Any parameter supported by MaxScale may be specified here. See reference: + https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1. + Router specific parameter are also suported: + https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration. + https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration. + type: object + router: + description: Router is the type of router to use. + enum: + - readwritesplit + - readconnroute + type: string + suspend: + default: false + description: |- + Suspend indicates whether the current resource should be suspended or not. + This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. + type: boolean + required: + - listener + - name + - router + type: object + type: array + sidecarContainers: + description: SidecarContainers to be used in the Pod. + items: + description: Container object definition. + properties: + args: + description: Args to be used in the Container. + items: + type: string + type: array + command: + description: Command to be used in the Container. + items: + type: string + type: array + env: + description: Env represents the environment variables to be + injected in a container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom represents the references (via ConfigMap + and Secrets) to environment variables to be injected in the + container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Image name to be used by the MariaDB instances. + The supported format is `:`. + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy. One of + `Always`, `Never` or `IfNotPresent`. If not defined, it defaults + to `IfNotPresent`. + enum: + - Always + - Never + - IfNotPresent + type: string + livenessProbe: + description: LivenessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + readinessProbe: + description: ReadinessProbe to be used in the Container. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that + will be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object + type: array + suspend: + default: false + description: |- + Suspend indicates whether the current resource should be suspended or not. + This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities. + type: boolean + tolerations: + description: Tolerations to be used in the Pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints to be used in the Pod. + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy for the StatefulSet + object. + properties: + rollingUpdate: + description: RollingUpdate is used to communicate parameters when + Type is RollingUpdateStatefulSetStrategyType. + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Absolute number is calculated from percentage by rounding up. This can not be 0. + Defaults to 1. This field is alpha-level and is only honored by servers that enable the + MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to + Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it + will be counted towards MaxUnavailable. + x-kubernetes-int-or-string: true + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be partitioned + for updates. During a rolling update, all pods from ordinal Replicas-1 to + Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. + This is helpful in being able to do a canary based deployment. The default value is 0. + format: int32 + type: integer + type: object + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + volumeMounts: + description: VolumeMounts to be used in the Container. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes to be used in the Pod. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name, namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + status: + description: MaxScaleStatus defines the observed state of MaxScale + properties: + conditions: + description: Conditions for the MaxScale object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + configSync: + description: ConfigSync is the state of config sync. + properties: + databaseVersion: + type: integer + maxScaleVersion: + type: integer + required: + - databaseVersion + - maxScaleVersion + type: object + listeners: + description: Listeners is the state of the listeners in the MaxScale + API. + items: + description: MaxScaleResourceStatus indicates whether the resource + is in a given state. + properties: + name: + type: string + state: + type: string + required: + - name + - state + type: object + type: array + monitor: + description: Monitor is the state of the monitor in the MaxScale API. + properties: + name: + type: string + state: + type: string + required: + - name + - state + type: object + primaryServer: + description: PrimaryServer is the primary server in the MaxScale API. + type: string + replicas: + description: Replicas indicates the number of current instances. + format: int32 + type: integer + servers: + description: Servers is the state of the servers in the MaxScale API. + items: + description: MaxScaleAPIStatus is the state of the servers in the + MaxScale API. + properties: + name: + type: string + state: + type: string + required: + - name + - state + type: object + type: array + services: + description: Services is the state of the services in the MaxScale + API. + items: + description: MaxScaleResourceStatus indicates whether the resource + is in a given state. + properties: + name: + type: string + state: + type: string + required: + - name + - state + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_restores.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_restores.yaml new file mode 100644 index 00000000000..223d3fbc87d --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_restores.yaml @@ -0,0 +1,3592 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: restores.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: Restore + listKind: RestoreList + plural: restores + shortNames: + - rmdb + singular: restore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Complete")].status + name: Complete + type: string + - jsonPath: .status.conditions[?(@.type=="Complete")].message + name: Status + type: string + - jsonPath: .spec.mariaDbRef.name + name: MariaDB + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API. It is used to define + restore jobs and its restoration source. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of restore + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + backoffLimit: + default: 5 + description: BackoffLimit defines the maximum number of attempts to + successfully perform a Backup. + format: int32 + type: integer + backupRef: + description: BackupRef is a reference to a Backup object. It has priority + over S3 and Volume. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + database: + description: |- + Database defines the logical database to be restored. If not provided, all databases available in the backup are restored. + IMPORTANT: The database must previously exist. + type: string + imagePullSecrets: + description: ImagePullSecrets is the list of pull Secrets to be used + to pull the image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + inheritMetadata: + description: InheritMetadata defines the metadata to be inherited + by children resources. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + logLevel: + default: info + description: LogLevel to be used n the Backup Job. It defaults to + 'info'. + type: string + mariaDbRef: + description: MariaDBRef is a reference to a MariaDB object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + waitForIt: + default: true + description: WaitForIt indicates whether the controller using + this reference should wait for MariaDB to be ready. + type: boolean + type: object + x-kubernetes-map-type: atomic + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to be used in the Pod. + type: object + podMetadata: + description: PodMetadata defines extra metadata for the Pod. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podSecurityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName to be used in the Pod. + type: string + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + default: OnFailure + description: RestartPolicy to be added to the Backup Job. + enum: + - Always + - OnFailure + - Never + type: string + s3: + description: S3 defines the configuration to restore backups from + a S3 compatible storage. It has priority over Volume. + properties: + accessKeyIdSecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret + key containing the S3 access key id. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + bucket: + description: Bucket is the name Name of the bucket to store backups. + type: string + endpoint: + description: Endpoint is the S3 API endpoint without scheme. + type: string + prefix: + description: 'Prefix indicates a folder/subfolder in the bucket. + For example: mariadb/ or mariadb/backups. A trailing slash ''/'' + is added if not provided.' + type: string + region: + description: Region is the S3 region name to use. + type: string + secretAccessKeySecretKeyRef: + description: AccessKeyIdSecretKeyRef is a reference to a Secret + key containing the S3 secret key. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + sessionTokenSecretKeyRef: + description: SessionTokenSecretKeyRef is a reference to a Secret + key containing the S3 session token. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + tls: + description: TLS provides the configuration required to establish + TLS connections with S3. + properties: + caSecretKeyRef: + description: |- + CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3. + By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enabled: + description: Enabled is a flag to enable TLS. + type: boolean + type: object + required: + - accessKeyIdSecretKeyRef + - bucket + - endpoint + - secretAccessKeySecretKeyRef + type: object + securityContext: + description: SecurityContext holds security configuration that will + be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to be used by the Pods. + type: string + targetRecoveryTime: + description: |- + TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective. + It is used to determine the closest restoration source in time. + format: date-time + type: string + tolerations: + description: Tolerations to be used in the Pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + volume: + description: Volume is a Kubernetes Volume object that contains a + backup. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob storage + type: string + fsType: + default: ext4 + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple blob + disks per storage account Dedicated: single blob disk per + storage account Managed: azure managed data disk (only + in managed availability set). defaults to shared' + type: string + readOnly: + default: false + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name + of the file to be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 encoded. The + first item of the relative path must not start with + ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is attached + to a kubelet's host machine and then exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for this + volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to a + kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + image: + description: |- + image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + The volume is resolved at pod startup depending on which PullPolicy value is provided: + + - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + + The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + The volume will be mounted read-only (ro) and non-executable files (noexec). + Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + properties: + pullPolicy: + description: |- + Policy for pulling OCI objects. Possible values are: + Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + type: string + reference: + description: |- + Required: Image or artifact reference to be used. + Behaves in the same way as pod.spec.containers[*].image. + Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + default: default + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root + to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host that + shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + default: /etc/ceph/keyring + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + default: xfs + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO API + Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO Protection + Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + default: ThinProvisioned + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as configured + in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based Management + (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + type: object + required: + - mariaDbRef + type: object + status: + description: RestoreStatus defines the observed state of restore + properties: + conditions: + description: Conditions for the Restore object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_sqljobs.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_sqljobs.yaml new file mode 100644 index 00000000000..cc489b8c200 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_sqljobs.yaml @@ -0,0 +1,1790 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: sqljobs.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: SqlJob + listKind: SqlJobList + plural: sqljobs + shortNames: + - smdb + singular: sqljob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Complete")].status + name: Complete + type: string + - jsonPath: .status.conditions[?(@.type=="Complete")].message + name: Status + type: string + - jsonPath: .spec.mariaDbRef.name + name: MariaDB + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: SqlJob is the Schema for the sqljobs API. It is used to run sql + scripts as jobs. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SqlJobSpec defines the desired state of SqlJob + properties: + affinity: + description: Affinity to be used in the Pod. + properties: + antiAffinityEnabled: + description: |- + AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA. + Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods. + type: boolean + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + description: Args to be used in the Container. + items: + type: string + type: array + backoffLimit: + default: 5 + description: BackoffLimit defines the maximum number of attempts to + successfully execute a SqlJob. + format: int32 + type: integer + database: + description: Username to be used when executing the SqlJob. + type: string + dependsOn: + description: DependsOn defines dependencies with other SqlJob objectecs. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + failedJobsHistoryLimit: + description: FailedJobsHistoryLimit defines the maximum number of + failed Jobs to be displayed. + format: int32 + minimum: 0 + type: integer + imagePullSecrets: + description: ImagePullSecrets is the list of pull Secrets to be used + to pull the image. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array + inheritMetadata: + description: InheritMetadata defines the metadata to be inherited + by children resources. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + mariaDbRef: + description: MariaDBRef is a reference to a MariaDB object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + waitForIt: + default: true + description: WaitForIt indicates whether the controller using + this reference should wait for MariaDB to be ready. + type: boolean + type: object + x-kubernetes-map-type: atomic + nodeSelector: + additionalProperties: + type: string + description: NodeSelector to be used in the Pod. + type: object + passwordSecretKeyRef: + description: UserPasswordSecretKeyRef is a reference to the impersonated + user's password to be used when executing the SqlJob. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + podMetadata: + description: PodMetadata defines extra metadata for the Pod. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be added to children resources. + type: object + labels: + additionalProperties: + type: string + description: Labels to be added to children resources. + type: object + type: object + podSecurityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in + addition to the container's primary GID and fsGroup (if specified). If + the SupplementalGroupsPolicy feature is enabled, the + supplementalGroupsPolicy field determines whether these are in addition + to or instead of any group memberships defined in the container image. + If unspecified, no additional groups are added, though group memberships + defined in the container image may still be used, depending on the + supplementalGroupsPolicy field. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + description: |- + Defines how supplemental groups of the first container processes are calculated. + Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + and the container runtime must implement support for this feature. + Note that this field cannot be set when spec.os.name is windows. + type: string + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName to be used in the Pod. + type: string + resources: + description: Resouces describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + default: OnFailure + description: RestartPolicy to be added to the SqlJob Pod. + enum: + - Always + - OnFailure + - Never + type: string + schedule: + description: Schedule defines when the SqlJob will be executed. + properties: + cron: + description: Cron is a cron expression that defines the schedule. + type: string + suspend: + default: false + description: Suspend defines whether the schedule is active or + not. + type: boolean + required: + - cron + type: object + securityContext: + description: SecurityContext holds security configuration that will + be applied to a container. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to be used by the Pods. + type: string + sql: + description: Sql is the script to be executed by the SqlJob. + type: string + sqlConfigMapKeyRef: + description: |- + SqlConfigMapKeyRef is a reference to a ConfigMap containing the Sql script. + It is defaulted to a ConfigMap with the contents of the Sql field. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + successfulJobsHistoryLimit: + description: SuccessfulJobsHistoryLimit defines the maximum number + of successful Jobs to be displayed. + format: int32 + minimum: 0 + type: integer + timeZone: + description: TimeZone defines the timezone associated with the cron + expression. + type: string + tolerations: + description: Tolerations to be used in the Pod. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + username: + description: Username to be impersonated when executing the SqlJob. + type: string + required: + - mariaDbRef + - passwordSecretKeyRef + - username + type: object + status: + description: SqlJobStatus defines the observed state of SqlJob + properties: + conditions: + description: Conditions for the SqlJob object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_users.yaml b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_users.yaml new file mode 100644 index 00000000000..964ac7681c8 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/k8s.mariadb.com_users.yaml @@ -0,0 +1,318 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + name: users.k8s.mariadb.com +spec: + group: k8s.mariadb.com + names: + kind: User + listKind: UserList + plural: users + shortNames: + - umdb + singular: user + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .spec.maxUserConnections + name: MaxConns + type: string + - jsonPath: .spec.mariaDbRef.name + name: MariaDB + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: User is the Schema for the users API. It is used to define grants + as if you were running a 'CREATE USER' statement. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: UserSpec defines the desired state of User + properties: + cleanupPolicy: + description: CleanupPolicy defines the behavior for cleaning up a + SQL resource. + enum: + - Skip + - Delete + type: string + host: + description: Host related to the User. + maxLength: 255 + type: string + mariaDbRef: + description: MariaDBRef is a reference to a MariaDB object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + waitForIt: + default: true + description: WaitForIt indicates whether the controller using + this reference should wait for MariaDB to be ready. + type: boolean + type: object + x-kubernetes-map-type: atomic + maxUserConnections: + default: 10 + description: MaxUserConnections defines the maximum number of connections + that the User can establish. + format: int32 + type: integer + name: + description: Name overrides the default name provided by metadata.name. + maxLength: 80 + type: string + passwordHashSecretKeyRef: + description: |- + PasswordHashSecretKeyRef is a reference to the password hash to be used by the User. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + passwordPlugin: + description: PasswordPlugin is a reference to the password plugin + and arguments to be used by the User. + properties: + pluginArgSecretKeyRef: + description: |- + PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + pluginNameSecretKeyRef: + description: |- + PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + passwordSecretKeyRef: + description: |- + PasswordSecretKeyRef is a reference to the password to be used by the User. + If not provided, the account will be locked and the password will expire. + If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + requeueInterval: + description: RequeueInterval is used to perform requeue reconciliations. + type: string + retryInterval: + description: RetryInterval is the interval used to perform retries. + type: string + required: + - mariaDbRef + type: object + status: + description: UserStatus defines the observed state of User + properties: + conditions: + description: Conditions for the User object. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/mariadb-operator/0.31.0/manifests/mariadb-operator.clusterserviceversion.yaml b/operators/mariadb-operator/0.31.0/manifests/mariadb-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..e931fd4f980 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/manifests/mariadb-operator.clusterserviceversion.yaml @@ -0,0 +1,869 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "helm.mariadb.mmontes.io/v1alpha1", + "kind": "MariadbOperator", + "metadata": { + "name": "mariadb-operator" + }, + "spec": { + "affinity": {}, + "certController": { + "affinity": {}, + "caValidity": "35064h", + "certValidity": "8766h", + "enabled": true, + "extrArgs": [], + "extraVolumeMounts": [], + "extraVolumes": [], + "ha": { + "enabled": false, + "replicas": 3 + }, + "image": { + "pullPolicy": "IfNotPresent", + "repository": "ghcr.io/mariadb-operator/mariadb-operator", + "tag": "" + }, + "imagePullSecrets": [], + "lookaheadValidity": "2160h", + "nodeSelector": {}, + "podAnnotations": {}, + "podSecurityContext": {}, + "requeueDuration": "5m", + "resources": {}, + "securityContext": {}, + "serviceAccount": { + "annotations": {}, + "automount": true, + "enabled": true, + "extraLabels": {}, + "name": "" + }, + "serviceMonitor": { + "additionalLabels": {}, + "enabled": true, + "interval": "30s", + "scrapeTimeout": "25s" + }, + "tolerations": [] + }, + "clusterName": "cluster.local", + "extrArgs": [], + "extraVolumeMounts": [], + "extraVolumes": [], + "fullnameOverride": "", + "ha": { + "enabled": false, + "replicas": 3 + }, + "image": { + "pullPolicy": "IfNotPresent", + "repository": "ghcr.io/mariadb-operator/mariadb-operator", + "tag": "" + }, + "imagePullSecrets": [], + "logLevel": "INFO", + "metrics": { + "enabled": false, + "serviceMonitor": { + "additionalLabels": {}, + "enabled": true, + "interval": "30s", + "scrapeTimeout": "25s" + } + }, + "nameOverride": "", + "nodeSelector": {}, + "podAnnotations": {}, + "podSecurityContext": {}, + "rbac": { + "enabled": true + }, + "resources": {}, + "securityContext": {}, + "serviceAccount": { + "annotations": {}, + "automount": true, + "enabled": true, + "extraLabels": {}, + "name": "" + }, + "tolerations": [], + "webhook": { + "affinity": {}, + "annotations": {}, + "cert": { + "caPath": "/tmp/k8s-webhook-server/certificate-authority", + "certManager": { + "duration": "", + "enabled": false, + "issuerRef": {}, + "renewBefore": "" + }, + "path": "/tmp/k8s-webhook-server/serving-certs", + "secretAnnotations": {} + }, + "extrArgs": [], + "extraVolumeMounts": [], + "extraVolumes": [], + "ha": { + "enabled": false, + "replicas": 3 + }, + "hostNetwork": false, + "image": { + "pullPolicy": "IfNotPresent", + "repository": "ghcr.io/mariadb-operator/mariadb-operator", + "tag": "" + }, + "imagePullSecrets": [], + "nodeSelector": {}, + "podAnnotations": {}, + "podSecurityContext": {}, + "port": 10250, + "resources": {}, + "securityContext": {}, + "serviceAccount": { + "annotations": {}, + "automount": true, + "enabled": true, + "extraLabels": {}, + "name": "" + }, + "serviceMonitor": { + "additionalLabels": {}, + "enabled": true, + "interval": "30s", + "scrapeTimeout": "25s" + }, + "tolerations": [] + } + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "Backup", + "metadata": { + "name": "backup" + }, + "spec": { + "args": [ + "--single-transaction", + "--all-databases" + ], + "logLevel": "info", + "mariaDbRef": { + "name": "mariadb" + }, + "maxRetention": "720h", + "resources": { + "limits": { + "cpu": "300m", + "memory": "512Mi" + }, + "requests": { + "cpu": "100m", + "memory": "128Mi" + } + }, + "schedule": { + "cron": "*/1 * * * *", + "suspend": false + }, + "storage": { + "s3": { + "accessKeyIdSecretKeyRef": { + "key": "access-key-id", + "name": "minio" + }, + "bucket": "backups", + "endpoint": "minio.minio.svc.cluster.local:9000", + "prefix": "mariadb", + "secretAccessKeySecretKeyRef": { + "key": "secret-access-key", + "name": "minio" + }, + "tls": { + "caSecretKeyRef": { + "key": "ca.crt", + "name": "minio-ca" + }, + "enabled": true + } + } + } + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "Connection", + "metadata": { + "name": "connection" + }, + "spec": { + "database": "mariadb", + "healthCheck": { + "interval": "10s", + "retryInterval": "3s" + }, + "mariaDbRef": { + "name": "mariadb" + }, + "params": { + "parseTime": "true" + }, + "passwordSecretKeyRef": { + "key": "password", + "name": "mariadb" + }, + "secretName": "connection", + "secretTemplate": { + "annotations": { + "k8s.mariadb.com/connection": "sample" + }, + "databaseKey": "database", + "hostKey": "host", + "key": "dsn", + "labels": { + "k8s.mariadb.com/connection": "sample" + }, + "passwordKey": "password", + "portKey": "port", + "usernameKey": "username" + }, + "serviceName": "mariadb", + "username": "mariadb" + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "Database", + "metadata": { + "name": "data-test" + }, + "spec": { + "characterSet": "utf8", + "collate": "utf8_general_ci", + "mariaDbRef": { + "name": "mariadb" + }, + "retryInterval": "5s" + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "Grant", + "metadata": { + "name": "grant" + }, + "spec": { + "database": "*", + "grantOption": true, + "host": "%", + "mariaDbRef": { + "name": "mariadb" + }, + "privileges": [ + "SELECT", + "INSERT", + "UPDATE" + ], + "requeueInterval": "30s", + "retryInterval": "5s", + "table": "*", + "username": "user" + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "MariaDB", + "metadata": { + "name": "mariadb" + }, + "spec": { + "connection": { + "secretName": "mariadb-conn", + "secretTemplate": { + "key": "dsn" + } + }, + "database": "mariadb", + "galera": { + "enabled": true + }, + "metrics": { + "enabled": true, + "passwordSecretKeyRef": { + "generate": true, + "key": "password", + "name": "mariadb-metrics" + } + }, + "myCnf": "[mariadb]\nbind-address=*\ndefault_storage_engine=InnoDB\nbinlog_format=row\ninnodb_autoinc_lock_mode=2\ninnodb_buffer_pool_size=1024M\nmax_allowed_packet=256M\n", + "passwordSecretKeyRef": { + "generate": true, + "key": "password", + "name": "mariadb-password" + }, + "primaryConnection": { + "secretName": "mariadb-conn-primary", + "secretTemplate": { + "key": "dsn" + } + }, + "primaryService": { + "type": "ClusterIP" + }, + "replicas": 3, + "rootPasswordSecretKeyRef": { + "generate": true, + "key": "password", + "name": "mariadb-root" + }, + "secondaryConnection": { + "secretName": "mariadb-conn-secondary", + "secretTemplate": { + "key": "dsn" + } + }, + "secondaryService": { + "type": "ClusterIP" + }, + "service": { + "type": "ClusterIP" + }, + "storage": { + "size": "1Gi" + }, + "updateStrategy": { + "type": "ReplicasFirstPrimaryLast" + }, + "username": "mariadb" + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "MaxScale", + "metadata": { + "name": "maxscale-galera" + }, + "spec": { + "admin": { + "guiEnabled": true, + "port": 8989 + }, + "auth": { + "generate": true + }, + "config": { + "sync": { + "database": "mysql", + "interval": "5s", + "timeout": "10s" + } + }, + "connection": { + "port": 3306, + "secretName": "mxs-galera-conn" + }, + "guiKubernetesService": { + "metadata": { + "annotations": { + "metallb.universe.tf/loadBalancerIPs": "172.18.0.231" + } + }, + "type": "LoadBalancer" + }, + "kubernetesService": { + "annotations": { + "metallb.universe.tf/loadBalancerIPs": "172.18.0.224" + }, + "type": "LoadBalancer" + }, + "mariaDbRef": { + "name": "mariadb-galera" + }, + "monitor": { + "cooperativeMonitoring": "majority_of_all", + "interval": "2s", + "params": { + "available_when_donor": "false", + "disable_master_failback": "false", + "disable_master_role_setting": "false" + } + }, + "replicas": 3, + "requeueInterval": "10s", + "services": [ + { + "listener": { + "params": { + "connection_metadata": "tx_isolation=auto" + }, + "port": 3306, + "protocol": "MariaDBProtocol" + }, + "name": "rw-router", + "params": { + "master_accept_reads": "true", + "max_replication_lag": "3s", + "max_slave_connections": "255", + "transaction_replay": "true", + "transaction_replay_attempts": "10", + "transaction_replay_timeout": "5s" + }, + "router": "readwritesplit" + }, + { + "listener": { + "port": 3307 + }, + "name": "rconn-master-router", + "params": { + "master_accept_reads": "true", + "max_replication_lag": "3s", + "router_options": "master" + }, + "router": "readconnroute" + }, + { + "listener": { + "port": 3308 + }, + "name": "rconn-slave-router", + "params": { + "max_replication_lag": "3s", + "router_options": "slave" + }, + "router": "readconnroute" + } + ] + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "Restore", + "metadata": { + "name": "restore" + }, + "spec": { + "backupRef": { + "name": "backup" + }, + "mariaDbRef": { + "name": "mariadb" + }, + "resources": { + "limits": { + "cpu": "300m", + "memory": "512Mi" + }, + "requests": { + "cpu": "100m", + "memory": "128Mi" + } + }, + "targetRecoveryTime": "2023-12-19T09:00:00Z" + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "SqlJob", + "metadata": { + "name": "03-stars" + }, + "spec": { + "database": "mariadb", + "dependsOn": [ + { + "name": "01-users" + }, + { + "name": "02-repos" + } + ], + "mariaDbRef": { + "name": "mariadb" + }, + "passwordSecretKeyRef": { + "key": "password", + "name": "mariadb" + }, + "schedule": { + "cron": "*/1 * * * *", + "suspend": false + }, + "sql": "CREATE TABLE IF NOT EXISTS stars (\n id bigint PRIMARY KEY AUTO_INCREMENT,\n user_id bigint NOT NULL,\n repo_id bigint NOT NULL,\n FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,\n FOREIGN KEY (repo_id) REFERENCES repos(id) ON DELETE CASCADE,\n UNIQUE KEY (user_id, repo_id)\n);\nINSERT INTO stars(user_id, repo_id) \n VALUES((SELECT id FROM users ORDER BY RAND() LIMIT 1), (SELECT id FROM repos ORDER BY RAND() LIMIT 1))\n ON DUPLICATE KEY UPDATE id=id;\nDELETE FROM stars WHERE id = (SELECT id FROM stars ORDER BY RAND() LIMIT 1);\nSELECT r.name AS repo, COUNT(*) AS stars\nFROM stars s\nJOIN repos r\nON s.repo_id = r.id\nGROUP BY r.id\nORDER BY stars DESC;", + "username": "mariadb" + } + }, + { + "apiVersion": "k8s.mariadb.com/v1alpha1", + "kind": "User", + "metadata": { + "name": "user" + }, + "spec": { + "host": "%", + "mariaDbRef": { + "name": "mariadb" + }, + "maxUserConnections": 20, + "passwordSecretKeyRef": { + "key": "password", + "name": "mariadb" + }, + "retryInterval": "5s" + } + } + ] + capabilities: Deep Insights + categories: Database + containerImage: ghcr.io/mariadb-operator/mariadb-operator-helm:0.31.0 + createdAt: "2024-09-13T15:44:21Z" + description: Run and operate MariaDB in a cloud native way + operators.operatorframework.io/builder: operator-sdk-v1.26.0 + operators.operatorframework.io/project_layout: helm.sdk.operatorframework.io/v1 + repository: https://github.com/mariadb-operator/mariadb-operator + support: mariadb-operator + name: mariadb-operator.v0.31.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Configures a backup + displayName: Backup + kind: Backup + name: backups.k8s.mariadb.com + version: v1alpha1 + - description: Configures a connection + displayName: Connection + kind: Connection + name: connections.k8s.mariadb.com + version: v1alpha1 + - description: Defines a logical database + displayName: Database + kind: Database + name: databases.k8s.mariadb.com + version: v1alpha1 + - description: Grants permissions to an user in a database + displayName: Grant + kind: Grant + name: grants.k8s.mariadb.com + version: v1alpha1 + - description: Configures MariaDB helm chart based operator + displayName: MariadbOperator + kind: MariadbOperator + name: mariadboperators.helm.mariadb.mmontes.io + version: v1alpha1 + - description: Provisions a MariaDB instance + displayName: MariaDB + kind: MariaDB + name: mariadbs.k8s.mariadb.com + version: v1alpha1 + - description: Defines a MaxScale database proxy + displayName: MaxScale + kind: MaxScale + name: maxscales.k8s.mariadb.com + version: v1alpha1 + - description: Restores a backup + displayName: Restore + kind: Restore + name: restores.k8s.mariadb.com + version: v1alpha1 + - description: Defines a SQL job + displayName: SqlJob + kind: SqlJob + name: sqljobs.k8s.mariadb.com + version: v1alpha1 + - description: Defines a user + displayName: User + kind: User + name: users.k8s.mariadb.com + version: v1alpha1 + description: | + Install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) via [OLM](https://olm.operatorframework.io/) using the [helm chart](https://artifacthub.io/packages/helm/mariadb-operator/mariadb-operator). + + This helm operator provides provides a 1:1 mapping between the official helm chart and the [`MariadbOperator`](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/config/samples/helm_v1alpha1_mariadboperator.yaml) CRD, allowing to install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) via OLM without having to do any change in the helm chart. + + Normally, you would install [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) providing this `values.yaml` to the helm chart: + ```yaml + image: + repository: ghcr.io/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + logLevel: INFO + ha: + enabled: true + metrics: + enabled: true + serviceMonitor: + enabled: true + webhook: + cert: + certManager: + enabled: true + ``` + + This helm chart installation is abstracted in the [`MariadbOperator`](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/config/samples/helm_v1alpha1_mariadboperator.yaml) CRD, which will be reconciled by the helm operator: + ```yaml + apiVersion: helm.k8s.mariadb.com/v1alpha1 + kind: MariadbOperator + metadata: + name: mariadb-operator + spec: + image: + repository: ghcr.io/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + logLevel: INFO + ha: + enabled: true + metrics: + enabled: true + serviceMonitor: + enabled: true + webhook: + cert: + certManager: + enabled: true + ``` + + Once you have installed the operator, you will able to install a [`MariaDB`](https://github.com/mariadb-operator/mariadb-operator/blob/main/examples/manifests/mariadb_v1alpha1_mariadb.yaml) instance. Refer to the main [`mariadb-operator`](https://github.com/mariadb-operator/mariadb-operator) documentation for getting started with the rest of CRDs. + + ## Documentation + * [mariadb-operator](https://github.com/mariadb-operator/mariadb-operator/blob/main/README.md) + * [mariadb-operator-helm](https://github.com/mariadb-operator/mariadb-operator-helm/blob/main/README.md) + + ## Releases + This operator is automatically published in the following repositories whenever a new version of the [helm chart](https://artifacthub.io/packages/helm/mariadb-operator/mariadb-operator) is released: + - [k8s-operatorhub/community-operators](https://github.com/k8s-operatorhub/community-operators) + - [redhat-openshift-ecosystem/community-operators-prod](https://github.com/redhat-openshift-ecosystem/community-operators-prod) + + ## Roadmap + Take a look at our [roadmap](https://github.com/mariadb-operator/mariadb-operator/blob/main/ROADMAP.md) and feel free to open an issue to suggest new features. + + ## Contributing + We welcome and encourage contributions to this project! Please check our [contributing](https://github.com/mariadb-operator/mariadb-operator/blob/main/CONTRIBUTING.md) and [development](https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/DEVELOPMENT.md) guides. PRs welcome! + + ## Get in touch + - [Slack](https://r.mariadb.com/join-community-slack) + - mariadb-operator@proton.me + displayName: MariaDB Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAASAAAAEgCAYAAAAUg66AAAAABHNCSVQICAgIfAhkiAAAHOVJREFUeJzt3XlgTOfCBvBnsm/VBJGIBBE0tTXETrm1VC1JVGtLShE7tS+t0trrKom2qJbartJaQpEQkrSWoATtp733qy1BNllkkE2SyXx/6PVZYkxmzpl3luf3l2Rmznlo+uQ9y/sehVqtVoOISAAr0QGIyHKxgIhIGBYQEQnDAiIiYVhARCQMC4iIhGEBEZEwLCAiEoYFRETCsICISBgWEBEJwwIiImFYQEQkDAuIiIRhARGRMCwgIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJAwLiIiEYQERkTAsICIShgVERMKwgIhIGBYQEQnDAiIiYVhARCQMC4iIhGEBEZEwLCAiEoYFRETCsICISBgWEBEJwwIiImFYQEQkDAuIiIRhARGRMCwgIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJAwLiIiEYQERkTAsICIShgVERMKwgIhIGBYQEQnDAiIiYVhARCSMjegARGTaLv3PJcREH0TSuSTcSElBWVkZmjRtimkzpiOgeXONn1Wo1Wq1gXISkZkoLS3Fgf378d369fjrf/+q8D22trbYvTcKjZs0ee52eAhGRForLy/Hvqi96N6lK2ZNn/Hc8gEeltT327Zp3B4PwYjohQoKCrAvKgpbN2/BtWvXtP7cuV/PanydBUREFcrPz8eJY8cRF3cU8UfjkJ+fX+lt3L17V+PrLCAiC3Pv3j3cu3cPRYWFKCwqQv79fOTn30dOdjZycnJw88ZN/HHpEpKTk1FeXq7XvkpKSjS+zgIiMiN5d/KQkpKM69evIyU5BRkZ6cjNyUVOdjZy79zBndxclJWVGSzPi65xsYCITNitmzeReDIRSUnncPbMr0hPTxcd6Qnu7u4aX2cBEZmYK5cv41BMDPZG7cWtmzdFx9HIw9NT4+ssICITUFhQiB9//AHb/7UNycnJouNorUaNGhpfZwERGbHc3Fxs2bQZ27dtg1KpFB2n0jw8PTS+zgIiMkIlJSXYvHET1q5erdPlb2Ph4+Oj8XUWEJGRSYhPwJJFC3Ej5YboKHp70VwwFhCRkSgqKsKK5cuxZdNm0VEk4ejoCH9/f43vYQERGYGLFy5g2pSpRn9VqzKat2gBaxvNFcPJqESC7fzhR4QOHGRW5QMAwX1DXvgeLsdBJIhKpULEihX45ut1oqNIztHJCWfOnYWzs7PG9/EQjEiABw8e4IPx45EQnyA6iiz6BAW9sHwAjoCIDK6oqAjjRo/GyRMnRUeRhb29PY4kxKNWrVovfC9HQEQGVFBQgPBhw5B0Lkl0FNkMHzFCq/IBOAIiMpiSkhKMHD4CpxITRUeRjbe3Nw4ePgQXFxet3s+rYEQGoFKpMH3qVLMuH2sba0R8sUrr8gFYQEQGsfDT+TgUHSM6hqxmzpqNFoGBlfoMC4hIZtu2bn3h4uymLmzIEIwcParSn+M5ICIZnTl9GsOGDDXoKoSG1rff21i+YgWsrCo/nmEBEckkMyMTQb17Ie9OnugoshkcGor5ixbC2tpap8/zMjyRDFRlZZg6eZJZl8+kKZMxacoUvbbBAiKSQWREJM6dPSc6hiwcHBywcMli9HvnHb23xUMwIomdOX0aQ8Pe0/uRNsbI19cXa9atQ8NXGkqyPV4FI5JQfn4+Zs+YaZbl07ff2/jp4EHJygfgIRiRpBYvWIi0tDTRMSRVpUoVzF+0EMEhL15eo7JYQEQS+eXnn7F71y7RMSTVrn17/HPF5/Dy8pJl+zwHRCSBoqIi9HyzB1Jv3RIdRRJ2dnaYPHUqRo0ZrdP9PdriCIhIAqsiIs2mfBo0bIiIVZF4tVEj2ffFERCRnv795594OyQEqjKV6Ch6USgUGB4ejhmzZsLOzs4g++QIiEgP5eXl+GTuPJMvH2dnZyxbvhw9e/cy6H5ZQER62Lp5C367eFF0DL3Uq1cPa79Zh/oNGhh83zwEI9JRZkYmenTrhoKCAtFRdPZWz55YvmIFnJydhOyfNyIS6WjZ0qUmXT5Dh72PL9esFlY+AA/BiHSSdC4J0QcPio6hs4mTPsCUadNEx+AhGFFlqVQqvB0cgn//+afoKDoZO348ZsyaKToGAB6CEVXaDzt2mGz59AkKwvSZM0THeIQjIKJKUCqV6N6li0mu89MiMBDbdmw32D0+2uAIiKgSVkVEmmT5vPTSS4j4YpVRlQ/AAiLS2l//+xd2bP9edAydzJk3F97e3qJjPIMFRKSlRQsWmOQdz6/4v4J33n1XdIwKsYCItBB98CDOnD4tOoZOxowbJ+uMdn3wJDTRCxQXF6NH124mudCYq5sbEs+chr29vegoFTLOWiQyIl+vWWOS5QMAPd7qYbTlA7CAiDS6dfMmNny7XnQMnXXt2k10BI1YQEQaLFm0GA8ePBAdQycODg5o16G96BgasYCInuPYL78g7uhR0TF01rZdOzg6OoqOoRELiKgCRUVFmP/Jp6Jj6KVrd+M+/AJYQEQVWhURiVs3b4qOoZfXO3USHeGFWEBET/nPf/6DLZs2iY6hF8+ankZ55/PTWEBEj1GpVPho1myUlZWJjqKXNm3bio6gFRYQ0WO2bNqEPy5dEh1Db61atRYdQSssIKK/paenY1VkpOgYkmjVhgVEZDLUajXmzP4QhQWFoqPorVq1aqhXr57oGFphAREB+NeWrTh54oToGJJo1bo1FAqF6BhaYQGRxbt29SqWL1smOoZkWgS2EB1BaywgsmglJSWYNmUqiouLRUeRzGsBAaIjaI0FRBZtyaLF+POPP0THkIyNjQ0aN2kiOobWWEBksaIPHsT3//qX6BiSaty4MRwcHETH0BoLiCzStWvXMGf2h6JjSK5ZwGuiI1QKC4gsjlKpxNiRo0z6scrP07yF6ZyABlhAZGHKysowacJEJCcni44ii+bNm4uOUCksILIocz+ag1OJiaJjyKJatWrwqV1bdIxKYQGRxVj5+Qrs3rVLdAzZtAgMFB2h0lhAZBE2btiAr9esER1DVqZ2/gdgAZEF2LxxE5YuXiI6huyatzCt8z8AC4jM3OaNm7Bk0SLRMWRnY2ODJk2bio5RaTaiAxDJQa1W45+ffWbSj9SpjMaNGxv9AvQVYQGR2SkoKMDMadNxJDZWdBSDCTDBwy+ABURmJiU5BePGjMGVy5dFRzEoU7wCBvAcEJmRA/v34+3gYIsrH8A0r4ABHAGRGbh//z4WfPop9kXtFR1FiBoeHvDy8hIdQycsIDJpPyckYN7HHyMzI1N0FGFMaQGyp7GAyCRlZWVh+bJlFjvqeVygiZ7/AVhAZGJKS0uxdfNmfLnqC7Ocza4LUz3/A7CAyESo1Wocio7B58uXm/wjk6Vkb2+PRo0bi46hMxYQGb3Ek4mIXLkSv128KDqK0XktIAB2dnaiY+iMBURGK+lcEr6IjMTpU6dERzFabduZxiOYn4cFREalvLwcvyT8jG/WrcP5pCTRcYxe6zZtREfQCwuIjEJhQSH2//QTNm7YgOvXr4uOYxLs7OwQYGIrID6NBURC5eTkYPu2bdi6ZSuUeXmi45iU1wICTOoJGBVhAZHBqdVqnEo8hR92bEfckaMoLS0VHckkmfr5H4AFRAaUk5ODPbt248cffsDNGzdExzF5pn7+B2ABkcxUKhVOnjiB3bt2cbQjIUdHR5OdAf84FhDJ4srly9i3dy+idu9Bdna26Dhmp1Xr1rC3txcdQ28sIJJMeno6Du4/gH17o3D5L8tbEsOQXu/cSXQESbCASC95d/IQe/gw9kZF4cL581Cr1aIjWYROnVhAZKGys7NxJDYWMQejce7sWZSXl4uOZFFq1qwJv/r1RceQBAuItJKeno4jh2Pxc0I8zpw5A1WZSnQki2Uuh18AC4g0uHXzJuLj4nEoJoaHV0akU6fOoiNIhgVET/jj0iXEHo7FkdhYXLt6VXQceoqtrS3ad+wgOoZkWEAWTqVS4cL5CzgSG4sjhw8jLS1NdCTSoG27dqhSpYroGJJhAVkglUqFixcu4lBMNA5FxyArK0t0JNLSWz17io4gKRaQhSguLsapk4mIiYlG/NE43L9/X3QkqiQrKyt06dZVdAxJsYDMmFKpRHxcHI7ExiLxxEkUFxeLjkR6CGzZEu7u7qJjSIoFZGaKi4vxc3wC9kbtwYnjJzj3yoyY2+EXwAIyCyUlJTh5/ARiYqJxJDYWhQWFoiORxBQKBbr3eFN0DMmxgEzU4yeS9//0E/LucDEvc9asWTOTffqpJiwgE6JWq3Hh/Hkc2H8Ah6KjkZubKzoSGcibb70lOoIsWEAm4MrlyzgUE4N9e/dxIS8LZGVlheC+IaJjyIIFZKRSklNwYP9+HDxwgHckW7iOr7+OmjVrio4hCxaQEUlLS8PR2COce0VP6D9ggOgIslGo+VMu1L179/DT3n3Ys3s3/rh0SXQcMjKubm449esZk376qSYcAQly4fx57Ni+HYeiY3iDID1XcEiw2ZYPwAIyuPNJSfjm66+REJ8gOgqZAHM+/AJYQAZzPikJkSsjcOb0adFRyES82qgRXm3USHQMWbGAZKZUKvHPpZ9h965dPKlMlTIodLDoCLLjSWgZHYqOwfxPPuENg1Rprm5uOJF4Eo5OTqKjyIojIBnczszER7M/xPFjx0RHIRM19P2hZl8+AEdAkos9fBgffzQHyjzOzSLdODg44PipRFStWlV0FNlxBCSRgoICLJq/ALt37RIdhUxcv3fesYjyAVhAkrh27RomjhuPK5f5NFDSj5WVFUaMHCk6hsFYiQ5g6n7atw99g4JZPiSJN3v0QF3fuqJjGAxHQDpSqVRYtmQpNm3cKDoKmQkrKyuMHT9OdAyDYgHpoKiwEFMmT0b80TjRUciMBIUEo0nTpqJjGBSvglVS1u3bGD1yFCeOkqRsbW1xJD4OPrVri45iUBwBVUJKcgqGhIYiIyNDdBQyM0OHDbO48gE4AtJacnIy3hscituZmaKjkJl5+eWXEX/sF7i6uoqOYnC8CqaF69evI2zQYJYPyWLCBxMtsnwAjoBeKCU5BYP690dOTo7oKGSGfH19ER172KzX/NGEIyAN8u7kYeTw4SwfkoVCocCCxYsstnwAFtBzFRUVYVR4OFJSUkRHITM1YNBAtO/QQXQMoXgIVgFVWRnGjh6DnxO4aqExcXFxQbm63Cye/Orl5YWDhw+hSpUqoqMIxRFQBSJXRrB8jIy1tTW+27wJjRs3ER1Fb1ZWVlgRGWHx5QOwgJ6REBePb9atEx2DnvL+8OEIbNkSd+8qRUfR2+gxY9C6TRvRMYwCC+gxqbduYeb06Vw61cg4OTth/ITxAACl8q7QLI6OjlAoFDp/vk3btpg6fZqEiUwbC+hvpaWlmDh+Au7eFfsDTs8aNDgUrm5uAIC7SnEjoBoeHvg1KQldunXV6fOeNT3x5ZrVsLbhBIT/YgH9LXLlSs7vMlIDBw0EACjz8vDgwQNhOQYMHAAnZye89NJLlf6so5MT1n37LapVqyZDMtPFAgJw7uw5fLd+g+gYVIHXAgLgV78+gIePrhbF2toa/Qc+LMJ7lRwlW1tbI/KLVRY3010bFl9Ad+/exbTJk6FSqURHoQr0e6ffoz+np6cLy9H5jX+gVq1aAID79+9r/TmFQoFFS5agW/fuckUzaRZdQOXl5Zg5fTpntxspOzs79A4KevR16q1bwrKEhoU9+vOdO9o9cEChUGD+ooUY8PchJD3LogtozVerkRAXLzoGPUeXbl2fmKR55coVITm8vb3RqXPnR19rMynZ2toaCxYvQth778kZzeRZ7On4kydOYvWXX4qOQRr0e+fdJ76+/JeYdbcHDh4EK6uHv6sLCgqQn5+v8f12dnZYERGBXn16GyKeSbPIArp29SomT5zI8z5GrFq1aujUudOjr9VqNa4KGAE5Ojpi4OD/f0Ry5gtGPzVq1MBXa9cgsGVLuaOZBYs7BMvOzkb4sOG838fIBYeEwOax+2WSk5NfOPKQQ/+BA554RldmxvMLqGWrlth38ADLpxIsagRUWFCIUSPCkZqaKjoKaaBQKDBw8KAnvvfbxYsGz2FjY4PwUaOe+N7t288WkI2NDT6YPBljx43lTYaVZDH/Wg/vdB7Pmw1NQKfOnVG/QYMnvvf7xd8MnqNPcNCjS+//9fQJ6FatW2Pep5+gUePGhoxmNvQuoKysLNxIuYGSkpJHN2i5vOQCBwdHODs7obq7O9zd3fWaP6OvsrIyfDB+Ao4fOyYsA2kvfNSzTwb99ddfDZpBoVBg9Jixz3w/M/M2AMDf3x8zZs/CP954w6C5zE2lCygrKwvRBw7g2C/HcPHCBRQUFLzwM7a2tvDw9ISXlxd86/nCz88P9Rs0QD0/P9SqVUvWclKpVJg2ZQrijh6VbR8knUaNGz+zSNftzEyDn4B+o2sXNHyl4TPft7W1wcrISASFBD+6Mka603pBMmVeHlZ8/jmidu9BSUmJZAEcnZzg5+f3dynVh2+9eqhfvz7q1K0LW1tbvbZ97949fDRrNmIPH5YoLclt6/fbnimgPbt3Y/aMmQbLoFAosHPPbjRv0cJg+7RUWo2Ajh87hg9nzkJWVpbkAYoKC/HHpUvPnJuxtrFGbZ/a8KtfH371/VDPzw+1a9eBp6cHPDw9n7uObmlpKS7/9Rfijh7Fjzt+kCWzXKxtrOHi7AJra2s4u7g88VppaQmKCotQXl5eqakApiQ4JKTCJUoNvThcr969WT4G8sIR0KaNG/HZ4iUoLy83VCatuLq64qUqVeDk5AhbWzuUlpagIL8AmZmZKCsrEx3vuV5++WW84u8P/1f90aBhQ3h6esLT0xPV3d1RvXp1rQ9HS0pKoMzLw528PCjz8pCbm4u8O3eQk5ODtLQ0pKelIyMjAxnp6SgtLZX5b6U/n9q1sT/64DMzzYuLi9E6MNBgy7A6ODggNj7umZPPJA+NI6BVERFY/eVXhspSKUqlEkqBa8Noq3adOmjfoT06dOiIgBbNUbNmTUm2a2dnhxoeHqjh4aHxfWq1GtnZ2UhPS0NGegYyMtIfFVR6+sM/K/O0m9skF3d3d2zcsrnCZS5Onjhh0DWgR44exfIxoOeOgPbuicLM6dMNncfkKRQKtGzVCkEhwejUuTO8vb1FR3qhwoJCpKamIjU1FWmpqUhLS31YUqlpSE9PR25urmwjYH9/f3z19Vr4+vpW+PrE8eNxOOaQLPt+mmdNTxyNj4ejk5NB9kcaRkAXzp+HtY01VGWcrqCN6tWrY3BYKN4dMMDkfoM6OTuh4SsNK7zqAzxcNSA3Nxe5ubnIun0buTm5yM7ORnZWFnJzc6FUKqFSlaGwsAilpaUoLi5+YuEwe3t7ODg4wM7ODm5V3eDm6oaq1aqibl1fBPcNgYODQ4X7zc3NRfzROFn+zhWZOXs2y8fANJ4DupFyA5/Om4uTJ04aMpNJqVevHsZNmIDeQX0s+gFzctjw7XosW7rUIPtq2aolduzcKfR+NUuk1WX4Q9ExmP/JJ8jNzTVEJpPg5eWF8RMnov+A/rz9XiY9unXHtatXZd+Po5MTDkRHo65vXdn3RU/S6k6qnr17ITY+7ok1USxVDQ8PLFi0EPHHfsGg0MEsH5mcO3vOIOUDAHPnzWP5CKL1rZyurq5Yv/E7jBj57G3ylsDRyQnTZ85AwrFfEDZkiN43SZJmP2zfbpD9dOna5ZmJr2Q4Oj2aefeuXfjk47mS3hFtzN7q1RMfz5sn2SV00uzmjRvo3rWr7BdAqlatipgjsahevbqs+6Hn02kyy7v9+2Pbju1wd3eXOo9R8fPzw5Zt27B67VqWjwF9vWatQa6+Lv5sKctHMJ1n07UIDMTe/fvRtJn5PWrE0dERsz78ENGxh9Gh47NTA0g+qamp2BsVJft+ho8YgTd79JB9P6SZXtN5PWt6YsfOnQgbMsRsZgZ3fL0jYmIPY/TYMU+syEeGsW7tWtmn0rRr3x4fzvlI1n2QdnQ6B1SR33/7DXPnfIz//PvfUmzO4NyqumHOx3Px9mPPoSLDSktLQ7d/vCHr3LU6detgd9ReuFV1k20fpD3Jhi2vBQRg3/6f8PG8uY+e420qQt7ui9i4OJaPYJ8v+6es5VO1alVs3LyF5WNEJBsBPS4/Px8fzZ6NQ9ExUm9aUrXr1MHCxYvQ8fXXRUexeEnnkjB4wADI8OMI4OFtFNu2f4/XAgJk2T7pRpaTHC4uLkY9CdPGxgZhQ97DjJkzOffHCJSXl2PJooWylY+DgwO+3bCe5WOEZCmgnxMSsOHb9XJsWm+BLVti0ZIlz514SYa3e+cuXPofeR4W4ODggG82bEC79u1l2T7pR/JDsMyMTAT17oU8LZ+fbShVqlTBzA9nY+CgQWZzxc4c3L17F2926SrLPEMXFxd8s2E92rRtK/m2SRqSjoBUZWWYMukDoyofhUKBPkFBmDNvrtnfOGmKli5aLEv5VKtWDd9t3oQmTc3vPjVzImkBRa6MQNK5JCk3qZemzZpizty5aNW6tegoVIFTiYmI2rNH8u36+vrim+82oF69epJvm6Ql2SHYiePHET5suFGsHe3l5YXps2YiOCSE67sYqYKCAvR6swfS0tIk3W6Xrl0Q8cUXcHlqUX8yTpKMgHJycjBr+gzh5VOrVi0MDw/H4LBQ2NvbC81Cmi3/bJmk5WNtY40JEydi4qRJPMdnQvQuIJVKhUkTJiI7O1uKPDqp36ABRo0ZjZC+fTl9wgScSkzEDgmX2/D29kbEF6vQIjBQsm2SYej9f+u369bhrIEfm/tfHTp2wIiRI9Gpc2ceapkIpVKJWTOkGS0rFAqEDRmCWbNnw8mZ93OZIr0KKDk52eCP7bG2tkafoCCMGjsG/v7+Bt036e+TuXORmZGp93Ze8X8F8xcu5AUGE6dzAanVasz9aM4TTz+Qk62tLfr264ex48ahTt06BtknSWtf1F7EHIzWaxuurq6YPHUqQsNCuRyuGdD5v+CuH3fi1zNnpMxSISdnJwwcNBgjRoZzUTATduXyZSz49FOdP+/i4oIRI8MxPDy8wgcYkmnS6TJ8UWEhOnXsKOsNh25V3TD0/WEY8v5QuLq6yrYfkl9KcgpCBw5EVlZWpT9bvXp1vDd0KN4bOoQ/B2ZIpxHQrp27ZCsfbx8fjAgPR/+BA+Do6CjLPshw0tPTMTQsrNLlE9C8OQaFDkZwSAift2bGdCqgw4ekfVSutbU1Or/xD4SGhaFT5868j8NMZGVlYWhoGNLT07V6f61atdCzdy+8278/6jdoIHM6MgY6FdDly5f13rFCocBrAQHoExSEXn16o0aNGnpvk4xH3p08vP/eEKSkpGh8n6+vL7r3eBM9evZEs2bNeDuFhdGpgNzd3aHMq/whmJeXF9q0a4sOHTqifccOLB0zdf/+fQwbOhRXHvtFVaVKFXj7+MDHxwfePj5o1KgRApo35xVNC6fTSegzp09j9Zdf4ffff0dRYSEAwNnZGTY2NnBxcYF7jRrw8PCAZ01PePv4wN/fH682asSTiBYiJycH2VlZcHFxgbOLCxwdHXk+jyoky5KsRETa4NleIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJAwLiIiEYQERkTAsICIShgVERMKwgIhIGBYQEQnDAiIiYVhARCQMC4iIhGEBEZEwLCAiEoYFRETCsICISBgWEBEJwwIiImFYQEQkDAuIiIRhARGRMCwgIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJAwLiIiEYQERkTAsICIShgVERMKwgIhIGBYQEQnDAiIiYVhARCQMC4iIhGEBEZEwLCAiEoYFRETCsICISBgWEBEJwwIiImFYQEQkDAuIiIRhARGRMCwgIhKGBUREwrCAiEgYFhARCcMCIiJhWEBEJMz/AbUnAlX5uNt8AAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - '*' + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - helm.mariadb.mmontes.io + resources: + - mariadboperators + - mariadboperators/status + - mariadboperators/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - '*' + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' + - apiGroups: + - cert-manager.io + resources: + - certificates + - issuers + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - '*' + serviceAccountName: mariadb-operator-helm-controller-manager + deployments: + - label: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: helm-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: helm-operator + control-plane: controller-manager + name: mariadb-operator-helm-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --leader-election-id=helm-operator + image: ghcr.io/mariadb-operator/mariadb-operator-helm:0.31.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: mariadb-operator-helm-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: mariadb-operator-helm-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - mariadb + - mysql + - operator + - mariadb-operator + - database + - maxscale + links: + - name: GitHub + url: https://github.com/mariadb-operator/mariadb-operator + maintainers: + - email: mariadb-operator@proton.me + name: mmontes11 + maturity: alpha + minKubeVersion: 1.16.0 + provider: + name: mariadb-operator + url: https://github.com/mariadb-operator/mariadb-operator + version: 0.31.0 diff --git a/operators/mariadb-operator/0.31.0/metadata/annotations.yaml b/operators/mariadb-operator/0.31.0/metadata/annotations.yaml new file mode 100644 index 00000000000..a8717c796b2 --- /dev/null +++ b/operators/mariadb-operator/0.31.0/metadata/annotations.yaml @@ -0,0 +1,17 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: mariadb-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.26.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: helm.sdk.operatorframework.io/v1 + com.redhat.openshift.versions: v4.12 + com.redhat.delivery.operator.bundle: true + com.redhat.delivery.backport: false + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/mariadb-operator/0.31.0/tests/scorecard/config.yaml b/operators/mariadb-operator/0.31.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..b3f2fc8ea6a --- /dev/null +++ b/operators/mariadb-operator/0.31.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/opentelemetry-operator/0.108.0/bundle.Dockerfile b/operators/opentelemetry-operator/0.108.0/bundle.Dockerfile new file mode 100644 index 00000000000..cf3e024b756 --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/bundle.Dockerfile @@ -0,0 +1,22 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=opentelemetry-operator +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.29.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY ./manifests /manifests/ +COPY ./metadata /metadata/ +COPY ./tests/scorecard /tests/scorecard/ + +LABEL com.redhat.openshift.versions=v4.12 diff --git a/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-controller-manager-metrics-service_v1_service.yaml b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..66b0879b4d9 --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: opentelemetry-operator + control-plane: controller-manager + name: opentelemetry-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: opentelemetry-operator + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..18a824a57fd --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: opentelemetry-operator + name: opentelemetry-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-webhook-service_v1_service.yaml b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..d40a3369408 --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator-webhook-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/name: opentelemetry-operator + name: opentelemetry-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app.kubernetes.io/name: opentelemetry-operator + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator.clusterserviceversion.yaml b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..6737e75c564 --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry-operator.clusterserviceversion.yaml @@ -0,0 +1,799 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "opentelemetry.io/v1alpha1", + "kind": "Instrumentation", + "metadata": { + "name": "instrumentation" + }, + "spec": { + "exporter": { + "endpoint": "http://otel-collector-headless:4317" + } + } + }, + { + "apiVersion": "opentelemetry.io/v1alpha1", + "kind": "OpAMPBridge", + "metadata": { + "name": "opampbridge-sample" + }, + "spec": { + "capabilities": { + "AcceptsOpAMPConnectionSettings": true, + "AcceptsOtherConnectionSettings": true, + "AcceptsRemoteConfig": true, + "AcceptsRestartCommand": true, + "ReportsEffectiveConfig": true, + "ReportsHealth": true, + "ReportsOwnLogs": true, + "ReportsOwnMetrics": true, + "ReportsOwnTraces": true, + "ReportsRemoteConfig": true, + "ReportsStatus": true + }, + "componentsAllowed": { + "exporters": [ + "debug" + ], + "processors": [ + "memory_limiter" + ], + "receivers": [ + "otlp" + ] + }, + "endpoint": "ws://opamp-server:4320/v1/opamp" + } + }, + { + "apiVersion": "opentelemetry.io/v1alpha1", + "kind": "OpenTelemetryCollector", + "metadata": { + "name": "otel" + }, + "spec": { + "config": "receivers:\n otlp:\n protocols: \n grpc: {}\n http: {}\n\nexporters:\n debug: {}\n\nservice:\n pipelines:\n traces:\n receivers: [otlp]\n exporters: [debug]\n" + } + }, + { + "apiVersion": "opentelemetry.io/v1beta1", + "kind": "OpenTelemetryCollector", + "metadata": { + "name": "otel" + }, + "spec": { + "config": { + "exporters": { + "debug": {} + }, + "receivers": { + "otlp": { + "protocols": { + "grpc": {}, + "http": {} + } + } + }, + "service": { + "pipelines": { + "traces": { + "exporters": [ + "debug" + ], + "receivers": [ + "otlp" + ] + } + } + } + } + } + } + ] + capabilities: Deep Insights + categories: Logging & Tracing,Monitoring + certified: "false" + containerImage: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator + createdAt: "2024-09-05T15:16:50Z" + description: Provides the OpenTelemetry components, including the Collector + operators.operatorframework.io/builder: operator-sdk-v1.29.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: github.com/open-telemetry/opentelemetry-operator + support: OpenTelemetry Community + name: opentelemetry-operator.v0.108.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Instrumentation is the spec for OpenTelemetry instrumentation. + displayName: OpenTelemetry Instrumentation + kind: Instrumentation + name: instrumentations.opentelemetry.io + resources: + - kind: Pod + name: "" + version: v1 + version: v1alpha1 + - description: OpAMPBridge is the Schema for the opampbridges API. + displayName: OpAMP Bridge + kind: OpAMPBridge + name: opampbridges.opentelemetry.io + resources: + - kind: ConfigMaps + name: "" + version: v1 + - kind: Deployment + name: "" + version: apps/v1 + - kind: Pod + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + version: v1alpha1 + - description: OpenTelemetryCollector is the Schema for the opentelemetrycollectors + API. + displayName: OpenTelemetry Collector + kind: OpenTelemetryCollector + name: opentelemetrycollectors.opentelemetry.io + resources: + - kind: ConfigMaps + name: "" + version: v1 + - kind: DaemonSets + name: "" + version: apps/v1 + - kind: Deployment + name: "" + version: apps/v1 + - kind: Ingress + name: "" + version: networking/v1 + - kind: Pod + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: StatefulSets + name: "" + version: apps/v1 + specDescriptors: + - description: ObservabilitySpec defines how telemetry data gets handled. + displayName: Observability + path: observability + - description: Metrics defines the metrics configuration for operands. + displayName: Metrics Config + path: observability.metrics + - description: EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar + mode) should be created for the service managed by the OpenTelemetry Operator. + The operator.observability.prometheus feature gate must be enabled to use + this feature. + displayName: Create ServiceMonitors for OpenTelemetry Collector + path: observability.metrics.enableMetrics + - description: ObservabilitySpec defines how telemetry data gets handled. + displayName: Observability + path: targetAllocator.observability + - description: Metrics defines the metrics configuration for operands. + displayName: Metrics Config + path: targetAllocator.observability.metrics + - description: EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar + mode) should be created for the service managed by the OpenTelemetry Operator. + The operator.observability.prometheus feature gate must be enabled to use + this feature. + displayName: Create ServiceMonitors for OpenTelemetry Collector + path: targetAllocator.observability.metrics.enableMetrics + version: v1alpha1 + - description: OpenTelemetryCollector is the Schema for the opentelemetrycollectors + API. + displayName: OpenTelemetry Collector + kind: OpenTelemetryCollector + name: opentelemetrycollectors.opentelemetry.io + resources: + - kind: ConfigMaps + name: "" + version: v1 + - kind: DaemonSets + name: "" + version: apps/v1 + - kind: Deployment + name: "" + version: apps/v1 + - kind: Pod + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: StatefulSets + name: "" + version: apps/v1 + specDescriptors: + - description: ObservabilitySpec defines how telemetry data gets handled. + displayName: Observability + path: observability + - description: Metrics defines the metrics configuration for operands. + displayName: Metrics Config + path: observability.metrics + - description: EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar + mode) should be created for the service managed by the OpenTelemetry Operator. + The operator.observability.prometheus feature gate must be enabled to use + this feature. + displayName: Create ServiceMonitors for OpenTelemetry Collector + path: observability.metrics.enableMetrics + - description: ObservabilitySpec defines how telemetry data gets handled. + displayName: Observability + path: targetAllocator.observability + - description: Metrics defines the metrics configuration for operands. + displayName: Metrics Config + path: targetAllocator.observability.metrics + - description: EnableMetrics specifies if ServiceMonitor or PodMonitor(for sidecar + mode) should be created for the service managed by the OpenTelemetry Operator. + The operator.observability.prometheus feature gate must be enabled to use + this feature. + displayName: Create ServiceMonitors for OpenTelemetry Collector + path: targetAllocator.observability.metrics.enableMetrics + version: v1beta1 + description: |- + OpenTelemetry is a collection of tools, APIs, and SDKs. You use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) for analysis in order to understand your software's performance and behavior. + + ### Operator features + + * **Sidecar injection** - annotate your pods and let the operator inject a sidecar. + * **Managed upgrades** - updating the operator will automatically update your OpenTelemetry collectors. + * **Deployment modes** - your collector can be deployed as sidecar, daemon set, or regular deployment. + * **Service port management** - the operator detects which ports need to be exposed based on the provided configuration. + displayName: Community OpenTelemetry Operator + icon: + - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHJvbGU9ImltZyIgdmlld0JveD0iLTEyLjcwIC0xMi43MCAxMDI0LjQwIDEwMjQuNDAiPjxzdHlsZT5zdmcge2VuYWJsZS1iYWNrZ3JvdW5kOm5ldyAwIDAgMTAwMCAxMDAwfTwvc3R5bGU+PHBhdGggZmlsbD0iI2Y1YTgwMCIgZD0iTTUyOC43IDU0NS45Yy00MiA0Mi00MiAxMTAuMSAwIDE1Mi4xczExMC4xIDQyIDE1Mi4xIDAgNDItMTEwLjEgMC0xNTIuMS0xMTAuMS00Mi0xNTIuMSAwem0xMTMuNyAxMTMuOGMtMjAuOCAyMC44LTU0LjUgMjAuOC03NS4zIDAtMjAuOC0yMC44LTIwLjgtNTQuNSAwLTc1LjMgMjAuOC0yMC44IDU0LjUtMjAuOCA3NS4zIDAgMjAuOCAyMC43IDIwLjggNTQuNSAwIDc1LjN6bTM2LjYtNjQzbC02NS45IDY1LjljLTEyLjkgMTIuOS0xMi45IDM0LjEgMCA0N2wyNTcuMyAyNTcuM2MxMi45IDEyLjkgMzQuMSAxMi45IDQ3IDBsNjUuOS02NS45YzEyLjktMTIuOSAxMi45LTM0LjEgMC00N0w3MjUuOSAxNi43Yy0xMi45LTEyLjktMzQtMTIuOS00Ni45IDB6TTIxNy4zIDg1OC44YzExLjctMTEuNyAxMS43LTMwLjggMC00Mi41bC0zMy41LTMzLjVjLTExLjctMTEuNy0zMC44LTExLjctNDIuNSAwTDcyLjEgODUybC0uMS4xLTE5LTE5Yy0xMC41LTEwLjUtMjcuNi0xMC41LTM4IDAtMTAuNSAxMC41LTEwLjUgMjcuNiAwIDM4bDExNCAxMTRjMTAuNSAxMC41IDI3LjYgMTAuNSAzOCAwczEwLjUtMjcuNiAwLTM4bC0xOS0xOSAuMS0uMSA2OS4yLTY5LjJ6Ii8+PHBhdGggZmlsbD0iIzQyNWNjNyIgZD0iTTU2NS45IDIwNS45TDQxOS41IDM1Mi4zYy0xMyAxMy0xMyAzNC40IDAgNDcuNGw5MC40IDkwLjRjNjMuOS00NiAxNTMuNS00MC4zIDIxMSAxNy4ybDczLjItNzMuMmMxMy0xMyAxMy0zNC40IDAtNDcuNEw2MTMuMyAyMDUuOWMtMTMtMTMuMS0zNC40LTEzLjEtNDcuNCAwem0tOTQgMzIyLjNsLTUzLjQtNTMuNGMtMTIuNS0xMi41LTMzLTEyLjUtNDUuNSAwTDE4NC43IDY2My4yYy0xMi41IDEyLjUtMTIuNSAzMyAwIDQ1LjVsMTA2LjcgMTA2LjdjMTIuNSAxMi41IDMzIDEyLjUgNDUuNSAwTDQ1OCA2OTQuMWMtMjUuNi01Mi45LTIxLTExNi44IDEzLjktMTY1Ljl6Ii8+PC9zdmc+ + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - serviceaccounts + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - infrastructures/status + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - opentelemetry.io + resources: + - instrumentations + - opentelemetrycollectors + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - opentelemetry.io + resources: + - opampbridges + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - opentelemetry.io + resources: + - opampbridges/finalizers + verbs: + - update + - apiGroups: + - opentelemetry.io + resources: + - opampbridges/status + - opentelemetrycollectors/finalizers + - opentelemetrycollectors/status + verbs: + - get + - patch + - update + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: opentelemetry-operator-controller-manager + deployments: + - label: + app.kubernetes.io/name: opentelemetry-operator + control-plane: controller-manager + name: opentelemetry-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: opentelemetry-operator + control-plane: controller-manager + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: opentelemetry-operator + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-addr=127.0.0.1:8080 + - --enable-leader-election + - --zap-log-level=info + - --zap-time-encoding=rfc3339nano + - --enable-nginx-instrumentation=true + env: + - name: SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + image: ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:0.108.0 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 64Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + serviceAccountName: opentelemetry-operator-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: opentelemetry-operator-controller-manager-service-cert + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: opentelemetry-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - opentelemetry + - tracing + - logging + - metrics + - monitoring + - troubleshooting + links: + - name: OpenTelemetry Operator + url: https://github.com/open-telemetry/opentelemetry-operator + maintainers: + - email: jpkroehling@redhat.com + name: Juraci Paixão Kröhling + maturity: alpha + minKubeVersion: 1.23.0 + provider: + name: OpenTelemetry Community + version: 0.108.0 + webhookdefinitions: + - admissionReviewVersions: + - v1alpha1 + - v1beta1 + containerPort: 443 + conversionCRDs: + - opentelemetrycollectors.opentelemetry.io + deploymentName: opentelemetry-operator-controller-manager + generateName: copentelemetrycollectors.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Fail + generateName: minstrumentation.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - instrumentations + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-opentelemetry-io-v1alpha1-instrumentation + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Fail + generateName: mopampbridge.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - opampbridges + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-opentelemetry-io-v1alpha1-opampbridge + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Fail + generateName: mopentelemetrycollectorbeta.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - opentelemetrycollectors + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-opentelemetry-io-v1beta1-opentelemetrycollector + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Ignore + generateName: mpod.kb.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-v1-pod + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Fail + generateName: vinstrumentationcreateupdate.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - instrumentations + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-opentelemetry-io-v1alpha1-instrumentation + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Ignore + generateName: vinstrumentationdelete.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1alpha1 + operations: + - DELETE + resources: + - instrumentations + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-opentelemetry-io-v1alpha1-instrumentation + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Fail + generateName: vopampbridgecreateupdate.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - opampbridges + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-opentelemetry-io-v1alpha1-opampbridge + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Ignore + generateName: vopampbridgedelete.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1alpha1 + operations: + - DELETE + resources: + - opampbridges + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-opentelemetry-io-v1alpha1-opampbridge + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Fail + generateName: vopentelemetrycollectorcreateupdatebeta.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - opentelemetrycollectors + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-opentelemetry-io-v1beta1-opentelemetrycollector + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: opentelemetry-operator-controller-manager + failurePolicy: Ignore + generateName: vopentelemetrycollectordeletebeta.kb.io + rules: + - apiGroups: + - opentelemetry.io + apiVersions: + - v1beta1 + operations: + - DELETE + resources: + - opentelemetrycollectors + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-opentelemetry-io-v1beta1-opentelemetrycollector diff --git a/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_instrumentations.yaml b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_instrumentations.yaml new file mode 100644 index 00000000000..1aa55479f83 --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_instrumentations.yaml @@ -0,0 +1,1089 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + labels: + app.kubernetes.io/name: opentelemetry-operator + name: instrumentations.opentelemetry.io +spec: + group: opentelemetry.io + names: + kind: Instrumentation + listKind: InstrumentationList + plural: instrumentations + shortNames: + - otelinst + - otelinsts + singular: instrumentation + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.exporter.endpoint + name: Endpoint + type: string + - jsonPath: .spec.sampler.type + name: Sampler + type: string + - jsonPath: .spec.sampler.argument + name: Sampler Arg + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + apacheHttpd: + properties: + attrs: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + configPath: + type: string + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + type: string + resourceRequirements: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + version: + type: string + volumeLimitSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + dotnet: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + type: string + resourceRequirements: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + volumeLimitSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + exporter: + properties: + endpoint: + type: string + type: object + go: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + type: string + resourceRequirements: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + volumeLimitSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + java: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + extensions: + items: + properties: + dir: + type: string + image: + type: string + required: + - dir + - image + type: object + type: array + image: + type: string + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + volumeLimitSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + nginx: + properties: + attrs: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + configFile: + type: string + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + type: string + resourceRequirements: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + volumeLimitSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + nodejs: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + type: string + resourceRequirements: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + volumeLimitSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + propagators: + items: + enum: + - tracecontext + - baggage + - b3 + - b3multi + - jaeger + - xray + - ottrace + - none + type: string + type: array + python: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + type: string + resourceRequirements: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + volumeLimitSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resource: + properties: + addK8sUIDAttributes: + type: boolean + resourceAttributes: + additionalProperties: + type: string + type: object + type: object + sampler: + properties: + argument: + type: string + type: + enum: + - always_on + - always_off + - traceidratio + - parentbased_always_on + - parentbased_always_off + - parentbased_traceidratio + - jaeger_remote + - xray + type: string + type: object + type: object + status: + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_opampbridges.yaml b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_opampbridges.yaml new file mode 100644 index 00000000000..306375654e0 --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_opampbridges.yaml @@ -0,0 +1,1764 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: opentelemetry-operator-system/opentelemetry-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + labels: + app.kubernetes.io/name: opentelemetry-operator + name: opampbridges.opentelemetry.io +spec: + group: opentelemetry.io + names: + kind: OpAMPBridge + listKind: OpAMPBridgeList + plural: opampbridges + singular: opampbridge + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: OpenTelemetry Version + jsonPath: .status.version + name: Version + type: string + - jsonPath: .spec.endpoint + name: Endpoint + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + capabilities: + additionalProperties: + type: boolean + type: object + componentsAllowed: + additionalProperties: + items: + type: string + type: array + type: object + endpoint: + type: string + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + headers: + additionalProperties: + type: string + type: object + hostNetwork: + type: boolean + image: + type: string + imagePullPolicy: + type: string + ipFamilies: + items: + type: string + type: array + ipFamilyPolicy: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podDnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + ports: + items: + properties: + appProtocol: + type: string + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-type: atomic + priorityClassName: + type: string + replicas: + format: int32 + maximum: 1 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + upgradeStrategy: + enum: + - automatic + - none + type: string + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-type: atomic + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + required: + - capabilities + - endpoint + type: object + status: + properties: + version: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_opentelemetrycollectors.yaml b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_opentelemetrycollectors.yaml new file mode 100644 index 00000000000..594e0f4aeac --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/manifests/opentelemetry.io_opentelemetrycollectors.yaml @@ -0,0 +1,9236 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: opentelemetry-operator-system/opentelemetry-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + creationTimestamp: null + labels: + app.kubernetes.io/name: opentelemetry-operator + name: opentelemetrycollectors.opentelemetry.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: opentelemetry-operator-webhook-service + namespace: opentelemetry-operator-system + path: /convert + conversionReviewVersions: + - v1alpha1 + - v1beta1 + group: opentelemetry.io + names: + kind: OpenTelemetryCollector + listKind: OpenTelemetryCollectorList + plural: opentelemetrycollectors + shortNames: + - otelcol + - otelcols + singular: opentelemetrycollector + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Deployment Mode + jsonPath: .spec.mode + name: Mode + type: string + - description: OpenTelemetry Version + jsonPath: .status.version + name: Version + type: string + - jsonPath: .status.scale.statusReplicas + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.image + name: Image + type: string + - description: Management State + jsonPath: .spec.managementState + name: Management + type: string + deprecated: true + deprecationWarning: OpenTelemetryCollector v1alpha1 is deprecated. Migrate to + v1beta1. + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + additionalContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + additionalProperties: + type: string + type: object + autoscaler: + properties: + behavior: + properties: + scaleDown: + properties: + policies: + items: + properties: + periodSeconds: + format: int32 + type: integer + type: + type: string + value: + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + type: string + stabilizationWindowSeconds: + format: int32 + type: integer + type: object + scaleUp: + properties: + policies: + items: + properties: + periodSeconds: + format: int32 + type: integer + type: + type: string + value: + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + type: string + stabilizationWindowSeconds: + format: int32 + type: integer + type: object + type: object + maxReplicas: + format: int32 + type: integer + metrics: + items: + properties: + pods: + properties: + metric: + properties: + name: + type: string + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + properties: + averageUtilization: + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + type: string + value: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + type: + type: string + required: + - type + type: object + type: array + minReplicas: + format: int32 + type: integer + targetCPUUtilization: + format: int32 + type: integer + targetMemoryUtilization: + format: int32 + type: integer + type: object + config: + type: string + configmaps: + items: + properties: + mountpath: + type: string + name: + type: string + required: + - mountpath + - name + type: object + type: array + deploymentUpdateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + hostNetwork: + type: boolean + image: + type: string + imagePullPolicy: + type: string + ingress: + properties: + annotations: + additionalProperties: + type: string + type: object + hostname: + type: string + ingressClassName: + type: string + route: + properties: + termination: + enum: + - insecure + - edge + - passthrough + - reencrypt + type: string + type: object + ruleType: + enum: + - path + - subdomain + type: string + tls: + items: + properties: + hosts: + items: + type: string + type: array + x-kubernetes-list-type: atomic + secretName: + type: string + type: object + type: array + type: + enum: + - ingress + - route + type: string + type: object + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + failureThreshold: + format: int32 + type: integer + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + managementState: + default: managed + enum: + - managed + - unmanaged + type: string + maxReplicas: + format: int32 + type: integer + minReplicas: + format: int32 + type: integer + mode: + enum: + - daemonset + - deployment + - sidecar + - statefulset + type: string + nodeSelector: + additionalProperties: + type: string + type: object + observability: + properties: + metrics: + properties: + DisablePrometheusAnnotations: + type: boolean + enableMetrics: + type: boolean + type: object + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + ports: + items: + properties: + appProtocol: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-type: atomic + priorityClassName: + type: string + replicas: + format: int32 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + shareProcessNamespace: + type: boolean + targetAllocator: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + allocationStrategy: + default: consistent-hashing + enum: + - least-weighted + - consistent-hashing + - per-node + type: string + enabled: + type: boolean + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + filterStrategy: + default: relabel-config + type: string + image: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + observability: + properties: + metrics: + properties: + DisablePrometheusAnnotations: + type: boolean + enableMetrics: + type: boolean + type: object + type: object + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + prometheusCR: + properties: + enabled: + type: boolean + podMonitorSelector: + additionalProperties: + type: string + type: object + scrapeInterval: + default: 30s + format: duration + type: string + serviceMonitorSelector: + additionalProperties: + type: string + type: object + type: object + replicas: + format: int32 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + upgradeStrategy: + enum: + - automatic + - none + type: string + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + type: string + modifyVolumeStatus: + properties: + status: + type: string + targetVolumeAttributesClassName: + type: string + required: + - status + type: object + phase: + type: string + type: object + type: object + type: array + x-kubernetes-list-type: atomic + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-type: atomic + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + required: + - config + - managementState + type: object + status: + properties: + image: + type: string + messages: + items: + type: string + type: array + x-kubernetes-list-type: atomic + replicas: + format: int32 + type: integer + scale: + properties: + replicas: + format: int32 + type: integer + selector: + type: string + statusReplicas: + type: string + type: object + version: + type: string + type: object + type: object + served: true + storage: false + subresources: + scale: + labelSelectorPath: .status.scale.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.scale.replicas + status: {} + - additionalPrinterColumns: + - description: Deployment Mode + jsonPath: .spec.mode + name: Mode + type: string + - description: OpenTelemetry Version + jsonPath: .status.version + name: Version + type: string + - jsonPath: .status.scale.statusReplicas + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.image + name: Image + type: string + - description: Management State + jsonPath: .spec.managementState + name: Management + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + additionalContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + args: + additionalProperties: + type: string + type: object + autoscaler: + properties: + behavior: + properties: + scaleDown: + properties: + policies: + items: + properties: + periodSeconds: + format: int32 + type: integer + type: + type: string + value: + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + type: string + stabilizationWindowSeconds: + format: int32 + type: integer + type: object + scaleUp: + properties: + policies: + items: + properties: + periodSeconds: + format: int32 + type: integer + type: + type: string + value: + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + type: string + stabilizationWindowSeconds: + format: int32 + type: integer + type: object + type: object + maxReplicas: + format: int32 + type: integer + metrics: + items: + properties: + pods: + properties: + metric: + properties: + name: + type: string + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + properties: + averageUtilization: + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + type: string + value: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + type: + type: string + required: + - type + type: object + type: array + minReplicas: + format: int32 + type: integer + targetCPUUtilization: + format: int32 + type: integer + targetMemoryUtilization: + format: int32 + type: integer + type: object + config: + properties: + connectors: + type: object + x-kubernetes-preserve-unknown-fields: true + exporters: + type: object + x-kubernetes-preserve-unknown-fields: true + extensions: + type: object + x-kubernetes-preserve-unknown-fields: true + processors: + type: object + x-kubernetes-preserve-unknown-fields: true + receivers: + type: object + x-kubernetes-preserve-unknown-fields: true + service: + properties: + extensions: + items: + type: string + type: array + pipelines: + additionalProperties: + properties: + exporters: + items: + type: string + type: array + processors: + items: + type: string + type: array + receivers: + items: + type: string + type: array + required: + - exporters + - receivers + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + telemetry: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - pipelines + type: object + required: + - exporters + - receivers + - service + type: object + x-kubernetes-preserve-unknown-fields: true + configVersions: + default: 3 + minimum: 1 + type: integer + configmaps: + items: + properties: + mountpath: + type: string + name: + type: string + required: + - mountpath + - name + type: object + type: array + daemonSetUpdateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + deploymentUpdateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + hostNetwork: + type: boolean + image: + type: string + imagePullPolicy: + type: string + ingress: + properties: + annotations: + additionalProperties: + type: string + type: object + hostname: + type: string + ingressClassName: + type: string + route: + properties: + termination: + enum: + - insecure + - edge + - passthrough + - reencrypt + type: string + type: object + ruleType: + enum: + - path + - subdomain + type: string + tls: + items: + properties: + hosts: + items: + type: string + type: array + x-kubernetes-list-type: atomic + secretName: + type: string + type: object + type: array + type: + enum: + - ingress + - route + type: string + type: object + initContainers: + items: + properties: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resizePolicy: + items: + properties: + resourceName: + type: string + restartPolicy: + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + restartPolicy: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - devicePath + x-kubernetes-list-type: map + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - mountPath + x-kubernetes-list-type: map + workingDir: + type: string + required: + - name + type: object + type: array + ipFamilies: + items: + type: string + type: array + ipFamilyPolicy: + default: SingleStack + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + sleep: + properties: + seconds: + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + failureThreshold: + format: int32 + type: integer + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + managementState: + default: managed + enum: + - managed + - unmanaged + type: string + mode: + enum: + - daemonset + - deployment + - sidecar + - statefulset + type: string + nodeSelector: + additionalProperties: + type: string + type: object + observability: + properties: + metrics: + properties: + disablePrometheusAnnotations: + type: boolean + enableMetrics: + type: boolean + type: object + type: object + podAnnotations: + additionalProperties: + type: string + type: object + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + podDnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + ports: + items: + properties: + appProtocol: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + nodePort: + format: int32 + type: integer + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + x-kubernetes-list-type: atomic + priorityClassName: + type: string + readinessProbe: + properties: + failureThreshold: + format: int32 + type: integer + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + replicas: + format: int32 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + shareProcessNamespace: + type: boolean + targetAllocator: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + allocationStrategy: + default: consistent-hashing + enum: + - least-weighted + - consistent-hashing + - per-node + type: string + enabled: + type: boolean + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + filterStrategy: + default: relabel-config + enum: + - "" + - relabel-config + type: string + image: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + observability: + properties: + metrics: + properties: + disablePrometheusAnnotations: + type: boolean + enableMetrics: + type: boolean + type: object + type: object + podDisruptionBudget: + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + minAvailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + podSecurityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + prometheusCR: + properties: + enabled: + type: boolean + podMonitorSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + scrapeInterval: + default: 30s + format: duration + type: string + serviceMonitorSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + replicas: + format: int32 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + upgradeStrategy: + enum: + - automatic + - none + type: string + volumeClaimTemplates: + items: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + status: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + allocatedResourceStatuses: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentVolumeAttributesClassName: + type: string + modifyVolumeStatus: + properties: + status: + type: string + targetVolumeAttributesClassName: + type: string + required: + - status + type: object + phase: + type: string + type: object + type: object + type: array + x-kubernetes-list-type: atomic + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-type: atomic + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-type: atomic + required: + - config + - managementState + type: object + status: + properties: + image: + type: string + scale: + properties: + replicas: + format: int32 + type: integer + selector: + type: string + statusReplicas: + type: string + type: object + version: + type: string + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.scale.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.scale.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/opentelemetry-operator/0.108.0/metadata/annotations.yaml b/operators/opentelemetry-operator/0.108.0/metadata/annotations.yaml new file mode 100644 index 00000000000..1240fd5537b --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/metadata/annotations.yaml @@ -0,0 +1,16 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: opentelemetry-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.29.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + com.redhat.openshift.versions: v4.12 diff --git a/operators/opentelemetry-operator/0.108.0/tests/scorecard/config.yaml b/operators/opentelemetry-operator/0.108.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..efe0cbadca7 --- /dev/null +++ b/operators/opentelemetry-operator/0.108.0/tests/scorecard/config.yaml @@ -0,0 +1,50 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.27.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/oracle-database-operator/ci.yaml b/operators/oracle-database-operator/ci.yaml new file mode 100644 index 00000000000..bba3da7cc7f --- /dev/null +++ b/operators/oracle-database-operator/ci.yaml @@ -0,0 +1,3 @@ +--- +# Use `replaces-mode` or `semver-mode`. Once you switch to `semver-mode`, there is no easy way back. +updateGraph: replaces-mode diff --git a/operators/oracle-database-operator/v1.1.0/manifests/apex-secret_v1_secret.yaml b/operators/oracle-database-operator/v1.1.0/manifests/apex-secret_v1_secret.yaml new file mode 100644 index 00000000000..a94d05e0250 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/apex-secret_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: apex-secret +stringData: + oracle_pwd: null +type: Opaque diff --git a/operators/oracle-database-operator/v1.1.0/manifests/cdb1-secret_v1_secret.yaml b/operators/oracle-database-operator/v1.1.0/manifests/cdb1-secret_v1_secret.yaml new file mode 100644 index 00000000000..678e03306f8 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/cdb1-secret_v1_secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + cdbadmin_pwd: '[base64 encode value]' + cdbadmin_user: '[base64 encode value]' + ords_pwd: '[base64 encode value]' + sysadmin_pwd: '[base64 encode value]' + webserver_pwd: '[base64 encode values]' + webserver_user: '[base64 encode values]' +kind: Secret +metadata: + name: cdb1-secret +type: Opaque diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomouscontainerdatabases.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomouscontainerdatabases.yaml new file mode 100644 index 00000000000..fb0fce5974e --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomouscontainerdatabases.yaml @@ -0,0 +1,115 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: autonomouscontainerdatabases.database.oracle.com +spec: + group: database.oracle.com + names: + kind: AutonomousContainerDatabase + listKind: AutonomousContainerDatabaseList + plural: autonomouscontainerdatabases + shortNames: + - acd + - acds + singular: autonomouscontainerdatabase + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.displayName + name: DisplayName + type: string + - jsonPath: .status.lifecycleState + name: State + type: string + - jsonPath: .status.timeCreated + name: Created + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: AutonomousContainerDatabase is the Schema for the autonomouscontainerdatabases + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AutonomousContainerDatabaseSpec defines the desired state + of AutonomousContainerDatabase + properties: + action: + enum: + - SYNC + - RESTART + - TERMINATE + type: string + autonomousContainerDatabaseOCID: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + autonomousExadataVMClusterOCID: + type: string + compartmentOCID: + type: string + displayName: + type: string + freeformTags: + additionalProperties: + type: string + type: object + hardLink: + default: false + type: boolean + ociConfig: + description: "*********************** *\tOCI config ***********************" + properties: + configMapName: + type: string + secretName: + type: string + type: object + patchModel: + description: 'AutonomousContainerDatabasePatchModelEnum Enum with + underlying type: string' + enum: + - RELEASE_UPDATES + - RELEASE_UPDATE_REVISIONS + type: string + type: object + status: + description: AutonomousContainerDatabaseStatus defines the observed state + of AutonomousContainerDatabase + properties: + lifecycleState: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + timeCreated: + type: string + required: + - lifecycleState + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabasebackups.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabasebackups.yaml new file mode 100644 index 00000000000..e6b0e294e00 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabasebackups.yaml @@ -0,0 +1,136 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: autonomousdatabasebackups.database.oracle.com +spec: + group: database.oracle.com + names: + kind: AutonomousDatabaseBackup + listKind: AutonomousDatabaseBackupList + plural: autonomousdatabasebackups + shortNames: + - adbbu + - adbbus + singular: autonomousdatabasebackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.lifecycleState + name: State + type: string + - jsonPath: .status.dbDisplayName + name: DB DisplayName + type: string + - jsonPath: .status.type + name: Type + type: string + - jsonPath: .status.timeStarted + name: Started + type: string + - jsonPath: .status.timeEnded + name: Ended + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: AutonomousDatabaseBackup is the Schema for the autonomousdatabasebackups + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AutonomousDatabaseBackupSpec defines the desired state of + AutonomousDatabaseBackup + properties: + autonomousDatabaseBackupOCID: + type: string + displayName: + type: string + isLongTermBackup: + type: boolean + ociConfig: + description: "*********************** *\tOCI config ***********************" + properties: + configMapName: + type: string + secretName: + type: string + type: object + retentionPeriodInDays: + type: integer + target: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + k8sADB: + description: "*********************** *\tADB spec ***********************" + properties: + name: + type: string + type: object + ociADB: + properties: + ocid: + type: string + type: object + type: object + type: object + status: + description: AutonomousDatabaseBackupStatus defines the observed state + of AutonomousDatabaseBackup + properties: + autonomousDatabaseOCID: + type: string + compartmentOCID: + type: string + dbDisplayName: + type: string + dbName: + type: string + isAutomatic: + type: boolean + lifecycleState: + description: 'AutonomousDatabaseBackupLifecycleStateEnum Enum with + underlying type: string' + type: string + timeEnded: + type: string + timeStarted: + type: string + type: + description: 'AutonomousDatabaseBackupTypeEnum Enum with underlying + type: string' + type: string + required: + - autonomousDatabaseOCID + - compartmentOCID + - dbDisplayName + - dbName + - isAutomatic + - lifecycleState + - type + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabaserestores.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabaserestores.yaml new file mode 100644 index 00000000000..55abdc90f6e --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabaserestores.yaml @@ -0,0 +1,136 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: autonomousdatabaserestores.database.oracle.com +spec: + group: database.oracle.com + names: + kind: AutonomousDatabaseRestore + listKind: AutonomousDatabaseRestoreList + plural: autonomousdatabaserestores + shortNames: + - adbr + - adbrs + singular: autonomousdatabaserestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .status.displayName + name: DbDisplayName + type: string + - jsonPath: .status.dbName + name: DbName + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: AutonomousDatabaseRestore is the Schema for the autonomousdatabaserestores + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AutonomousDatabaseRestoreSpec defines the desired state of + AutonomousDatabaseRestore + properties: + ociConfig: + description: "*********************** *\tOCI config ***********************" + properties: + configMapName: + type: string + secretName: + type: string + type: object + source: + properties: + k8sADBBackup: + description: 'EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO + OWN! NOTE: json tags are required. Any new fields you add must + have json tags for the fields to be serialized.' + properties: + name: + type: string + type: object + pointInTime: + properties: + timestamp: + description: 'The timestamp must follow this format: YYYY-MM-DD + HH:MM:SS GMT' + type: string + type: object + type: object + target: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + k8sADB: + description: "*********************** *\tADB spec ***********************" + properties: + name: + type: string + type: object + ociADB: + properties: + ocid: + type: string + type: object + type: object + required: + - source + - target + type: object + status: + description: AutonomousDatabaseRestoreStatus defines the observed state + of AutonomousDatabaseRestore + properties: + dbName: + type: string + displayName: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + status: + description: 'WorkRequestStatusEnum Enum with underlying type: string' + type: string + timeAccepted: + type: string + timeEnded: + type: string + timeStarted: + type: string + workRequestOCID: + type: string + required: + - dbName + - displayName + - status + - workRequestOCID + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabases.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabases.yaml new file mode 100644 index 00000000000..c32617687cd --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_autonomousdatabases.yaml @@ -0,0 +1,322 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: autonomousdatabases.database.oracle.com +spec: + group: database.oracle.com + names: + kind: AutonomousDatabase + listKind: AutonomousDatabaseList + plural: autonomousdatabases + shortNames: + - adb + - adbs + singular: autonomousdatabase + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.details.displayName + name: Display Name + type: string + - jsonPath: .spec.details.dbName + name: Db Name + type: string + - jsonPath: .status.lifecycleState + name: State + type: string + - jsonPath: .spec.details.isDedicated + name: Dedicated + type: string + - jsonPath: .spec.details.cpuCoreCount + name: OCPUs + type: integer + - jsonPath: .spec.details.dataStorageSizeInTBs + name: Storage (TB) + type: integer + - jsonPath: .spec.details.dbWorkload + name: Workload Type + type: string + - jsonPath: .status.timeCreated + name: Created + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: AutonomousDatabase is the Schema for the autonomousdatabases + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'AutonomousDatabaseSpec defines the desired state of AutonomousDatabase + Important: Run "make" to regenerate code after modifying this file' + properties: + details: + description: AutonomousDatabaseDetails defines the detail information + of AutonomousDatabase, corresponding to oci-go-sdk/database/AutonomousDatabase + properties: + adminPassword: + properties: + k8sSecret: + description: "*********************** *\tSecret specs ***********************" + properties: + name: + type: string + type: object + ociSecret: + properties: + ocid: + type: string + type: object + type: object + autonomousContainerDatabase: + description: ACDSpec defines the spec of the target for backup/restore + runs. The name could be the name of an AutonomousDatabase or + an AutonomousDatabaseBackup + properties: + k8sACD: + description: "*********************** *\tACD specs ***********************" + properties: + name: + type: string + type: object + ociACD: + properties: + ocid: + type: string + type: object + type: object + autonomousDatabaseOCID: + type: string + compartmentOCID: + type: string + cpuCoreCount: + type: integer + dataStorageSizeInTBs: + type: integer + dbName: + type: string + dbVersion: + type: string + dbWorkload: + description: 'AutonomousDatabaseDbWorkloadEnum Enum with underlying + type: string' + enum: + - OLTP + - DW + - AJD + - APEX + type: string + displayName: + type: string + freeformTags: + additionalProperties: + type: string + type: object + isAutoScalingEnabled: + type: boolean + isDedicated: + type: boolean + licenseModel: + description: 'AutonomousDatabaseLicenseModelEnum Enum with underlying + type: string' + enum: + - LICENSE_INCLUDED + - BRING_YOUR_OWN_LICENSE + type: string + lifecycleState: + description: 'AutonomousDatabaseLifecycleStateEnum Enum with underlying + type: string' + type: string + networkAccess: + properties: + accessControlList: + items: + type: string + type: array + accessType: + enum: + - "" + - PUBLIC + - RESTRICTED + - PRIVATE + type: string + isAccessControlEnabled: + type: boolean + isMTLSConnectionRequired: + type: boolean + privateEndpoint: + properties: + hostnamePrefix: + type: string + nsgOCIDs: + items: + type: string + type: array + subnetOCID: + type: string + type: object + type: object + wallet: + properties: + name: + type: string + password: + properties: + k8sSecret: + description: "*********************** *\tSecret specs + ***********************" + properties: + name: + type: string + type: object + ociSecret: + properties: + ocid: + type: string + type: object + type: object + type: object + type: object + hardLink: + default: false + type: boolean + ociConfig: + description: "*********************** *\tOCI config ***********************" + properties: + configMapName: + type: string + secretName: + type: string + type: object + required: + - details + type: object + status: + description: AutonomousDatabaseStatus defines the observed state of AutonomousDatabase + properties: + allConnectionStrings: + items: + properties: + connectionStrings: + items: + properties: + connectionString: + type: string + tnsName: + type: string + type: object + type: array + tlsAuthentication: + type: string + required: + - connectionStrings + type: object + type: array + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n \ttype FooStatus struct{ \t // Represents the observations + of a foo's current state. \t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\" \t // + +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map + \t // +listMapKey=type \t Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields + \t}" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lifecycleState: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + timeCreated: + type: string + walletExpiringDate: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_cdbs.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_cdbs.yaml new file mode 100644 index 00000000000..753c1f9c81a --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_cdbs.yaml @@ -0,0 +1,269 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: oracle-database-operator-system/oracle-database-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: cdbs.database.oracle.com +spec: + group: database.oracle.com + names: + kind: CDB + listKind: CDBList + plural: cdbs + singular: cdb + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Name of the CDB + jsonPath: .spec.cdbName + name: CDB Name + type: string + - description: ' Name of the DB Server' + jsonPath: .spec.dbServer + name: DB Server + type: string + - description: DB server port + jsonPath: .spec.dbPort + name: DB Port + type: integer + - description: ' string of the tnsalias' + jsonPath: .spec.dbTnsurl + name: TNS STRING + type: string + - description: Replicas + jsonPath: .spec.replicas + name: Replicas + type: integer + - description: Status of the CDB Resource + jsonPath: .status.phase + name: Status + type: string + - description: Error message, if any + jsonPath: .status.msg + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: CDB is the Schema for the cdbs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CDBSpec defines the desired state of CDB + properties: + cdbAdminPwd: + description: Password for the CDB Administrator to manage PDB lifecycle + properties: + secret: + description: CDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + cdbAdminUser: + description: User in the root container with sysdba priviledges to + manage PDB lifecycle + properties: + secret: + description: CDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + cdbName: + description: Name of the CDB + type: string + cdbTlsCrt: + properties: + secret: + description: CDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + cdbTlsKey: + properties: + secret: + description: CDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + dbPort: + description: DB server port + type: integer + dbServer: + description: Name of the DB server + type: string + dbTnsurl: + type: string + nodeSelector: + additionalProperties: + type: string + description: Node Selector for running the Pod + type: object + ordsImage: + description: ORDS Image Name + type: string + ordsImagePullPolicy: + description: ORDS Image Pull Policy + enum: + - Always + - Never + type: string + ordsImagePullSecret: + description: The name of the image pull secret in case of a private + docker repository. + type: string + ordsPort: + description: ORDS server port. For now, keep it as 8888. TO BE USED + IN FUTURE RELEASE. + type: integer + ordsPwd: + description: Password for user ORDS_PUBLIC_USER + properties: + secret: + description: CDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + replicas: + description: Number of ORDS Containers to create + type: integer + serviceName: + description: Name of the CDB Service + type: string + sysAdminPwd: + description: Password for the CDB System Administrator + properties: + secret: + description: CDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + webServerPwd: + description: Password for the Web Server User + properties: + secret: + description: CDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + webServerUser: + description: Web Server User with SQL Administrator role to allow + us to authenticate to the PDB Lifecycle Management REST endpoints + properties: + secret: + description: CDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + type: object + status: + description: CDBStatus defines the observed state of CDB + properties: + msg: + description: Message + type: string + phase: + description: Phase of the CDB Resource + type: string + status: + description: CDB Resource Status + type: boolean + required: + - phase + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_dataguardbrokers.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_dataguardbrokers.yaml new file mode 100644 index 00000000000..7c6dfc383ca --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_dataguardbrokers.yaml @@ -0,0 +1,132 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: dataguardbrokers.database.oracle.com +spec: + group: database.oracle.com + names: + kind: DataguardBroker + listKind: DataguardBrokerList + plural: dataguardbrokers + singular: dataguardbroker + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.primaryDatabase + name: Primary + type: string + - jsonPath: .status.standbyDatabases + name: Standbys + type: string + - jsonPath: .spec.protectionMode + name: Protection Mode + type: string + - jsonPath: .status.clusterConnectString + name: Cluster Connect Str + priority: 1 + type: string + - jsonPath: .status.externalConnectString + name: Connect Str + type: string + - jsonPath: .spec.primaryDatabaseRef + name: Primary Database + priority: 1 + type: string + - jsonPath: .status.status + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DataguardBroker is the Schema for the dataguardbrokers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DataguardBrokerSpec defines the desired state of DataguardBroker + properties: + fastStartFailOver: + properties: + enable: + type: boolean + strategy: + items: + description: FSFO strategy + properties: + sourceDatabaseRef: + type: string + targetDatabaseRefs: + type: string + type: object + type: array + type: object + loadBalancer: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + primaryDatabaseRef: + type: string + protectionMode: + enum: + - MaxPerformance + - MaxAvailability + type: string + serviceAnnotations: + additionalProperties: + type: string + type: object + setAsPrimaryDatabase: + type: string + standbyDatabaseRefs: + items: + type: string + type: array + required: + - primaryDatabaseRef + - protectionMode + - standbyDatabaseRefs + type: object + status: + description: DataguardBrokerStatus defines the observed state of DataguardBroker + properties: + clusterConnectString: + type: string + externalConnectString: + type: string + primaryDatabase: + type: string + primaryDatabaseRef: + type: string + protectionMode: + type: string + standbyDatabases: + type: string + status: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_dbcssystems.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_dbcssystems.yaml new file mode 100644 index 00000000000..96bec93d175 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_dbcssystems.yaml @@ -0,0 +1,238 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: dbcssystems.database.oracle.com +spec: + group: database.oracle.com + names: + kind: DbcsSystem + listKind: DbcsSystemList + plural: dbcssystems + singular: dbcssystem + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DbcsSystem is the Schema for the dbcssystems API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DbcsSystemSpec defines the desired state of DbcsSystem + properties: + dbSystem: + properties: + availabilityDomain: + type: string + backupSubnetId: + type: string + clusterName: + type: string + compartmentId: + type: string + cpuCoreCount: + type: integer + dbAdminPaswordSecret: + type: string + dbBackupConfig: + description: DB Backup COnfig Network Struct + properties: + autoBackupEnabled: + type: boolean + autoBackupWindow: + type: string + backupDestinationDetails: + type: string + recoveryWindowsInDays: + type: integer + type: object + dbDomain: + type: string + dbEdition: + type: string + dbName: + type: string + dbUniqueName: + type: string + dbVersion: + type: string + dbWorkload: + type: string + diskRedundancy: + type: string + displayName: + type: string + domain: + type: string + faultDomains: + items: + type: string + type: array + hostName: + type: string + initialDataStorageSizeInGB: + type: integer + kmsKeyId: + type: string + kmsKeyVersionId: + type: string + licenseModel: + type: string + nodeCount: + type: integer + pdbName: + type: string + privateIp: + type: string + shape: + type: string + sshPublicKeys: + items: + type: string + type: array + storageManagement: + type: string + subnetId: + type: string + tags: + additionalProperties: + type: string + type: object + tdeWalletPasswordSecret: + type: string + timeZone: + type: string + required: + - availabilityDomain + - compartmentId + - dbAdminPaswordSecret + - hostName + - shape + - sshPublicKeys + - subnetId + type: object + hardLink: + type: boolean + id: + type: string + ociConfigMap: + type: string + ociSecret: + type: string + required: + - ociConfigMap + type: object + status: + description: DbcsSystemStatus defines the observed state of DbcsSystem + properties: + availabilityDomain: + type: string + cpuCoreCount: + type: integer + dataStoragePercentage: + type: integer + dataStorageSizeInGBs: + type: integer + dbEdition: + type: string + dbInfo: + items: + description: DbcsSystemStatus defines the observed state of DbcsSystem + properties: + dbHomeId: + type: string + dbName: + type: string + dbUniqueName: + type: string + dbWorkload: + type: string + id: + type: string + type: object + type: array + displayName: + type: string + id: + type: string + licenseModel: + type: string + network: + properties: + clientSubnet: + type: string + domainName: + type: string + hostName: + type: string + listenerPort: + type: integer + networkSG: + type: string + scanDnsName: + type: string + vcnName: + type: string + type: object + nodeCount: + type: integer + recoStorageSizeInGB: + type: integer + shape: + type: string + state: + type: string + storageManagement: + type: string + subnetId: + type: string + timeZone: + type: string + workRequests: + items: + properties: + operationId: + type: string + operationType: + type: string + percentComplete: + type: string + timeAccepted: + type: string + timeFinished: + type: string + timeStarted: + type: string + required: + - operationId + - operationType + type: object + type: array + required: + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_oraclerestdataservices.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_oraclerestdataservices.yaml new file mode 100644 index 00000000000..289c6998974 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_oraclerestdataservices.yaml @@ -0,0 +1,222 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: oraclerestdataservices.database.oracle.com +spec: + group: database.oracle.com + names: + kind: OracleRestDataService + listKind: OracleRestDataServiceList + plural: oraclerestdataservices + singular: oraclerestdataservice + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .spec.databaseRef + name: Database + type: string + - jsonPath: .status.databaseApiUrl + name: Database API URL + type: string + - jsonPath: .status.databaseActionsUrl + name: Database Actions URL + type: string + - jsonPath: .status.apexUrl + name: Apex URL + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: OracleRestDataService is the Schema for the oraclerestdataservices + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OracleRestDataServiceSpec defines the desired state of OracleRestDataService + properties: + adminPassword: + description: OracleRestDataServicePassword defines the secret containing + Password mapped to secretKey + properties: + keepSecret: + type: boolean + secretKey: + default: oracle_pwd + type: string + secretName: + type: string + required: + - secretName + type: object + apexPassword: + description: OracleRestDataServicePassword defines the secret containing + Password mapped to secretKey + properties: + keepSecret: + type: boolean + secretKey: + default: oracle_pwd + type: string + secretName: + type: string + required: + - secretName + type: object + databaseRef: + type: string + image: + description: OracleRestDataServiceImage defines the Image source and + pullSecrets for POD + properties: + pullFrom: + type: string + pullSecrets: + type: string + version: + type: string + required: + - pullFrom + type: object + loadBalancer: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + oracleService: + type: string + ordsPassword: + description: OracleRestDataServicePassword defines the secret containing + Password mapped to secretKey + properties: + keepSecret: + type: boolean + secretKey: + default: oracle_pwd + type: string + secretName: + type: string + required: + - secretName + type: object + ordsUser: + type: string + persistence: + description: OracleRestDataServicePersistence defines the storage + releated params + properties: + accessMode: + enum: + - ReadWriteOnce + - ReadWriteMany + type: string + size: + type: string + storageClass: + type: string + volumeName: + type: string + type: object + replicas: + minimum: 1 + type: integer + restEnableSchemas: + items: + description: OracleRestDataServicePDBSchemas defines the PDB Schemas + to be ORDS Enabled + properties: + enable: + type: boolean + pdbName: + type: string + schemaName: + type: string + urlMapping: + type: string + required: + - enable + - schemaName + type: object + type: array + serviceAccountName: + type: string + serviceAnnotations: + additionalProperties: + type: string + type: object + required: + - adminPassword + - databaseRef + - ordsPassword + type: object + status: + description: OracleRestDataServiceStatus defines the observed state of + OracleRestDataService + properties: + apexConfigured: + type: boolean + apexUrl: + type: string + commonUsersCreated: + type: boolean + databaseActionsUrl: + type: string + databaseApiUrl: + type: string + databaseRef: + type: string + image: + description: OracleRestDataServiceImage defines the Image source and + pullSecrets for POD + properties: + pullFrom: + type: string + pullSecrets: + type: string + version: + type: string + required: + - pullFrom + type: object + loadBalancer: + type: string + ordsInstalled: + type: boolean + replicas: + type: integer + serviceIP: + type: string + status: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_pdbs.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_pdbs.yaml new file mode 100644 index 00000000000..86d95a8fabe --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_pdbs.yaml @@ -0,0 +1,382 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: oracle-database-operator-system/oracle-database-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: pdbs.database.oracle.com +spec: + group: database.oracle.com + names: + kind: PDB + listKind: PDBList + plural: pdbs + singular: pdb + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The connect string to be used + jsonPath: .status.connString + name: Connect_String + type: string + - description: Name of the CDB + jsonPath: .spec.cdbName + name: CDB Name + type: string + - description: Name of the PDB + jsonPath: .spec.pdbName + name: PDB Name + type: string + - description: PDB Open Mode + jsonPath: .status.openMode + name: PDB State + type: string + - description: Total Size of the PDB + jsonPath: .status.totalSize + name: PDB Size + type: string + - description: Status of the PDB Resource + jsonPath: .status.phase + name: Status + type: string + - description: Error message, if any + jsonPath: .status.msg + name: Message + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PDB is the Schema for the pdbs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PDBSpec defines the desired state of PDB + properties: + action: + description: 'Action to be taken: Create/Clone/Plug/Unplug/Delete/Modify/Status/Map. + Map is used to map a Databse PDB to a Kubernetes PDB CR.' + enum: + - Create + - Clone + - Plug + - Unplug + - Delete + - Modify + - Status + - Map + type: string + adminName: + description: The administrator username for the new PDB. This property + is required when the Action property is Create. + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + adminPwd: + description: The administrator password for the new PDB. This property + is required when the Action property is Create. + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + asClone: + description: Indicate if 'AS CLONE' option should be used in the command + to plug in a PDB. This property is applicable when the Action property + is PLUG but not required. + type: boolean + assertivePdbDeletion: + description: turn on the assertive approach to delete pdb resource + kubectl delete pdb ..... automatically triggers the pluggable database + deletion + type: boolean + cdbName: + description: Name of the CDB + type: string + cdbNamespace: + description: CDB Namespace + type: string + cdbResName: + description: Name of the CDB Custom Resource that runs the ORDS container + type: string + copyAction: + description: To copy files or not while cloning a PDB + enum: + - COPY + - NOCOPY + - MOVE + type: string + dropAction: + description: Specify if datafiles should be removed or not. The value + can be INCLUDING or KEEP (default). + enum: + - INCLUDING + - KEEP + type: string + fileNameConversions: + description: Relevant for Create and Plug operations. As defined in + the Oracle Multitenant Database documentation. Values can be a + filename convert pattern or NONE. + type: string + getScript: + description: Whether you need the script only or execute the script + type: boolean + modifyOption: + description: Extra options for opening and closing a PDB + enum: + - IMMEDIATE + - NORMAL + - READ ONLY + - READ WRITE + - RESTRICTED + type: string + pdbName: + description: The name of the new PDB. Relevant for both Create and + Plug Actions. + type: string + pdbState: + description: The target state of the PDB + enum: + - OPEN + - CLOSE + type: string + pdbTlsCat: + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + pdbTlsCrt: + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + pdbTlsKey: + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + reuseTempFile: + description: Whether to reuse temp file + type: boolean + sourceFileNameConversions: + description: This property is required when the Action property is + Plug. As defined in the Oracle Multitenant Database documentation. + Values can be a source filename convert pattern or NONE. + type: string + sparseClonePath: + description: A Path specified for sparse clone snapshot copy. (Optional) + type: string + srcPdbName: + description: Name of the Source PDB from which to clone + type: string + tdeExport: + description: TDE export for unplug operations + type: boolean + tdeImport: + description: TDE import for plug operations + type: boolean + tdeKeystorePath: + description: TDE keystore path is required if the tdeImport or tdeExport + flag is set to true. Can be used in plug or unplug operations. + type: string + tdePassword: + description: TDE password if the tdeImport or tdeExport flag is set + to true. Can be used in create, plug or unplug operations + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + tdeSecret: + description: TDE secret is required if the tdeImport or tdeExport + flag is set to true. Can be used in plug or unplug operations. + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + tempSize: + description: Relevant for Create and Clone operations. Total size + for temporary tablespace as defined in the Oracle Multitenant Database + documentation. See size_clause description in Database SQL Language + Reference documentation. + type: string + totalSize: + description: Relevant for create and plug operations. Total size as + defined in the Oracle Multitenant Database documentation. See size_clause + description in Database SQL Language Reference documentation. + type: string + unlimitedStorage: + description: Relevant for Create and Plug operations. True for unlimited + storage. Even when set to true, totalSize and tempSize MUST be specified + in the request if Action is Create. + type: boolean + webServerPwd: + description: Password for the Web ServerPDB User + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + webServerUser: + description: Web Server User with SQL Administrator role to allow + us to authenticate to the PDB Lifecycle Management REST endpoints + properties: + secret: + description: PDBSecret defines the secretName + properties: + key: + type: string + secretName: + type: string + required: + - key + - secretName + type: object + required: + - secret + type: object + xmlFileName: + description: XML metadata filename to be used for Plug or Unplug operations + type: string + required: + - action + type: object + status: + description: PDBStatus defines the observed state of PDB + properties: + action: + description: Last Completed Action + type: string + connString: + description: PDB Connect String + type: string + modifyOption: + description: Modify Option of the PDB + type: string + msg: + description: Message + type: string + openMode: + description: Open mode of the PDB + type: string + phase: + description: Phase of the PDB Resource + type: string + status: + description: PDB Resource Status + type: boolean + totalSize: + description: Total size of the PDB + type: string + required: + - phase + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_shardingdatabases.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_shardingdatabases.yaml new file mode 100644 index 00000000000..946bcde0df1 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_shardingdatabases.yaml @@ -0,0 +1,686 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: shardingdatabases.database.oracle.com +spec: + group: database.oracle.com + names: + kind: ShardingDatabase + listKind: ShardingDatabaseList + plural: shardingdatabases + singular: shardingdatabase + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.gsm.state + name: Gsm State + type: string + - jsonPath: .status.gsm.services + name: Services + type: string + - jsonPath: .status.gsm.shards + name: shards + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ShardingDatabase is the Schema for the shardingdatabases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ShardingDatabaseSpec defines the desired state of ShardingDatabase + properties: + InvitedNodeSubnet: + type: string + catalog: + items: + description: CatalogSpec defines the desired state of CatalogSpec + properties: + envVars: + items: + description: EnvironmentVariable represents a named variable + accessible for containers. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + isDelete: + type: string + label: + type: string + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + pvAnnotations: + additionalProperties: + type: string + type: object + pvMatchLabels: + additionalProperties: + type: string + type: object + pvcName: + type: string + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + storageSizeInGb: + format: int32 + type: integer + required: + - name + type: object + type: array + dbEdition: + type: string + dbImage: + type: string + dbImagePullSecret: + type: string + dbSecret: + description: Secret Details + properties: + encryptionType: + type: string + keyFileMountLocation: + type: string + keyFileName: + type: string + keySecretName: + type: string + name: + type: string + nsConfigMap: + type: string + nsSecret: + type: string + pwdFileMountLocation: + type: string + pwdFileName: + type: string + required: + - name + - pwdFileName + type: object + fssStorageClass: + type: string + gsm: + items: + description: GsmSpec defines the desired state of GsmSpec + properties: + directorName: + type: string + envVars: + description: Replicas int32 `json:"replicas,omitempty"` // + Gsm Replicas. If you set OraGsmPvcName then it is set default + to 1. + items: + description: EnvironmentVariable represents a named variable + accessible for containers. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + isDelete: + type: string + label: + type: string + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + pvMatchLabels: + additionalProperties: + type: string + type: object + pvcName: + type: string + region: + type: string + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + storageSizeInGb: + format: int32 + type: integer + required: + - name + type: object + type: array + gsmDevMode: + type: string + gsmImage: + type: string + gsmImagePullSecret: + type: string + gsmService: + items: + description: Service Definition + properties: + available: + type: string + clbGoal: + type: string + commitOutcome: + type: string + drainTimeout: + type: string + dtp: + type: string + edition: + type: string + failoverDelay: + type: string + failoverMethod: + type: string + failoverPrimary: + type: string + failoverRestore: + type: string + failoverRetry: + type: string + failoverType: + type: string + gdsPool: + type: string + lag: + type: integer + locality: + type: string + name: + type: string + notification: + type: string + pdbName: + type: string + policy: + type: string + preferred: + type: string + prferredAll: + type: string + regionFailover: + type: string + retention: + type: string + role: + type: string + sessionState: + type: string + sqlTransactionProfile: + type: string + stopOption: + type: string + tableFamily: + type: string + tfaPolicy: + type: string + required: + - name + type: object + type: array + gsmShardGroup: + items: + properties: + deployAs: + type: string + name: + type: string + region: + type: string + required: + - name + type: object + type: array + gsmShardSpace: + items: + description: ShardSpace Specs + properties: + chunks: + type: integer + name: + type: string + protectionMode: + type: string + shardGroup: + type: string + required: + - name + type: object + type: array + invitedNodeSubnetFlag: + type: string + isClone: + type: boolean + isDataGuard: + type: boolean + isDebug: + type: boolean + isDeleteOraPvc: + type: boolean + isDownloadScripts: + type: boolean + isExternalSvc: + type: boolean + isTdeWallet: + type: string + liveinessCheckPeriod: + type: integer + namespace: + type: string + portMappings: + items: + description: PortMapping is a specification of port mapping for + an application deployment. + properties: + port: + format: int32 + type: integer + protocol: + default: TCP + type: string + targetPort: + format: int32 + type: integer + required: + - port + - protocol + - targetPort + type: object + type: array + readinessCheckPeriod: + type: integer + replicationType: + type: string + scriptsLocation: + type: string + shard: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + items: + description: ShardSpec is a specification of Shards for an application + deployment. + properties: + deployAs: + type: string + envVars: + items: + description: EnvironmentVariable represents a named variable + accessible for containers. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull + a container image + type: string + isDelete: + enum: + - enable + - disable + - failed + - force + type: string + label: + type: string + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + pvAnnotations: + additionalProperties: + type: string + type: object + pvMatchLabels: + additionalProperties: + type: string + type: object + pvcName: + type: string + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + shardGroup: + type: string + shardRegion: + type: string + shardSpace: + type: string + storageSizeInGb: + format: int32 + type: integer + required: + - name + type: object + type: array + shardBuddyRegion: + type: string + shardConfigName: + type: string + shardRegion: + items: + type: string + type: array + shardingType: + type: string + stagePvcName: + type: string + storageClass: + type: string + tdeWalletPvc: + type: string + tdeWalletPvcMountLocation: + type: string + required: + - catalog + - dbImage + - gsm + - gsmImage + - shard + type: object + status: + description: To understand Metav1.Condition, please refer the link https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1 + ShardingDatabaseStatus defines the observed state of ShardingDatabase + properties: + catalogs: + additionalProperties: + type: string + type: object + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n \ttype FooStatus struct{ \t // Represents the observations + of a foo's current state. \t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\" \t // + +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map + \t // +listMapKey=type \t Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields + \t}" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + gsm: + properties: + details: + additionalProperties: + type: string + type: object + externalConnectStr: + type: string + internalConnectStr: + type: string + services: + type: string + shards: + additionalProperties: + type: string + type: object + state: + type: string + type: object + shards: + additionalProperties: + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_singleinstancedatabases.yaml b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_singleinstancedatabases.yaml new file mode 100644 index 00000000000..05458b2034c --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/database.oracle.com_singleinstancedatabases.yaml @@ -0,0 +1,420 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: oracle-database-operator-system/oracle-database-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: singleinstancedatabases.database.oracle.com +spec: + group: database.oracle.com + names: + kind: SingleInstanceDatabase + listKind: SingleInstanceDatabaseList + plural: singleinstancedatabases + singular: singleinstancedatabase + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.edition + name: Edition + type: string + - jsonPath: .status.sid + name: Sid + priority: 1 + type: string + - jsonPath: .status.status + name: Status + type: string + - jsonPath: .status.role + name: Role + type: string + - jsonPath: .status.releaseUpdate + name: Version + type: string + - jsonPath: .status.connectString + name: Connect Str + type: string + - jsonPath: .status.pdbConnectString + name: Pdb Connect Str + priority: 1 + type: string + - jsonPath: .status.tcpsConnectString + name: TCPS Connect Str + type: string + - jsonPath: .status.tcpsPdbConnectString + name: TCPS Pdb Connect Str + priority: 1 + type: string + - jsonPath: .status.oemExpressUrl + name: Oem Express Url + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: SingleInstanceDatabase is the Schema for the singleinstancedatabases + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SingleInstanceDatabaseSpec defines the desired state of SingleInstanceDatabase + properties: + adminPassword: + description: SingleInsatnceAdminPassword defines the secret containing + Admin Password mapped to secretKey for Database + properties: + keepSecret: + type: boolean + secretKey: + default: oracle_pwd + type: string + secretName: + type: string + required: + - secretName + type: object + archiveLog: + type: boolean + charset: + type: string + createAs: + enum: + - primary + - standby + - clone + type: string + dgBrokerConfigured: + type: boolean + edition: + enum: + - standard + - enterprise + - express + - free + type: string + enableTCPS: + type: boolean + flashBack: + type: boolean + forceLog: + type: boolean + image: + description: SingleInstanceDatabaseImage defines the Image source + and pullSecrets for POD + properties: + prebuiltDB: + type: boolean + pullFrom: + type: string + pullSecrets: + type: string + version: + type: string + required: + - pullFrom + type: object + initParams: + description: SingleInstanceDatabaseInitParams defines the Init Parameters + properties: + cpuCount: + type: integer + pgaAggregateTarget: + type: integer + processes: + type: integer + sgaTarget: + type: integer + type: object + listenerPort: + type: integer + loadBalancer: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + pdbName: + type: string + persistence: + description: SingleInstanceDatabasePersistence defines the storage + size and class for PVC + properties: + accessMode: + enum: + - ReadWriteOnce + - ReadWriteMany + type: string + datafilesVolumeName: + type: string + scriptsVolumeName: + type: string + setWritePermissions: + type: boolean + size: + type: string + storageClass: + type: string + volumeClaimAnnotation: + type: string + type: object + primaryDatabaseRef: + type: string + readinessCheckPeriod: + type: integer + replicas: + type: integer + resources: + properties: + limits: + properties: + cpu: + type: string + memory: + type: string + type: object + requests: + properties: + cpu: + type: string + memory: + type: string + type: object + type: object + serviceAccountName: + type: string + serviceAnnotations: + additionalProperties: + type: string + type: object + sid: + description: SID must be alphanumeric (no special characters, only + a-z, A-Z, 0-9), and no longer than 12 characters. + maxLength: 12 + pattern: ^[a-zA-Z0-9]+$ + type: string + tcpsCertRenewInterval: + type: string + tcpsListenerPort: + type: integer + tcpsTlsSecret: + type: string + required: + - image + type: object + status: + description: SingleInstanceDatabaseStatus defines the observed state of + SingleInstanceDatabase + properties: + apexInstalled: + type: boolean + archiveLog: + type: string + certCreationTimestamp: + type: string + certRenewInterval: + type: string + charset: + type: string + clientWalletLoc: + type: string + clusterConnectString: + type: string + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n \ttype FooStatus struct{ \t // Represents the observations + of a foo's current state. \t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\" \t // + +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map + \t // +listMapKey=type \t Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields + \t}" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + connectString: + type: string + createdAs: + type: string + datafilesCreated: + default: "false" + type: string + datafilesPatched: + default: "false" + type: string + dgBrokerConfigured: + type: boolean + edition: + type: string + flashBack: + type: string + forceLog: + type: string + initParams: + description: SingleInstanceDatabaseInitParams defines the Init Parameters + properties: + cpuCount: + type: integer + pgaAggregateTarget: + type: integer + processes: + type: integer + sgaTarget: + type: integer + type: object + initPgaSize: + type: integer + initSgaSize: + type: integer + isTcpsEnabled: + default: false + type: boolean + nodes: + items: + type: string + type: array + oemExpressUrl: + type: string + ordsReference: + type: string + pdbConnectString: + type: string + pdbName: + type: string + persistence: + description: SingleInstanceDatabasePersistence defines the storage + size and class for PVC + properties: + accessMode: + enum: + - ReadWriteOnce + - ReadWriteMany + type: string + datafilesVolumeName: + type: string + scriptsVolumeName: + type: string + setWritePermissions: + type: boolean + size: + type: string + storageClass: + type: string + volumeClaimAnnotation: + type: string + type: object + prebuiltDB: + type: boolean + primaryDatabase: + type: string + releaseUpdate: + type: string + replicas: + type: integer + role: + type: string + sid: + type: string + standbyDatabases: + additionalProperties: + type: string + type: object + status: + type: string + tcpsConnectString: + type: string + tcpsPdbConnectString: + type: string + tcpsTlsSecret: + default: "" + type: string + required: + - isTcpsEnabled + - persistence + - tcpsTlsSecret + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/db-admin-secret_v1_secret.yaml b/operators/oracle-database-operator/v1.1.0/manifests/db-admin-secret_v1_secret.yaml new file mode 100644 index 00000000000..e70a18d18af --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/db-admin-secret_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: db-admin-secret +stringData: + oracle_pwd: null +type: Opaque diff --git a/operators/oracle-database-operator/v1.1.0/manifests/freedb-admin-secret_v1_secret.yaml b/operators/oracle-database-operator/v1.1.0/manifests/freedb-admin-secret_v1_secret.yaml new file mode 100644 index 00000000000..e56b6c84d2b --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/freedb-admin-secret_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: freedb-admin-secret +stringData: + oracle_pwd: null +type: Opaque diff --git a/operators/oracle-database-operator/v1.1.0/manifests/observability.oracle.com_databaseobservers.yaml b/operators/oracle-database-operator/v1.1.0/manifests/observability.oracle.com_databaseobservers.yaml new file mode 100644 index 00000000000..c2255fedaab --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/observability.oracle.com_databaseobservers.yaml @@ -0,0 +1,225 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: databaseobservers.observability.oracle.com +spec: + group: observability.oracle.com + names: + kind: DatabaseObserver + listKind: DatabaseObserverList + plural: databaseobservers + singular: databaseobserver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.exporterConfig + name: ExporterConfig + type: string + - jsonPath: .status.status + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatabaseObserver is the Schema for the databaseobservers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DatabaseObserverSpec defines the desired state of DatabaseObserver + properties: + database: + description: DatabaseObserverDatabase defines the database details + used for DatabaseObserver + properties: + dbConnectionString: + properties: + key: + type: string + secret: + type: string + type: object + dbPassword: + properties: + key: + type: string + secret: + type: string + vaultOCID: + type: string + vaultSecretName: + type: string + type: object + dbUser: + properties: + key: + type: string + secret: + type: string + type: object + dbWallet: + properties: + key: + type: string + secret: + type: string + type: object + type: object + exporter: + description: DatabaseObserverExporterConfig defines the configuration + details related to the exporters of DatabaseObserver + properties: + configuration: + properties: + configmap: + description: ConfigMapDetails defines the configmap name + properties: + configmapName: + type: string + key: + type: string + type: object + type: object + image: + type: string + service: + description: DatabaseObserverService defines the exporter service + component of DatabaseObserver + properties: + port: + format: int32 + type: integer + type: object + type: object + ociConfig: + properties: + configMapName: + type: string + secretName: + type: string + type: object + prometheus: + description: PrometheusConfig defines the generated resources for + Prometheus + properties: + labels: + additionalProperties: + type: string + type: object + port: + type: string + type: object + replicas: + format: int32 + type: integer + type: object + status: + description: DatabaseObserverStatus defines the observed state of DatabaseObserver + properties: + conditions: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n \ttype FooStatus struct{ \t // Represents the observations + of a foo's current state. \t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\" \t // + +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map + \t // +listMapKey=type \t Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields + \t}" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + exporterConfig: + type: string + replicas: + type: integer + status: + type: string + required: + - conditions + - exporterConfig + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-controller-manager-metrics-service_v1_service.yaml b/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..ea25c27ff03 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: oracle-database-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..f479f494494 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: oracle-database-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-webhook-service_v1_service.yaml b/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..53f17480776 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator-webhook-service_v1_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: oracle-database-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator.clusterserviceversion.yaml b/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..17650e7e8e9 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/oracle-database-operator.clusterserviceversion.yaml @@ -0,0 +1,1625 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "AutonomousContainerDatabase", + "metadata": { + "name": "autonomouscontainerdatabase-sample" + }, + "spec": { + "action": "RESTART", + "autonomousContainerDatabaseOCID": "ocid1.autonomouscontainerdatabase...", + "ociConfig": { + "configMapName": "oci-cred", + "secretName": "oci-privatekey" + } + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "AutonomousDatabase", + "metadata": { + "name": "autonomousdatabase-sample" + }, + "spec": { + "details": { + "autonomousDatabaseOCID": "ocid1.autonomousdatabase..." + }, + "ociConfig": { + "configMapName": "oci-cred", + "secretName": "oci-privatekey" + } + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "AutonomousDatabaseBackup", + "metadata": { + "name": "autonomousdatabasebackup-sample" + }, + "spec": { + "displayName": "autonomousdatabasebackup-sample", + "isLongTermBackup": true, + "ociConfig": { + "configMapName": "oci-cred", + "secretName": "oci-privatekey" + }, + "retentionPeriodInDays": 90, + "target": { + "k8sADB": { + "name": "autonomousdatabase-sample" + } + } + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "AutonomousDatabaseRestore", + "metadata": { + "name": "autonomousdatabaserestore-sample" + }, + "spec": { + "ociConfig": { + "configMapName": "oci-cred", + "secretName": "oci-privatekey" + }, + "source": { + "k8sADBBackup": { + "name": "autonomousdatabasebackup-sample" + } + }, + "target": { + "k8sADB": { + "name": "autonomousdatabase-sample" + } + } + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "CDB", + "metadata": { + "name": "cdb-dev", + "namespace": "oracle-database-operator-system" + }, + "spec": { + "cdbAdminPwd": { + "secret": { + "key": "cdbadmin_pwd", + "secretName": "cdb1-secret" + } + }, + "cdbAdminUser": { + "secret": { + "key": "cdbadmin_user", + "secretName": "cdb1-secret" + } + }, + "cdbName": "devcdb", + "dbPort": 1521, + "dbServer": "172.17.0.4", + "ordsImage": "", + "ordsImagePullPolicy": "Always", + "ordsPwd": { + "secret": { + "key": "ords_pwd", + "secretName": "cdb1-secret" + } + }, + "replicas": 1, + "serviceName": "devdb.example.com", + "sysAdminPwd": { + "secret": { + "key": "sysadmin_pwd", + "secretName": "cdb1-secret" + } + }, + "webServerPwd": { + "secret": { + "key": "webserver_pwd", + "secretName": "cdb1-secret" + } + }, + "webServerUser": { + "secret": { + "key": "webserver_user", + "secretName": "cdb1-secret" + } + } + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "DataguardBroker", + "metadata": { + "name": "dataguardbroker-sample", + "namespace": "default" + }, + "spec": { + "loadBalancer": false, + "primaryDatabaseRef": "sidb-sample", + "protectionMode": "MaxAvailability", + "setAsPrimaryDatabase": "", + "standbyDatabaseRefs": null + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "OracleRestDataService", + "metadata": { + "name": "ords-sample", + "namespace": "default" + }, + "spec": { + "adminPassword": { + "secretName": "xedb-admin-secret" + }, + "apexPassword": { + "secretName": "apex-secret" + }, + "databaseRef": "xedb-sample", + "image": { + "pullFrom": "container-registry.oracle.com/database/ords:21.4.2-gh" + }, + "ordsPassword": { + "secretName": "ords-secret" + }, + "restEnableSchemas": [ + { + "enable": true, + "schemaName": "schema1", + "urlMapping": null + }, + { + "enable": true, + "schemaName": "schema2", + "urlMapping": "myschema" + } + ] + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "PDB", + "metadata": { + "labels": { + "cdb": "cdb-dev" + }, + "name": "pdb1", + "namespace": "oracle-database-operator-system" + }, + "spec": { + "action": "Plug", + "cdbResName": "cdb-dev", + "copyAction": "NOCOPY", + "fileNameConversions": "NONE", + "pdbName": "pdbdev", + "sourceFileNameConversions": "NONE", + "xmlFileName": "/opt/oracle/oradata/pdbdev.xml" + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "PDB", + "metadata": { + "labels": { + "cdb": "cdb-dev" + }, + "name": "pdb1-clone", + "namespace": "oracle-database-operator-system" + }, + "spec": { + "action": "Clone", + "adminName": { + "secret": { + "key": "sysadmin_user", + "secretName": "pdb1-secret" + } + }, + "adminPwd": { + "secret": { + "key": "sysadmin_pwd", + "secretName": "pdb1-secret" + } + }, + "cdbName": "devcdb", + "cdbResName": "cdb-dev", + "fileNameConversions": "NONE", + "pdbName": "pdbdevclone", + "tempSize": "100M", + "totalSize": "1G" + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "ShardingDatabase", + "metadata": { + "name": "shardingdatabase-sample" + }, + "spec": { + "foo": "bar" + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "SingleInstanceDatabase", + "metadata": { + "name": "freedb-sample", + "namespace": "default" + }, + "spec": { + "adminPassword": { + "secretName": "freedb-admin-secret" + }, + "edition": "free", + "image": { + "prebuiltDB": true, + "pullFrom": "container-registry.oracle.com/database/free:latest" + }, + "persistence": { + "accessMode": "ReadWriteOnce", + "size": "50Gi", + "storageClass": "oci-bv" + }, + "replicas": 1, + "sid": "FREE" + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "SingleInstanceDatabase", + "metadata": { + "name": "prebuiltdb-sample", + "namespace": "default" + }, + "spec": { + "adminPassword": { + "secretName": "prebuiltdb-admin-secret" + }, + "edition": "free", + "image": { + "prebuiltDB": true, + "pullFrom": "container-registry.oracle.com/database/free:latest" + }, + "replicas": 1 + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "SingleInstanceDatabase", + "metadata": { + "name": "sidb-sample", + "namespace": "default" + }, + "spec": { + "adminPassword": { + "secretName": "db-admin-secret" + }, + "archiveLog": true, + "charset": "AL32UTF8", + "edition": "enterprise", + "image": { + "pullFrom": null, + "pullSecrets": null + }, + "pdbName": "orclpdb1", + "persistence": { + "accessMode": "ReadWriteOnce", + "size": "100Gi", + "storageClass": "oci-bv" + }, + "replicas": 1, + "sid": "ORCL1" + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "SingleInstanceDatabase", + "metadata": { + "name": "sidb-sample-clone", + "namespace": "default" + }, + "spec": { + "adminPassword": { + "secretName": "db-admin-secret" + }, + "createAs": "clone", + "image": { + "pullFrom": "container-registry.oracle.com/database/enterprise:latest", + "pullSecrets": "oracle-container-registry-secret" + }, + "persistence": { + "accessMode": "ReadWriteOnce", + "size": "100Gi", + "storageClass": "oci-bv" + }, + "primaryDatabaseRef": "sidb-sample", + "replicas": 1, + "sid": "ORCL2" + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "SingleInstanceDatabase", + "metadata": { + "name": "standbydatabase-sample", + "namespace": "default" + }, + "spec": { + "adminPassword": { + "secretName": "db-admin-secret" + }, + "createAs": "standby", + "image": { + "pullFrom": "container-registry.oracle.com/database/enterprise:latest", + "pullSecrets": "oracle-container-registry-secret" + }, + "loadBalancer": false, + "persistence": { + "accessMode": "ReadWriteOnce", + "size": "100Gi", + "storageClass": "oci-bv" + }, + "primaryDatabaseRef": "sidb-sample", + "replicas": 1, + "sid": "ORCLS" + } + }, + { + "apiVersion": "database.oracle.com/v1alpha1", + "kind": "SingleInstanceDatabase", + "metadata": { + "name": "xedb-sample", + "namespace": "default" + }, + "spec": { + "adminPassword": { + "secretName": "xedb-admin-secret" + }, + "edition": "express", + "image": { + "prebuiltDB": true, + "pullFrom": "container-registry.oracle.com/database/express:latest" + }, + "persistence": { + "accessMode": "ReadWriteOnce", + "size": "50Gi", + "storageClass": "oci-bv" + }, + "replicas": 1, + "sid": "XE" + } + }, + { + "apiVersion": "observability.oracle.com/v1alpha1", + "kind": "DatabaseObserver", + "metadata": { + "name": "obs-sample", + "namespace": "observer" + }, + "spec": { + "database": { + "dbConnectionString": { + "key": "connection", + "secret": "db-secret" + }, + "dbPassword": { + "key": "password", + "secret": "db-secret" + }, + "dbUser": { + "key": "username", + "secret": "db-secret" + }, + "dbWallet": { + "secret": "instance-wallets" + } + } + } + }, + { + "apiVersion": "observability.oracle.com/v1alpha1", + "kind": "DatabaseObserver", + "metadata": { + "name": "obs-sample" + }, + "spec": { + "database": { + "dbConnectionString": { + "key": "connection", + "secret": "db-secret" + }, + "dbPassword": { + "vaultOCID": "ocid1.vault.oc1.\u003cregion\u003e.\u003cvault-ocid\u003e", + "vaultSecretName": "sample_secret" + }, + "dbUser": { + "key": "username", + "secret": "db-secret" + }, + "dbWallet": { + "secret": "instance-wallet" + } + }, + "ociConfig": { + "configMapName": "oci-cred", + "secretName": "oci-privatekey" + } + } + } + ] + capabilities: Seamless Upgrades + categories: "Database" + containerImage: container-registry.oracle.com/database/operator:1.1.0 + operators.operatorframework.io/builder: operator-sdk-v1.25.3 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 + name: oracle-database-operator.v1.1.0 + namespace: oracle-database-operator-system +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: AutonomousContainerDatabase is the Schema for the autonomouscontainerdatabases + API + displayName: Autonomous Container Database + kind: AutonomousContainerDatabase + name: autonomouscontainerdatabases.database.oracle.com + version: v1alpha1 + - description: AutonomousDatabaseBackup is the Schema for the autonomousdatabasebackups + API + displayName: Autonomous Database Backup + kind: AutonomousDatabaseBackup + name: autonomousdatabasebackups.database.oracle.com + version: v1alpha1 + - description: AutonomousDatabaseRestore is the Schema for the autonomousdatabaserestores + API + displayName: Autonomous Database Restore + kind: AutonomousDatabaseRestore + name: autonomousdatabaserestores.database.oracle.com + version: v1alpha1 + - description: AutonomousDatabase is the Schema for the autonomousdatabases API + displayName: Autonomous Database + kind: AutonomousDatabase + name: autonomousdatabases.database.oracle.com + version: v1alpha1 + - description: CDB is the Schema for the cdbs API + displayName: CDB + kind: CDB + name: cdbs.database.oracle.com + version: v1alpha1 + - description: DatabaseObserver is the Schema for the databaseobservers API + displayName: Database Observer + kind: DatabaseObserver + name: databaseobservers.observability.oracle.com + version: v1alpha1 + - description: DataguardBroker is the Schema for the dataguardbrokers API + displayName: Dataguard Broker + kind: DataguardBroker + name: dataguardbrokers.database.oracle.com + version: v1alpha1 + - kind: DbcsSystem + name: dbcssystems.database.oracle.com + version: v1alpha1 + - description: OracleRestDataService is the Schema for the oraclerestdataservices + API + displayName: Oracle Rest Data Service + kind: OracleRestDataService + name: oraclerestdataservices.database.oracle.com + version: v1alpha1 + - description: PDB is the Schema for the pdbs API + displayName: PDB + kind: PDB + name: pdbs.database.oracle.com + version: v1alpha1 + - description: ShardingDatabase is the Schema for the shardingdatabases API + displayName: Sharding Database + kind: ShardingDatabase + name: shardingdatabases.database.oracle.com + version: v1alpha1 + - description: SingleInstanceDatabase is the Schema for the singleinstancedatabases + API + displayName: Single Instance Database + kind: SingleInstanceDatabase + name: singleinstancedatabases.database.oracle.com + version: v1alpha1 + description: | + As part of Oracle's resolution to make Oracle Database Kubernetes native (that is, observable and operable by Kubernetes), Oracle released Oracle Database Operator for Kubernetes (OraOperator or the operator). OraOperator extends the Kubernetes API with custom resources and controllers for automating Oracle Database lifecycle management. + In this v1.1.0 production release, OraOperator supports the following database configurations and infrastructure: + ## Oracle Autonomous Database: + * Oracle Autonomous Database shared Oracle Cloud Infrastructure (OCI) (ADB-S) + * Oracle Autonomous Database on dedicated Cloud infrastructure (ADB-D) + * Oracle Autonomous Container Database (ACD) (infrastructure) is the infrastructure for provisioning Autonomous Databases. + * Containerized Single Instance databases (SIDB) deployed in the Oracle Kubernetes Engine (OKE) and any k8s where OraOperator is deployed + * Containerized Sharded databases (SHARDED) deployed in OKE and any k8s where OraOperator is deployed + * Oracle Multitenant Databases (CDB/PDBs) + * Oracle Base Database Cloud Service (BDBCS) + * Oracle Data Guard (Preview status) + * Oracle Database Observability (Preview status) + * Oracle will continue to extend OraOperator to support additional Oracle Database configurations. + displayName: Oracle Database Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAALQAAAC0CAYAAAA9zQYyAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QAAAAAAAD5Q7t/AAAJjUlEQVR42u3cfcwcRQHH8S9PH0BokZfCVBgpOgjyFjRoQIQQkLeA0PLWqgQMFDVgja9AChIKKCEKSgQEQVsQJGKxtNCAvAi2vJiCqAQMUpQRMKM4vFiCQEUo/jH7kOt19m7vbveK8fdJLukzMzuzczc7OzszWxAREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREZH/X2tVSRStmwi8B5gErN1nWS8DAVhmgl9ZsdwpVc+xoteKc/iTCf7VujKN1o0A+xef5cDPTfCP1XjeY+VsAWwFTATGDZjdPSb4F6J1U9sjTPA31n3uXeq1MfBe4F30376ADo0lWjcBOAa4EHhHzXW4FzgDuNsE/2aHc3gJmFBz2WMuBc4ywT87SCbRunWAB4APtEV92gR/zaAnGa2bBJwInFVz/SeY4F+O1q32/Zvg6+xEyuq1PnA08F1gg7ryHSkpbDrwEnAZ9TdmgD2BxcDj0bptG8i/is8DMVq394D5zGb1xgxwdbRum34zjdaNi9adAjxD/Y15PxP8yzXn2UvdDiPdsX9IjY0ZOHOVKzFaNw64Apgx5DoelrvNNdxDt9rDBP/rXg+K1u0EPNIhyWPADp3uQiX5bggsIX+hDOp6E/z0lrKG1kMXQ7OLgJkNZL8SWO+tHjpatxbwM4bfmAEWRuuOWAPljrmvGGJVVlz8d3ZJth1wXI/5jgeW0UxjhnRnGrqifV1FM40ZYDcT/GujLQGnAUd2OGAu6Qd8oY/CxgGTgWOB3UvSzI/W7WiCf7RLXgcNUOnJwOUlcScCF/SQ10mAqZBubrTuVhP837sljNZB6lQmdUh2AbCUdMvu1Ssm+Of6OK4OXyb9/mV+DNxOf+0LE/yDUDwURuu2A/5YknYWcLEJ/pU6ahWt2wq4FtgjE/08YMZmQUqGHHua4O8boPx1gNuAvTPRI1WGB0UdnsxEPQzsnAm/HTjQBN8t36nAwpLoTwDzTfBv9Fv3kjIbH3JE6xzwREn0bOA7dY3px4Ycl5bEH2CC/1ZdjRnABP8UsBfwg0z0RODgusoqKf810uxNzsbdjm/pRXOOIP1A7Q4ADu2S7yjljXl7E/y8uhvzEF1YEj7FBH9OnQ+oI9G6zYF9MnEzTfB3NFG7ogf+ApDrsr7XRJlt/lYSvmGFY6cDu2XCZ5ngnwC+XXLcTcXDXpmyodheTcxpD0u0bjNgSibqZBP8orrLGyH1HjlXNFnRorc5KhPlioWcJo2WhL/e6aBo3abke+eVFL2QCX4F+eEMpDnXMsdnwu4ywd/T8HfRtLLv4pImChsFDsmEn2aCf73XzPrwUEn4+4Gep9F68LGS8G4PTN8vCf9oMZQBwAS/JFp3PTCtLd2MaN3ckmeAXIP+ZoPfwbCUDSFXFMO3Om03QlrkaLd4GDUtHsByPd7WTZUZrdsLuDUTdX+n5fBo3b6k4Ua7K0zw92fCy6an7o3WVV2seqRiurez3QfPopI5Jvhlo+SniPqaOunT05mwjmPZaN2WwKPAmy0fOvw99u/NOmR7aofyxgO/7OU4E/yz0brjSHOv7c4oPt3U9jC+Bk0aPItKvgZpDJ27zVZ5OKrLFpmwlzodYIL/K2k+egPgncX5bghsRJqp2KT4TAQ2LT6dGvONJvi7O8R/oyR8qgn+xQ7HXUP+wffrxSpjN+v195W+rQxj3vuQsd9hhDRJ326P3vLrTzGGOjoT9Zdux5rg7yWtxA3qsZJzGDvHXYCvZKIWAzd1OceVlE/X3VmsNnayfQ31W9MeaDj/W0zwN4/9MQosYvUv/YJo3UVVt3kOYAfyO/4qTVOZ4JcVu9EeAjbvo/xLSNNH/85FRuvWBsp67guBKRUfbM4jrcSucvqk1caxp/3rgE+2pfkqaWfi/7JfkO8w1m5i4mGUtGrWbhzwKdKKXiOKtf0rM1HPAbFqPib4GK17H2lRYv8Kh7xIWkj6kQned0n7JWB8JnwmaSfiFgzm4mjdomKxaQ6rN+jDo3UfMsH/dsBy1qSy/S4zaGBqeMQE/zTwu0zcT6J1u/WaYRVFr3YOsGsmema3JeJ2xUrmQcDFHZKdU9R3IxP86d0ac7Rua+D8XBRpP0iVi6eKecXFXXYneDBaN7mmsoau2MOyJBN1eTHjVKuxpe/PlMQvjdadUGGsV1mxcjSP8qf8Bf3ka4J/wwT/RdImmJwzSbv6uj5oFQ1sYUn0fkVZjwJn1/CV7ApM77Ik/1S0rq4LaE0o2+G3JFp3UjG0q8Vb49do3fnAyR3SngvcQ3rFqFfjAEtaaJjWId2uJvjftJxTX5uTonWHAzeURQMf7LT7LVp3LHB1Jup8E/ypLenWBVb08X3kbEbanLWU/J0L0uzP2aQ76qBTeq+a4B/ObU4CPlJTnVodTOpUypxH6smXD1JIa4MeBX5FfqFlGGaY4FcZUw+y264YLi3tkGQXE/zvM8dNIr0lkjO+faNWtG5n0sXai1syYfNN8EdF6zYhNeymHWmCv6GkQdftKtIo4GbgwCYLan9jZV1gPvDxIVSy1fEm+KvaAwfdPlqMg//cIcnhJviFbccsIr8dYD8TfLcN/ZVE6y4HPpeJOsAEf0dxUf2BNH/ehMXAPiZ4htSgNzbBLy+27l5Lfg9PLVZ5p7CYvjqU4b3V8B/gw7nGXIdi99umlO/FXRCtmzU29RatO4h8Y15QV2MuzCoJvz1aN8EE/w9gS3p74aAXx/T64D2AKSb45fDW1t1plD+zDWrf1V6SNcG/aYK/jDSmm917npU8Tdo7vH7TU1Im+OeBnShfBDkP+Gm0bgPyQwFIb7PUeU7/pHwx59wizQoT/CmAI793vF+fNcGHlr+P7zun7m4jrXO01h0T/BzSKu7pNZZ1nQn+rqr/L8dkYFvSvGu/T6T/Ap4CHjfBV9orEq07IRN8pwn+yV4LL17Q7PTj3UV+F95zTfw/FcVMSvb9zeIHz53/1sA2pEWZfmeermxfMIvW7Uh6EB3pL8tSN5vgn+mWqNibsw3wbvpvXwuqtisREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREREWnxX2ox1/vZSvwPAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDI0LTA4LTEzVDE5OjUyOjMxKzAwOjAwsDIMcAAAACV0RVh0ZGF0ZTptb2RpZnkAMjAyNC0wOC0xM1QxOTo1MjozMSswMDowMMFvtMwAAABVdEVYdHN2Zzpjb21tZW50ACBVcGxvYWRlZCB0bzogU1ZHIFJlcG8sIHd3dy5zdmdyZXBvLmNvbSwgR2VuZXJhdG9yOiBTVkcgUmVwbyBNaXhlciBUb29scyBFB1wTAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: default + deployments: + - label: + control-plane: controller-manager + name: oracle-database-operator-controller-manager + spec: + replicas: 3 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --enable-leader-election + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + image: container-registry.oracle.com/database/operator:1.1.0 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + resources: + limits: + cpu: 400m + memory: 400Mi + requests: + cpu: 400m + memory: 400Mi + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - configmaps + - events + - pods + - pods/exec + - pods/log + - replicasets + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - namespaces + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - deployments + - events + - pods + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + - pods + - pods/exec + - pods/log + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - apiGroups: + - '''''' + resources: + - statefulsets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - configmaps + verbs: + - get + - list + - apiGroups: + - apps + resources: + - deployments + - pods + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - configmaps + - containers + - events + - namespaces + - persistentvolumeclaims + - pods + - pods/exec + - pods/log + - secrets + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - containers + - events + - namespaces + - pods + - pods/exec + - pods/log + - secrets + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + - namespaces + - pods + - secrets + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - database.oracle.com + resources: + - autonomouscontainerdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - autonomouscontainerdatabases/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - autonomousdatabasebackups + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - autonomousdatabasebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - autonomousdatabaserestores + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - autonomousdatabaserestores/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - autonomousdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - autonomousdatabases/status + verbs: + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - cdbs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - cdbs/finalizers + verbs: + - update + - apiGroups: + - database.oracle.com + resources: + - cdbs/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - dataguardbrokers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - dataguardbrokers/finalizers + verbs: + - update + - apiGroups: + - database.oracle.com + resources: + - dataguardbrokers/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - dbcssystems + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - dbcssystems/finalizers + verbs: + - create + - delete + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - dbcssystems/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - oraclerestdataservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - oraclerestdataservices/finalizers + verbs: + - update + - apiGroups: + - database.oracle.com + resources: + - oraclerestdataservices/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - pdbs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - pdbs/finalizers + verbs: + - create + - delete + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - pdbs/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - shardingdatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - shardingdatabases/finalizers + verbs: + - create + - delete + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - shardingdatabases/status + verbs: + - get + - patch + - update + - apiGroups: + - database.oracle.com + resources: + - singleinstancedatabases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - database.oracle.com + resources: + - singleinstancedatabases/finalizers + verbs: + - update + - apiGroups: + - database.oracle.com + resources: + - singleinstancedatabases/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - observability.oracle.com + resources: + - databaseobservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - observability.oracle.com + resources: + - databaseobservers/finalizers + verbs: + - update + - apiGroups: + - observability.oracle.com + resources: + - databaseobservers/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + serviceAccountName: default + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - Oracle + - Database + - Operator + links: + - name: Oracle Database Operator + url: https://github.com/oracle/oracle-database-operator + maturity: alpha + provider: + name: Oracle + version: v1.1.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: mautonomousdatabase.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - autonomousdatabases + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-database-oracle-com-v1alpha1-autonomousdatabase + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: mautonomousdatabasebackup.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - autonomousdatabasebackups + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-database-oracle-com-v1alpha1-autonomousdatabasebackup + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: mcdb.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - cdbs + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-database-oracle-com-v1alpha1-cdb + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: mdatabaseobserver.kb.io + rules: + - apiGroups: + - observability.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - databaseobservers + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-observability-oracle-com-v1alpha1-databaseobserver + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: mdataguardbroker.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - dataguardbrokers + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-database-oracle-com-v1alpha1-dataguardbroker + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: moraclerestdataservice.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - oraclerestdataservices + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-database-oracle-com-v1alpha1-oraclerestdataservice + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: mpdb.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - pdbs + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-database-oracle-com-v1alpha1-pdb + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: mshardingdatabase.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - shardingdatabases + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-database-oracle-com-v1alpha1-shardingdatabase + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: msingleinstancedatabase.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - singleinstancedatabases + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-database-oracle-com-v1alpha1-singleinstancedatabase + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vautonomouscontainerdatabase.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - autonomouscontainerdatabases + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-autonomouscontainerdatabase + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vautonomousdatabase.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - autonomousdatabases + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-autonomousdatabase + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vautonomousdatabasebackup.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - autonomousdatabasebackups + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-autonomousdatabasebackup + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vautonomousdatabaserestore.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - autonomousdatabaserestores + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-autonomousdatabaserestore + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vcdb.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - cdbs + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-cdb + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vdatabaseobserver.kb.io + rules: + - apiGroups: + - observability.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - databaseobservers + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-observability-oracle-com-v1alpha1-databaseobserver + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vdataguardbroker.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - dataguardbrokers + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-dataguardbroker + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: voraclerestdataservice.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - oraclerestdataservices + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-oraclerestdataservice + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vpdb.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - pdbs + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-pdb + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vshardingdatabase.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - shardingdatabases + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-shardingdatabase + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: oracle-database-operator-controller-manager + failurePolicy: Fail + generateName: vsingleinstancedatabase.kb.io + rules: + - apiGroups: + - database.oracle.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - singleinstancedatabases + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-database-oracle-com-v1alpha1-singleinstancedatabase diff --git a/operators/oracle-database-operator/v1.1.0/manifests/ords-secret_v1_secret.yaml b/operators/oracle-database-operator/v1.1.0/manifests/ords-secret_v1_secret.yaml new file mode 100644 index 00000000000..78350980168 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/ords-secret_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ords-secret +stringData: + oracle_pwd: null +type: Opaque diff --git a/operators/oracle-database-operator/v1.1.0/manifests/pdb1-secret_v1_secret.yaml b/operators/oracle-database-operator/v1.1.0/manifests/pdb1-secret_v1_secret.yaml new file mode 100644 index 00000000000..ea51de7f499 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/pdb1-secret_v1_secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + sysadmin_pwd: '[ base64 encode value]' + sysadmin_user: '[ base64 encode value]' +kind: Secret +metadata: + name: pdb1-secret +type: Opaque diff --git a/operators/oracle-database-operator/v1.1.0/manifests/prebuiltdb-admin-secret_v1_secret.yaml b/operators/oracle-database-operator/v1.1.0/manifests/prebuiltdb-admin-secret_v1_secret.yaml new file mode 100644 index 00000000000..c61bbbfe860 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/prebuiltdb-admin-secret_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: prebuiltdb-admin-secret +stringData: + oracle_pwd: null +type: Opaque diff --git a/operators/oracle-database-operator/v1.1.0/manifests/sidb-sa_v1_serviceaccount.yaml b/operators/oracle-database-operator/v1.1.0/manifests/sidb-sa_v1_serviceaccount.yaml new file mode 100644 index 00000000000..dbe43b5dd16 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/sidb-sa_v1_serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: sidb-sa diff --git a/operators/oracle-database-operator/v1.1.0/manifests/use-sidb-scc_rbac.authorization.k8s.io_v1_role.yaml b/operators/oracle-database-operator/v1.1.0/manifests/use-sidb-scc_rbac.authorization.k8s.io_v1_role.yaml new file mode 100644 index 00000000000..1c00d1edd85 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/use-sidb-scc_rbac.authorization.k8s.io_v1_role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: use-sidb-scc +rules: +- apiGroups: + - security.openshift.io + resourceNames: + - sidb-oracle-user-scc + - sidb-oracle-root-user-scc + resources: + - securitycontextconstraints + verbs: + - use diff --git a/operators/oracle-database-operator/v1.1.0/manifests/use-sidb-scc_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operators/oracle-database-operator/v1.1.0/manifests/use-sidb-scc_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 00000000000..6fc557e5ee2 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/use-sidb-scc_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + name: use-sidb-scc +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: use-sidb-scc +subjects: +- kind: ServiceAccount + name: sidb-sa + namespace: sidb-ns diff --git a/operators/oracle-database-operator/v1.1.0/manifests/xedb-admin-secret_v1_secret.yaml b/operators/oracle-database-operator/v1.1.0/manifests/xedb-admin-secret_v1_secret.yaml new file mode 100644 index 00000000000..c1e87775a90 --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/manifests/xedb-admin-secret_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: xedb-admin-secret +stringData: + oracle_pwd: null +type: Opaque diff --git a/operators/oracle-database-operator/v1.1.0/metadata/annotations.yaml b/operators/oracle-database-operator/v1.1.0/metadata/annotations.yaml new file mode 100644 index 00000000000..5d17ce2cd5b --- /dev/null +++ b/operators/oracle-database-operator/v1.1.0/metadata/annotations.yaml @@ -0,0 +1,10 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: oracle-database-operator + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.3 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v2 diff --git a/operators/project-quay/3.11.5/manifests/quay-operator.clusterserviceversion.yaml b/operators/project-quay/3.11.5/manifests/quay-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..7854ba17c0f --- /dev/null +++ b/operators/project-quay/3.11.5/manifests/quay-operator.clusterserviceversion.yaml @@ -0,0 +1,278 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + olm.skipRange: ">=3.6.x <3.11.5" + capabilities: Full Lifecycle + categories: Integration & Delivery + containerImage: quay.io/projectquay/quay-operator:3.11.5 + createdAt: 2024-09-13T21:18:08Z + support: Project Quay + description: Opinionated deployment of Quay on Kubernetes. + quay-version: 3.11.5 + repository: https://github.com/quay/quay-operator + tectonic-visibility: ocs + alm-examples: |- + [ + { + "apiVersion": "quay.redhat.com/v1", + "kind": "QuayRegistry", + "metadata": { + "name": "example-registry" + }, + "spec": { + "components": [ + {"kind": "clair", "managed": true}, + {"kind": "postgres", "managed": true}, + {"kind": "objectstorage", "managed": true}, + {"kind": "redis", "managed": true}, + {"kind": "horizontalpodautoscaler", "managed": true}, + {"kind": "route", "managed": true}, + {"kind": "mirror", "managed": true}, + {"kind": "monitoring", "managed": true}, + {"kind": "tls", "managed": true}, + {"kind": "quay", "managed": true}, + {"kind": "clairpostgres", "managed": true} + ] + } + } + ] + operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware", "fips"]' + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "true" + features.operators.openshift.io/proxy-aware: "true" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + name: quay-operator.v3.11.5 + namespace: placeholder + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.s390x: supported + operatorframework.io/arch.ppc64le: supported + operatorframework.io/os.linux: supported +spec: + customresourcedefinitions: + owned: + - description: Represents a full Quay registry installation. + displayName: Quay Registry + kind: QuayRegistry + name: quayregistries.quay.redhat.com + version: v1 + resources: + - kind: Deployment + - kind: ReplicaSet + - kind: Pod + - kind: Secret + - Kind: Job + - kind: ConfigMap + - kind: ServiceAccount + - kind: PersistentVolumeClaim + - kind: Ingress + - kind: Route + - kind: Role + - kind: Rolebinding + - kind: HorizontalPodAutoscaler + - kind: ServiceMonitor + - kind: PrometheusRule + specDescriptors: + - path: configBundleSecret + displayName: Config Bundle Secret + description: Name of the Quay config secret containing base configuration and custom SSL certificates. + x-descriptors: + - 'urn:alm:descriptor:io.kubernetes:Secret' + - path: components + displayName: Components + description: Declares how the Operator should handle supplemental Quay services. + x-descriptors: + - 'urn:alm:descriptor:com.tectonic.ui:advanced' + - path: components[0].kind + displayName: Kind + description: The unique name of this type of component. + - path: components[0].managed + displayName: Managed + description: Indicates whether lifecycle of this component is managed by the Operator or externally. + statusDescriptors: + - path: currentVersion + displayName: Current Version + description: The currently installed version of all Quay components. + - path: conditions + displayName: Conditions + description: Observed conditions of Quay components. + x-descriptors: + - 'urn:alm:descriptor:io.kubernetes.conditions' + - path: registryEndpoint + displayName: Registry Endpoint + description: Externally accessible URL for container pull/push and web frontend. + x-descriptors: + - 'urn:alm:descriptor:org.w3:link' + description: Opinionated deployment of Quay on Kubernetes. + displayName: Quay + install: + spec: + deployments: + - name: quay-operator-tng + spec: + replicas: 1 + selector: + matchLabels: + name: quay-operator-alm-owned + template: + metadata: + labels: + name: quay-operator-alm-owned + name: quay-operator-alm-owned + spec: + containers: + - name: quay-operator + image: quay.io/projectquay/quay-operator:3.11.5 + command: + - /workspace/manager + - '--namespace=$(WATCH_NAMESPACE)' + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: QUAY_VERSION + valueFrom: + fieldRef: + fieldPath: metadata.annotations['quay-version'] + - name: QUAY_DEFAULT_BRANDING + value: upstream + - name: RELATED_IMAGE_COMPONENT_QUAY + value: quay.io/projectquay/quay:3.11.5 + - name: RELATED_IMAGE_COMPONENT_CLAIR + value: quay.io/projectquay/clair:4.7.4 + - name: RELATED_IMAGE_COMPONENT_BUILDER + value: quay.io/projectquay/quay-builder:3.11.5 + - name: RELATED_IMAGE_COMPONENT_BUILDER_QEMU + value: quay.io/projectquay/quay-builder-qemu:main + - name: RELATED_IMAGE_COMPONENT_POSTGRES + value: quay.io/sclorg/postgresql-13-c9s@sha256:fe4b23abc811bbde78b0eddfe9eb591a009a979f3399f9c4eb625254779e9c59 + - name: RELATED_IMAGE_COMPONENT_POSTGRES_PREVIOUS + value: centos/postgresql-10-centos7@sha256:f826fcb2983eef2c49e9e9a9d9d61ab403254b50cff85a7caa949fd8474fd558 + - name: RELATED_IMAGE_COMPONENT_REDIS + value: redis@sha256:352c1fdadc91926edda08f45aeb3f27f37194c2f14101229c0523a11195c96e3 + serviceAccountName: quay-operator + permissions: + - rules: + - apiGroups: + - quay.redhat.com + resources: + - quayregistries + - quayregistries/status + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - '' + resources: + - pods + - services + - secrets + - configmaps + - serviceaccounts + - persistentvolumeclaims + - events + verbs: + - '*' + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - watch + - list + - update + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' + - apiGroups: + - objectbucket.io + resources: + - objectbucketclaims + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - servicemonitors + verbs: + - '*' + - apiGroups: + - batch + resources: + - jobs + verbs: + - '*' + serviceAccountName: quay-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - open source + - containers + - registry + labels: + alm-owner-quay-operator: quay-operator + operated-by: quay-operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAUAAAACECAYAAADhnvK8AAAAAXNSR0IArs4c6QAAAAlwSFlzAAAuIwAALiMBeKU/dgAAQABJREFUeAHtfQl4XMWRf3W/OXRYki0fsuX7AIMvjIUPGQwyt7lCNthAAqyNhQ0s7JI9kt1kd/9KNtn9YLMhG7IEG5v7SHAS7vuwABtjG9lcBozv+75lHTPzXv9/9cYjaUYz772ZN7Jk+7U/eWb6qK6u7q6urq6uJvKCRwGPAh4FPAp4FPAo4FHAo4BHAY8CHgU8CngU8CjgUcCjgEcBjwIeBTwKeBTwKOBRwKOARwGPAh4FPAp4FPAo4FHAo4BHAY8CHgU8CngU8CjgUcCjgEcBjwIeBTwKeBTwKOBRwKOARwGPAh4FPAp4FPAo4FHAo4BHAY8CHgU8CngU8CjgUaADUUB0IFyaUamo8lGgNtgc4eJbUacwLagKuYAQX3TK3UHSg774yAx/FY1roAXT9AxLn7rFBkzPoY1Hw0QLPNqduqMgKy3PzkTOCirNQPz6zjFSz5tAShnNsel/M4SQxV1L1u9S6lUSQqUPoVUJGWgQlwtp9HeHm0EykCd7nmG8v4Hos1a1tEdERYWP6od0pUiDJMqLx0CGFBmBCDUcaKBVVN+ujOfsGd0pL/dC6inW0Me0Ih5R75dHgfQo0PEY4JApwXBY/6UwGi8mw90Cr+XmUOmIkZvHL65b8RLR9vRIkyT3xJl9ww0Nc0j4SsgNbzYM6tS1O/UaNvql4jnquprZAtJMO4faQYNJo8fIl4OFQm8mvBDYJfjrSVO7yFf8KU0IvUdHpn5LqxbUtgvGPvl91PsbUr6lNOXuC+j1BxrbBY9YpWWz8rAwyHajRwwP7zMjCnQ8Btil33lE6gIVcTmuIxHqPHQoFZ8xvN/hgwduBHV+jT83UqCgsLhF+UQJ6S531OAvJWcOo9xu3S/V8jaPA16LM+q9rBYK5JE0JmDRmUMkmiUrRX5U0wN/pxMZs0gE76Ii/wNUdvXvqebluqyi4ASYJneQQRtIGOto8043/emkNvs8/sg0ChYVIuNv7TN7OToaBToWAyyb5ScRuYvIx5POVRCBAPU5ZywJ8DwptZnlb2x5dMnlffdnDHTs9BLS5AwyXM45SLU5XbtRyYgR2JWLHE3z3VGxcOHS6smTIxnjlo2CQlfm8qD8r9Cyh15JCrLi7j7U2PhjMsR/kSxhWj6aNF9bRn788AIqn7mCVN5uWjXf5UqUBUSVNpl01Q2QPAaYBXIebxDQ93Sg4A+PIald5mp7yc2B9Fc8cBB1xl+ksYFI852Za2jfc9FSQVrgRnCsgZCCXIBBUTDQnmedTcHCzhQJNZKQ8ho6eNoId0CzWFroqQ+fqh/YSocP/AOkr+Uk1T9Sn6m5WazZKShFS+avpaUPHHZaoG3zqSBWWZfblbbF0IOemgIdRwI0lfDanSRFrlsGKHw+6jV2HHipRgaYIUs2hq7uGP/avj8uvaJr+hPnvDuYW1WS4ZJc0BsGu3ShXqPPxhkK1GzQBcpgXoGu18+m59RdNE00695S91n7pqxaEKJxs/4E4v6K+hb2pq20tgmhITgh57DW1MsJKptVSDKUS9KnKCL3U83ceF0nn+b20vIoogfMcsIIk1ZfR0sW4KAlZRA06uY8Kt7SSNXVqaVm3k2EajtRTiCKkzPY0UqT4bVbHqWNj2E1PRbKwfwPQ2tKPF6xKg6f2omoezQxJ2KgrcdfPRDDzft0TAGXM9pxPfYZ64cMgzh0LTMFV0GPUOHAwdR18GlgelF+YkTCJAL+0blGwxWA/Ye04YdC38MkHobDgbSLxhXQDeoxYiTlFncFY47yAiPcQEKjaZOD23+zkGh1XP6O+kNFtpHwS2z9OsehWFx3cfR31et0zq7TyB+ejtPj8eD0EfIZ/4i0z4/lZ+bYlXKMiygiLkW/D4QUxSZZm0kFF9KIytfpy0N7k542l/8wh4wjt9GhoSBXdfIT9LJZRTi0mUD5hVeQipwJuFCtyK2k57xDZTe+SjXP7kMclsXEUCXp7E1dKc93KfC6CLqTAcjBmG2kHuot6jrrbTC2/TRkip8inf+KCkRXLNZnIE8jFXSeRSoUNSsT6hDa93grhp9Ynfe73SnQQbbAUzUMstuxxYQyOcm4TINM2FJS77Kx5IMOEGLWsZIK4KUQEfqbqc+p9LZt595aALxuTwOF5Fkh/fk6FVDpmLHAq5mRKpYC/bnFOICYSVWqg/RH8iY0xfpkARYqyD2iWSLiREE3gVbTaeKWYeSLPElKnA/m9xmYzyYwk2Z93Zg7B5OP5pCusd6sBNvp9/H3Hr7nofx/UifxJE3sPBK/W9PDOIIxIv6HgkY50luH4TOLya/+HfXNx4I1BHW/j/yvmrsKKf6D/AUPUtlNPVsXBPbnbjiTgv7HSRe/xja/Gwn1gYmXos6A92sw8d9R+Q87U9chQTDYa1DiGsApAXz80RT8XQHJGExXTKKCEKRDL3R0CnQMCfCcrqMwUW5wL/3pVDRoCHXDCWtM+ot1gBEJQWgJlO+lHd9F3DOxeNtPXbsBk3JMS6ZlW6ZVBjBi8IteY8ZQfvcewC1+52bgxFtJ3/TJIzY/vpBgadeRA2/9DHE5FpcNpLQtcagKrR7xoyAo/wrM4wVsP39L1Q/Gm8ucXzmQQpGnQFM/mMsNtHhuNRhIbKUiHHDgVFzei03lszS+8npaOi8mNUar0rCd1nUQLIkd0vgfFILh/Q/KTwADu52W9H6NqKp5SzHxtrFgTo+SP+dXNGD6zPgt7awR6KOngQs2tvp1tHjeIlTYjNe4ykk4BJsG6dMPnPbT1KlsjgOZtQj5jO3U9/A083fsvwWekXaMFB35s/UKe7yxZd2fL1yJCdGl5XhLHw1IedD59RpTRv5gEPOjeeyasPAbFm2aIdXsioW7oa9xEEbe0QWT4jZMiujWxkGRpFnA/PwFBdTrrDFITsCLY7BV1/yB7kZu4K+hC2xfyUEkEi7WIkjpZbO6kdH5CjCZyWAyT2CLdyiWan4q1uH5RkPa2kB9D93bivkRtpiN4k7Q8zQwsXvA/BbGMT8GsmT+MpD7bwG/Ez5/BN1aVD8YV1GKH0bB5UiBukL/Z1ryME6yWzA/LvLRw8uxJf45vn0XukfeGkcD16HoR2TI7uiMvwPz+xAJ8R21DHFLSv8OzG+XWYgZXJTJcT5lfo/FecwvStcT4P/2lwAbhpyGwX4dS0iuAvRrBX37UzfY/hn4niyw3k1q/nI6Gr4Q6S8lyxMXlxu+HKv+GACMi077B4SVHsNGUH5JSSvJNAaLpUIp6MaL83Y/9A7R+lj8cf1k3iewpSubznqtaJDMkAN+bP+guDQmoq+uR8IHkLAeimVp+lTYwhv6UQpo9x9jDk1J5pexu3uAqd2CrelfiBlKqrBk7hc0fuYjYLT/SDldfoFs36TK2hTPhx5aBMxVLabeh8H8UgSV/wapukNo50XIsdLMFSwajHJ/Bbx+TUvn16QoiegEhpo6o5dyglCgnRkgpApDTCdN9HC7xRTgHj3PHkOB3DzS+eQ3WWApUEo/2NkdZS9vf6fm6tLUJ3XD74SUGJqNLRMYgIuAOv15nagXcGMxMhWbV8wAA8E+ekP9TVRV9Qv8JefiLlCxLSqweTXoBvC7cojQUP5ja2pAZypUHqQj6CnxW9ALpOp/Tx8/EZWEWgIV5IP0t4UWzfu2ZXTz98bRsPHsAX3ngua4FN8M/XnyaT8lnwLTdcAAfQZWFwEFq/gHWp7vxxY3uS3priMh6ulfj3axjjEaAupcbB8C0Dj+ORblfZ4aFGhfBnh+UT8KY8K5lf5wkJBX0ou6D4Puz+YU2QhDCpS+Cwr1MCvR303ZzQUNkBKZEbiU/iA9doVUWlDaO6X0F8NBQXJVPt/NF066a/57VLUtFn/cPnmnL9Q2MMG1LApGuTU+DXEEBh8bSNM+p0W/t5FOcdSUKvjUGaBnCLDtT7uNwAZ05kGAwum7gyBUf6DMhyg9qNR/pWUJnYJg5gVNeRSNAF6HIOWua4rzvpwSFGhPBigpJH4AkayfO/MSFkqIesK2LgenrCmlv1h3Yjsq/cFcwwjPrnh0w+LqGQPjTzI5H9/vFASzBnKuf4rBj/tUpOXA1A0nv3ylNpX0FyuidDBnf3CIXteAbaa6n7lRLO24fAJdMrRnafmclzOvD5JjqmDAbIRNRiI58QcjyfIXlB6l+q216IeiZMmt4gzzpBZDiU9n1eRW6S0jpBaCZU7Lw6Yi1HOU/P3qW2bzvp/8FGg/Blh+ey+IRLdgq+WOypAezatlI0fZSn+xisxTV803BReYzkbcklh806eGO7FKXmiaTjRFZvAF9rDFQ0+jon59HePGdcKJza2TXtv55IdX0J4ManVXRBoumb5V9ZJVDj7SD9nX0XjID/VDALpGSIwOgpKNpsgq1X/D6NNCjwdYQsPSFjjcDJXLspX7Rp4PqSXY5gLet5OEAu3HAA2YGkjJ1souSAnmCQZaMmo05RTiwBYSlJPAtndaILeTrkdml32iPqk5p4U3FvM2QwPs/mDhj71g5gF3kIN+6oX7yFLzRW+kOABmGm37/cNkKHItsj/soMiJk0WpjejzIAVz+wDpHZaIR3b1wkFwZ4jNGyzzxRI1bN2VjKDLfLT8QWzh0wnGJpj0FNHRYHeU2pJOyWje4yypp4+gVyIFBWSK+LaNngSfbkLNdMVfGENIf8HOXagnGGC622gDpmRC+q4u2LJteFxjexzFfWS2c3PD/AAxolPn/oOoy4CBtrq/uPrxg08fYNFz2+jnN3ROTDuhf0v6FK1roLDiE1jr4M/HwYTAykHLrDMeS80JgHEZ62FbeCWxaVU6QUjcbRa40xs6L51iZt6oZqN95lHayHoFEinQPh3XqMGCXhuRLtOKRz4q/fHVsryusNBIYfoSX6b5Fx84CJ+/GKeMM+GNJTph2JRCF2yTCAW5m605pD84tCktK4OkiauoaW7zWQqEYfSYokBgSjPGJ8G3I4fW4bChGqZFP6CxM/qmbNGom2EtLmaS0D+jQNeoqUrKzMcSogbXf0TfXUZHTi+zyx6X7vPVQEexGkxwBo27hfWUyQPvDniMtAwKukNSzuxKW5bzvncIChx/Blg2FQpncRtan1pZ7oQ0END8BYWmYwEn2ZPl4UMHWCBfFz48YrCZLkPDoR/CfWQ3zA+QoPsr6NuXugw5HfM9A5USGCbMejRIgrMrnnNotJ2sgR0tjh0paPQ/aFwxVoZ/ognTB8QzFJhFld/em/Jz/gajYxgONO6jxfcdcdwMEXkEdopbKKB+RmNvG24eZrUszJLh2beW0oTKMxHdPP4W/f4AFqn7gdc5RDmzzTzUUooEXuMrS6g77pILfWhLkNBTrkedA4mN5puCWbYZflO896WjUSC9rUI2sPcXXQ4GeI473R8QgXlK9zOHqfySniLx2ptTNM0bGMEgADTcQnf/9ue07PMZwK2YYWcewLx8UpWOOUcEcAJseyqdoqKouY5Wrneqn4wsL6fI1rGi+UCe/1mFj+YtpPG33Qdd4N/C8UEe+WAUPXb6djAf5vp8T/BKfH4HffAQ7gq/YAWqVdrHj22kcbf9GJLcfbir+9+wN3wGjOtruEcL4Xhdo1rqRQExGdJeMW6Y3Akvzs0HLNqhZyhSNIJ8Pjh99XWn8UNeIzVot1mHJrpBJJ+MTcHVwO0+xH3ZXLf+JlbR6ykvMhNM9x0wSIj/Gm6U9F5GS59ucdDSXML71nEocHwZILsMUmI2Fl/NFQnMKSb39hw5qg7asn64HJoxOAO6OlzfurGf7FK9mQ9mkty/Tw84rIFz8zbB9q+zoRK8paQDiKVADca5If/tMNp+19JoOx24qfIqH+7x6p9CNxt/vS1V/mTxgnCYIPOSJbWIU9Tv4O9oaxeccCtecKpwSXs3dHcwghTdwbxCYDT3Ur8+j+AxK2enWi2A07KH36Txs46CeHeAGd0DyW4/+f1gRPDbR6Iz2DO37zncMIkX89kF16U3/ysdlpuBw/eAAwywtT0oz3gVo0w94v+PcnwvtqyO8nLeprrwk0ibgTvEF+EwBfhjS+zvfAfyeQwwjlgd78fxZYD5XS7AADzX9QED80+98cXCgYO+xlbxXpA1Y4bKW1TN5+8fCdf/F7ZcpZAaXPaSFqFQ469zOncpNyLGjSxlZhp002hbToYh3ATAeC9TOI7KDczZTJsOTaeIb6Oj/MkyGcF5FGiwY4DwcmU6CniGJt7+Dg4ucHtDDQI4OOzBCawBZ6tL523Fg0eZh6VzF1H51BoSxaNx53gkmBl8EsoGMOfVVN/wKX362MGkwN96Evo8up8mzvwLFCxjoMvoCwYNRqlvguuuZVT92M5W5Vj3OPWHP6YtDRVIOw3NgH8zsYp67d7SKq8X0eEoYL1dySa67EVEdX4OEtZVrraYJsa4mXC09rLvPvXMuv1bdi7B9bZB7HIuowD3WeG6OvXZk4+J2m3bwEpdqEUFyirja/p2ZfnFz742Fqz0RWzP8yARZIQaF9ICcH8Xql+QI3vf/PoVAvZqp3iYeHsPMLWNIPQ9YJRzT3FqeM13SQEXsz3NmkNdIMXAySR2FO4ChD2l3qNAxSfPnyV2a8J4UvP5MgYqwbT2fvOV4Zr5caMEPDoL9TgdqDnUJ9hjka7ri4Tmd9VcduOlNP/ldfomSCRegFIVSyDfU3Z7UuXR0qOAe4WXMxqy+YDPmA0GkYvB66xMslym9KfqMP7xItnsqH5I+J40wo3boXhOVsImDg+9NdSrHTU1PKls8toks/Rn6JvxaPoznPOxyaJBRvQ5iMZVOxNxGwDJk02jbc0Pp6zBShhtu+Omyas4wWI1+PyDfaCSB04wxD10OyAFjo8E2K12NE7PpkC/45IELP0Zi6n/wQ9igN67omSdEuKPsLtLm4PxmyH713xrHNm2BZ4CM2GgMSzMT7yqpp7BLYQtsVhVGHxLb2xcwW+UuAl8dQ879WsLtmyMN9p2A/REKsueeWJ/KoLDCUjaEbn+RGqCh2vHpEDbM0A2HDW027BqF7qSsliIEgoKZnoISvS4S+uQsh4Fk9ibnhQoKBJuUNtq4CPT0DMX0bhfTX+pajtOCB9v2c3Vk3vUgsnOwd3ekFspUPoCxcIXnFFRdcxou2VFJ/v3TvUXUUHjDeaflHdC1F5IXetXn+zN9trX9hRoewboM86E+PId18bFfNBrGDVws/5WIlkWXtbzK6gWn+c7t06D9Ek6uH6DcXjjBolrG06LpcgHGzZFf6IP5qxJzBCo3f8KHj76SvjcSZh8z1lJMS0y9rRBiXWc9L+FHwbqvpuhsZmOhWQt1Cn/TNET25O+6V4D25YCbcwAYUFPxLZe3cC9Mm+JKZ8pPOohH27tZh1gYargMyLzlIocRB4H9cDzZyhMWyH94dlMO9Nda3gmbsY+2IHNT5bxzWnD92N//TB8EOKY2sycLJttHJvTyECgp1/Jv8ZW20kjbWGeMBnEgfth2HwzFtGbKSc0kxY98tkJg7uHaIemQNtOpHGdB2PVvj4r0p9SX0H1k/JGRPHVfVdQKPy69NtLc7ipQYe2bDIOrV0jYQToroPYJtEwXqIlc1rcDogHKXX5Zz3UuIY9HLgJCp6uIQX+oOKFjf3cwDmOZTG+qo79ubAwZyPlRXM3w43+Btji4VDJCx4FskMBl7PfCgkMfLHlZmwv2e+fVUbrtKjQxG6OHsZ7DftTZV4AE5RJr22Zo+k6risJ3DhJfSaicPtje80K+CYOSVx9SgXSPp5xM3BzQhqwR0vtEund75TsOv+VbY/7Nd8v4YIrYy5ous33B/obvuANaN+9LPnaI3lcckQfKw9qeC4zkI+Fih+3D+B1qlzYEEcJLGfBRChcB08wYbwZUg9vObVUd7QW19HYR6CL7UGq9pm7j1SJLeL3oBcrUH9VNnAArKlpCBWuX45j3DGeuqcxDri91dxWq/YKeNTRqNopXBNmhoa4Lboi+jWNNnG9jGPmdHQx+1shHh9x3vo+FA7eZEnm+BIpfvF40tdAfrB9r6Fn7eEle3M7vycCwWtgGpMUHkthBzdvNvZ/+xV0fxnzoihslv6U/gb1nfIJffxo0vpikQElntXDjbOF5huYkYOEGCDzihxNv+QPW554m2h7LLpdPofizeRCgg89rSeusg2Frvd0EGQIxNRSSP5w5RXJx+n6MSKzCYCvjvx0EGZM27DwrKdO/m9owu2rKWzspJzIblr8iHPHB1YNNp/HzBtnlaU5DdoZ2roNN0++bo7L8Fv5D7uQqnVor4kbQ1t/uJS23h93oJdWzWXTh5KffSumw3vQLfK0vXgh79OUdQ2/M5/qjHE0QXfIzEFDOXgNfTR/U0qYThPKbx+NOdXVUXZVLCjYuBFPdLXSvTsqj0xtxQAF7rDegAkxwNWtD24FGxcrGBcvnb/LrlELpg0Pnf/6ljkwErsY5ZLfwMA83LlyhYrUN7iX/hSu1yt9Li2YZivivnN16eaKl7Y/gzv5PwEDxMqVWTBftvMFhobz+BUz+l1mUFyWGj29M86k+oKZwbjdfxGEiXFgan3wBzvFY00zZZJEwQRpsZabSfx+SGQbBXzLKKy9B8cFH1Fd3Rb64hl3Nn6q00BIoU+iMvsJLGFUHcFD7ET/4JIqaMrBkWDsTzsyKVWQhruHK2gr7k9nFCDh+rSfoJ3wXemoxmgt/DaDYXxOfaZeTVvjrSma0OgZyqda9V9Y2AY4stwQoKEunkD5H+HPSrJsqiLplyF3F5Je91ssmkMx5xMHT0IRJEsYwzcE/h4JHYwBjp1eAuY3PQHj9H/y+GXj4gjeqXAYSo70Wbg7d9vHmj94Id+iaBlY+qvdsdPY+/WXuHeqtUzK4DvWDhV+n/r3X+TQZScZOfrjIhKegbpLXakFeLz7aGbFy6v/UH310L0ZIJ9ZETZoL2ociLovh0SOR8IJj53gl/kMCMa9Ey868cOaDZr7o2B/wANDFzXUKX8BjZ/xGu1S6+MeLk8HY6EDrurZzG2tCjOPNGCilYXATlWJXziMb2RryLwKKDhXAJ6ZhnMLSsC4LwHt4XnGrr4WlZhZxUTqlz8UzDe5FPgu3j6eUAnPNvJfME5jS1YLIIlfAVTQdVRx569wSNn6vnRi9lS/ux45Dyd95RhX9pMTtvC4Evkt5fneSwXOSTz3fvaD1Hgwn+loQljXHjUuroEC3GFYME3Ua7AVxDqHPXB83/Gb3zs/XaHCtbXY/sanOQQfzWYWxQA2aA48lsRzWQtAH1zad43S1QLpT99ouyVY8w1hLTCKRP6VLePb9Ds7Cu1eNwXupH4DdeevMPHKwTjAaFj4zXzRN8syDMXvD8txAHUfUfABKgleRWfPwPY60yCYI6OwzR9fzUz5GHy6dbM5lE19TfhIHOvjbZJMQ1jAY7YsidLfaZ2cD+2VWi5FApdYVh3QHgPsHdhJIZsNfHMMaP2oofEyS5iWiZBoJXaNpqcoHk82dfKdWqEedcVwUUv2GSBPFAGvygnMx7LtyRKjhN+RaFycLGtiXKMefAMu4FbG3cDAVYqj+/Yau1Z9lgXpjxco42Pqqb2bWLfdb5+U841QCGYz9otcSlg8ydAKGFjPGv/amuxILykrQ8L4yj4kcm7Dm52/x7i8zGRWTqQ9K5jJ0kyYfM9XXYi/h7A1voPKbumXLOspHgcaiSn4y3AV5/GjT4l3RptAUbZpVepPjuexaUwmbqAhUyAFZxDG4YlcQ13iyGKEd4Yqspn80rx2mkFtTUWyzwBF8AroDs5yL/2Zq2lS4+Im7FN8Wfyd7kfAXuYKqYVjHchjZefnn6nQwUPupT+WLhVOfl+eyyeYaYV3lpesUkbkpXSMtpNVwLpAmPCMy1OF1it5ssLpxJXN6oeJBiej9HNMiJ7u+9VB5aZESLyQ/jsFcn6Kg5IBDkqdOlnG/Q2c9qoLHDGLZFQxr6SKs0lEBiVLbopTxiPYZ+5zJMuYMOW51L10WFP5dL4Ifs7UB7UFS3+2ARxcPmuaRtlmtc6QXQZYfktvsOZ/wZ87uLywKWMtOuh+a/RTpxp5/gWQtN7ltzlY93dk23Zjx7Kl7k9+WT1hRN6EXvKl1LVbpFQJuAkM34eDkM14lMkio01SVO/jg/H3v058c2cPm9yZJY+vLMObKY9iu3sXJhsOOBwNzszqalUKdfG22OD3mY3HIYXiwMULUQo0XAbzsgGZ9wfzD19n6Om/Z0nRZfM/Ryc8ZO5KLTNyIkuVeEtHF7iqWJXe/DffYWFHyQ7Glyn9qa/hSTwrB4DpIWpHBD34V9ja4SEMBw2xgsXu0YmehWnJJqtsVml8DxfSynysXg28T9j52QoVOnqEN45WxazTzKLwRiNxI6UmfekvBvySawauMYzQn4Ub34MAxm+awORneCAUviYGO2ufUcnvp6DfZHNwmzqZrEF3CIiHAU8sOh///Ru2bIMdFjyZs2GzKfGshFv1FeaowGGW+QxsKnLBzjSsPYVT461gbqkyNcezhzKBFxUnbunbHOngmwhWoE1DsOA5yMwDwngKJlNZMQHLHgOciJe8hJpurtpOmpEqT1T620K6D/t7l4a+nfLfEfAwXLd/P+356ksYZrvQu5n4cnl4o5H6+6nQdxJfJYQhlXwcrq52YpvupEjyPDzeIJkpqc0475WDXZJnyiC2YnoO7tveBehwXotpki7z4z7kldr84++xP47D97QCGskTQ+K1Nz+coPKzCqdyGF+JeWac72D7ay2FRJnVKOrSMMSSnIMOQBdIzzs7LmCmChvQCDw/OQ0VVdgGqRswLrDDQD9bBZM3qI1o+x+tsqWTlj0GqOdcBQYD9+M2jbDFjlEy/kRXlWRs2xOronpyl4NKE4/sWLlCbzyEpyDcSH8MVKhG0o152TDYVZ16r8LDRy/BMDqGbkafLAXCIWyZTzvq4gQuoeoG/6UYyNMRaz8oWxY1GR0ilIAphPgY9HoRY/pZ80+IF8BKP8L3HWaRtBghxpRhnhL/gDoVXtWyylPuu1Aw8PZB1WTB3wTsUwnGWZY05nkq8UKjMdmShvx8ATv5FcYea3jHoAiov5S6vtWLfKkqqd90OsZKBaTMVDma43lBJTC/K/ttbI509y07DHDk97uASLcCufQmTCLuZoepXRjsT1BVlQOKJAJo/furZ57euPOzlTgyd8n9zDu/6hMKBt9uXUv6MdWTRUTXfI9AF7jfzYlw1F5UBkmXlee+uAfvGbsMZbPwAhrdA2YF+7I0usAcnLiZosQfYKD6C+hvfwYYVdDV/AzwqqAbqsKc5e8/x4B/EpNps6MJ1dQcc2HFOJP3RJ+tbEo4tb4oc/ubetXkflBiK5jQfNDaugNZGOfTZH4u1CpE5OdY+F9zJAWyZKnh1UepRluBbE7z4/BD4uaH2b/N0YnfmDcYxg68F/1UtngDV2Hd8EQkUv3Oz78ElCzLivSn9Bcpr9+qVFWlF18ld371Be4GQ8xyyf/QQbi1gFMxfkM2S6FAHPm0Ts97A4+nf99wcV9a8auPmq/cJ0MVQO1lV+j5dAxI7VwHW6zmanhwCvoETO5x8kfeJn+/dVRdlfx+1lTYe23r8jbgw9QFnm3IwCNZNoM/VpNps6eVUcCYiqj/jUWfMp8saBDoZkkvZoDhb8DY3sCXA/jsmjI/S11KjKWjg/rhfvD6lHSsmRumcyvn49GwawGvKCU8EwD6UmidSDOuw88l+EvdueNx84PqrzOFk9S5jqGFdlHkeRpw+BtafiwqCx8M1V2ogLdepSoxAXKs2mpbiSn9GfuRD8aNKSaPLZCEDOUbT8dpFyaLCTwhMY2fpu7Q+AKPqL+SRinbrK9fcVojJGe48dIPYxDY5k+VwZQCJa7+GbIST2jmpcpnG29OMNhwCgo47ksmrZLY7kLK6186F+qB1Zb9x1uqj+auo5zej+KWwc+A0/vOu4dnCYyvhZxBo6BzPtVCft5ZaPtASwaE7sAhXQ31O7QDzG21tdQGekpIX8I3yZaURsEn2BHA7tXBODUZtLqaRt1ubciuHZ2A9gy3XWzN6av2YXw/duxFQVt0nWZw0BobUHWNeOpSTrRthA2YY4R9nYpzV9pmdZYBdx5930dWnEhZ7wTswZl7wcfoo4d22+dNL0ehkkvh6+89NtdxE6K6QK2iSJOZm4vk50/C6j3GcV/ywBRiHWzF/gNM7dV0bsWYTHLpvLcxSbFVxjOSThcAsyswafJysOs41YLC6S/UHRZCFcY6bpiIZSajkLTUdnHh02RpXGFrurIETht0MQ91481lG7qbfaQNoJzwBRY5JR6+h/QnHAhOYFNCf40G9P7MAl5GSe4YYNmsPDSA3d3nW3eKDW5RDn/INFt5/YFGm9zOksdVDgDVbnSW2SKXOTEVthQ+W280FlBSJr18dWkd9CvQ1+gYWJl3h4LuRUlZqBt6ZcWjGzCo0g2w3VJqKga3zQQ7BpcngZCNWFt+B2njzXRra8q/dG412v4b/Eb77WbWsVLm/WNjmuVNhqYKTpIvo27Ox2JxsaVelumnYxelG1+ZrVb6YuS33lxyssLd4HM397SlVFBfhMVxMZR8tlkxjlhSx5XYFG7JxleWYvfDt4qsYUV5w2GMkUfSWmCtoTalZj7jGESOgfuoWoWjE5ymKpN9ARqGsQSPci9NlppRnBCsXB1kOWCcAOYOYHf3Sx7Kit1RsipzffUfGBF9hdvbIXjkhE+EL6Ue/jOS1WMZF50AafQlJoHCdcBA+GmX2xK2NVuAiVDtaHvFjYjeOphIEg+XnyqhIO9MrDhnWDMMzCOhVsMMZZdJlojvU/QR1CtWRAIDEqIXhRzsHNhdmSTY1sIawhIm6jP7SFXQuBLoF5MFAUsDrbf9/ESb+BnccGBZMihu49wxQB16P6GcSQxWmDIx+cGjgm8dOxawAmemKdUJneSufSYgZoBw3slssI0C7H1YF9hgO6hs6ufFFH+5EfKhT9IMIRxiCdnLeTPh2FSpefTho3vSrKl19pq5h7DFmYu6G1onJosxJ21X6K8mJks9KePCOjMM650WL9ZCLoeRftikQUFoG8bUauuFxaSlhvE3BWXs2BpyGO9AwlxhLwUyXA1eoRoub9UfA6bztnca4q1FSRMbvngApuvi4kGr+ltEuGMQRugLcPrlaGgLkBl8NVcLbTzVDh6ZQenkRZR4FeqQnY63VcmhIBb6Q6ldS+Uzi1NmcZlQavjLcC3ubFeOUoGD9OFQ39AX5QQC36SNkibPw+Rx1pGmVGysp4Ce+dY3EUGVXw1pYBVwSExJ/psvd0s5KXniSRbLDgYkS0xgKlbB1IOoj5qy8PMBhoAe0IamvHIKeQHxHWO7sARe2TWWAh14YRXIpeDmjA3rW4YecgQqnBCVElsmJH7n4agvgR+5DxJTsvXbhjI21Sx7AiczfGEa0oCrgA6QEMM1cYutMtZpPfm9vwSRX7Re/RwAYx2JkGVQAF/mIHfaWSoWKrxQ4r8VTLYbP4KecTCZErYm0Ce+c0nxofTgQE9jqHPQj86KmQueeDcr0l+sxqUP8FbtzbQWLMMow80QnFif5KGkxxC0cLQlw2Bpibe7YZXg408tsd1mmgxQ9CfROMYRJQ16BbhgsbJZL83xDDObBjEsDq6g72HxKrIdb+x0xMBjYzw22ii4Y4CMVI56FQT+zJYYdg2IdsJ1VL79dLusjtLZlEZEHgWR4c3CXrJPDZOZAm/zqZLY1XqWg3F400gIXleRntxszml1AqfIeDRpeZ7U0zfUPs9fCOZzmuUEa4mIqViPLGwZlZ3vYiG21c4IwZNLqQFU2NXa1CI7iLUvlLBvMhZyG4ZhTuU1VKhvjUPWj+2qIid6wAAOQ3gbbB+WwmGq0J9ARpsVG3NHaLAbxA4qFsb9DYyetWtYV2MZmLkqYyVeA8zeLiNJhe4ZIOuA2GW9cOkgzjw6F70hwdwEPN1wrOZm9u2/Evq715wKNs0FE76xFCg12CzlVSSkuPuJ5y2lFrgFdtoleJzdBSyTXGFDqEdevap/+obakTycAPLTpQ6CWZVxFL4BP3eQO70sfpjDGAaMdx0OS8mTq7FPepWcYLn5lkbU+YE14kwzA2Yvia/mGUWbkbDWfifEzMq4kM7FOy9OQiAHB1fsscluqpo88mriZxQ4GKEKtOc0ewaILbZhPEa85W7D4HCk2WAQVn8BsjAVcQsOzjAlnCqaJiw2dTpJhrfmvB7dnvXn4FzAbsWxhGeuVnlYkiphgAtFdHZCxVs7TscNvev4zV83wXT8Gol8bgj5SkZwhIJJghN7LIaOAa/UDsrzZ/9UvI72AvwW+0nFePCEhV90fovkZA51Q/pCuMCbK3bCFlZpJRa1IgXb7ykH9oAMX8CTk4H7/E7CBw9uwTh4BoXMyZGyCMOV8kwK+McjPx9LXo+8MHq1KMZ8RMGUh2+FtXFwy7Gi6K2EaxrBD8uwG3IXwWRSYhDAMJGyEs6pvCu323CoINzo10xMuGmygoJ5E8yfLv/D7Q08HEU/gGTZBw5SM4cGfoRRpRvwmffhFb0yO5GNwNGpU+/CPDgFXnWrfvBo5kinKGmeXuKOcDpB4dnVkzvgoEfifrYFw4guSodJC9ckJYWmFqG8FYAoPxICz5jCK7PTEBDPoiAWLBs2omC8LXGNbmLlYDDAC1hUtQ7gI4Z6ipY/ttM6n/tUG8zTqCBH+yMatsGWGLYgwRhIuwmieKltVpsMV+NamD8YuKW0bJzPn5eHq+HWY8ASXJQ5F8D2rJKm4HEgl+GCl3cNIJ+8wXIldFCH0Pw4+A19G1LGXxxkT55F80EvY7eViRVFPoN245cLYsZgJflk6TIdXKQB3E/SUFUlIWBBL2dzkd1Mhv3fLkjPyYKhL4dEhYMEmz7mHpV0KZX/MDcZmFZxix7G1tr4sy1cwg5HqYtgqX8nYFg/GmVKf2odntR9rlV9bRCRPQZY/dAmSFl/AI7uJgYzGgmDz7D4K7ftrRNiPDpncmHPntTltKFggO62mubKJbRLaW9tmVvcpNSn4fBjMD/SnnHAeIbghqvEkaeWXN13W8ZwyEjPx56kttPLSEpPh6nImc4qc+K0X8mXt5egh8+DKYgNDuY0/ijlK3r7CjYDwNfYitrAYUYlRpJ+yOlBJCQ13+OYF7ssmWBUeOA7zLc4YA/wQKn/kVb+H+Pc5sGOIukgoEiGnkYDYXzpEqzCEZCQ02lS5q+CTXltTRDbwkolZKFAx5eOgXf3nBzoSVzw52hHFsMpwgw317AueWtPKR40ugmrMlhY5viwS32c/G7wS8ULT+ZBKRgQphEMGKe2VdDx2l5aAdu2kzUE1AQwrV62YxZLIFbChSnJsJavl7J+EMPNKvBQlBK7HN+FVtni0vJW4+BKvWLPXPlqHHumiSsd/8PkG8w/dPARy5zx5Vz8csmpEmr+ePBqrCB/siV0QrFWP/lAWYhRsB+6slWaw4gGVTAaD0dfzk9IGrpBRX37yqLBQxROmR1CSJUN5RVdQ0E1PFUOu/hwOPRdGC2f6Ur6QyV46wQGKfof3rmy3wa7Oq3TbRTZiYWldKG0TASW8BveshNirH9Km9sE1qU7cCpUQQbx9tfG2I6Zmr4fTHKFZWMM4wMsuHaiZJTtKLwY59S+sro6Av3eo4ANyd2OwVpxP2DPJ8oKB6pLBnxr2ZYsJmaXAVIVKy8ftxWJHTUALrKlvJUq7okenzsqE83ExsWGitwK85Li6LZXQWgLUunZ55AWwJu8bqVAicevdfXXxL7t0gyTXtsBuzU5HSigrM2AsIDNDz0Z4dB2iN1PYeBkDojrSLe8YocJbRT4ZDedYMD4+2QM5ZVdMI8qwFisW8fbWkVfUO5a6wMDnx8MEjaxdkzKPKCAR6BOxf2tK26RujfvE8B+24EU2KJQ4lduB3ud1sE/wEeOU8gyAwTW+Wu+BBN82R0xuPVYrKQcS/W1F6dLC1G7bbiUvu9ge9hUlB2Odh40UBQOGOBeCjQHJV7UWt/ltKYKHH7B7J4ifdpZBlzZuwl8aw3r5Z8/qFvkfrXEC03p4WK0od4Nd7jTC62347oPHsBdrC7p1d82uSNyDET8/rYM0GRoOOVlScwqBL+Bp3X4tLTTA7JwIAhb1cgFVuDi0niLrSQ8Gqkj9gw2rmTzD/Mgx3iVwv4vmiPb/lv2GSB3hA/X45SCohxTNNPAMo2CbZpStxE7XXUYqmBcbAjjryEhxRsXo2P9wRzRa/QYPECvQQp0CDBZNh4kUvQlTb+JkUyWJVlcxfMbOhuGUQm64NpG5giwThODeXfECD1O06bZb2uSIdMyTsJzcDpBCUgnbRSUSu9UV4iDrTAR9SH0LwjssGvYJKmjBWn6/gtYowW0lYGnAS30fzEA5lZVVjujCeBK3ApJZ4dTX78YyCyyZbAxfOI+UZ+hDuLa2yNNjhzi0tvuBwSSNgi781dQccObpMkb3Z28mlLguVQbngQsX3eC6dsvbT8t4A98TyXR9bEusPi0oaKgtC8d2rwR1jZp72CbUTANPMX1NO62+Xh+ZkNzgsU3n/9izRcYaz5qbpHNLomdp0ZC9a9onfpn5zaG0PbaSxrHsDLbDVMGNtHI0rstLdrL1+fTs+tTik1y4oPPB4kEimTleDttw2jiwaf8JdhbtWPNBpTTLbYoLYHybYyIje+/WH4FFYACzcpnXh6LSv6Jp2Z1HHZJnVdeG4bPem44K9hcxH2xNTm8hNjPnzxK42+dD9CT8ZcDAAkZLH6aC3rkXcqDuc5xDm3DAFkkLp8JkVjiEEMUpkWMlgQwu0rmo9Nug21SNbFVu1XASu57dev3SQb68TsZrQImbyAvV5SUlemHt26WEMJ4wmUWWIITEoadOrv1udcOSMXC3Z3EUdgQ8tMBLqU/Q9cPSF0+shAPK9nV6yhdRbbjeRisNg5nr6JSen0fS+WwLctimHJ3gPbX93HOjDGZlQ7cE4KgMKQJHgDOdJVSZekkWQIOb6pASqvAY07BDN4XSKG/hMdrIU6HWGQFBd2FMahUAAv5D8GwbCoFKI06QSCxH/HRsY3rkepclPqjNRItUiO+d7D7g3coeOlxPMaBjsIrdpLmtbrG1wJ0W33N/hY4hmlIW4JHTN7PTCSOAeFPDAIp8YBO3diWscm+V7yws7+Q/hutJpDCnOk+9AyR36tXFuwCwc4MebMjo+26yHnCp52XatFP1p5kcVHD58jbOf46KJ6zFHR+zc0pMzMnJd6mre+dpdqbweyvZ8cGgOtEeuCJA+lHBLY0A4h9C/FCCQ/Tsd92nyI7Ok1FRXY1NaULaiBfcWv9JWcIG5eBAebaksEkk4ATA8LcgMmM3Z8yRjTVb/fF1LPwKXQa6gHTryPUXwTm7pT4rPtjz9WHDy+yQ6kt0tuOAZoODOU8dA462fFIbN1GcyXhl6ggPU2tst6q+I3rpCaHWN2tVZACg/kFsudZozHGbIdYa3xaxvB2UIPRdkR+t2V04vfy57bkohl4OgAOLblMhoHHJFxmHQE555kPKmUIp1UxXy22wLC/srlwYJbjSScglRONagXHdYQxDIsd+toJA2Q8cCMlt7G1BNiYW4tU/rMP3B9KdU9L35USqoDU5GSsm3kOUsPBhlagzFsY8tK0RqbZBm6H3Z9DujJSJiyahCdInTnJiDWkkb1DKQdOErgAMz+Iy0o+QasWOOuvWD1Z+mw7BsgIavpCbAeWOJpYlg3ijtWm0MZtZ6XKNumNjb0wMW8x79jajB72u9dj2EjK7daDDxNSgXQWz0bbpCyNtnPztbE4+b3Ire6PX/eEzvv9A/u0j5wh5zDXkgX12IJ85WzyAiYbrBrqAofQnWdT8nwAd6aYZb2REl9T9YDW2/Ca0gYMAZhUOB3eMGvak+9eClTGIEeNNe3dwLxjnpvjCh0dgvky0nYbHVemDX4wAxSyHwXxxm86YSW8Qwla75z2OMTR9GXpVJHNvE5HSGZ18hsC7DZdCeg6nKyMKaqJSgTd4CRhBlVUJdVbyojvWjCIYU6Mi00psKhIlpw12sBESWNZTIKfabStnZXKaHvqc6sCOk5+hekXLXNmy74KgGo9ND3zPr+l59EkmLiLUvyGq8M+MieHqKDz7sjeaTCf9AtW/DttBuNqLE1uMwY7MiE2OYPEfQJXYI38eqCLwONSE0NNyckWDHBXlBw/pV8M5lHgnA62lWWega8aGRLb4DSDIue6aSiioE5xZxOWJnots7ctA+Sa5OEXsX2Fp1+3VWGgSu1matzEitm4cPHL2/tJIX4EyY6lsbi0VD9YCiw9Z5zs1LsUQri9/jgVnGPxbLT9L3D9jS1QfNhdVHwRjLC/ZyQ7lInPavlLwpBbhcMvbvHVvWGZMdNEFYTfRLxP7IQJMgOU8nQKRa7PtLpW5RrCV2CMjHEm+TADMaDnEy+1ghOLEHCm6agtKCD58EJzJ9E2bhyCg5fRps46hoPVpyDglxDKpwIPvGTobAgnFG6Dn+biTvDicju2Sm0YjAA6tH2CW65kjzVvr4R8CGPRpRSIqoTAKZa8PVFfE9HUjdIX7AezAnt8YjkgVQY7dRI9zy5zKwPyZGTmPIiO+qbFwPMnS38ybNwOvPMc67VaAjj2nXV/uNJXhwOcuWv5MfW2CEd3bwSOK8AMnEGP3mSZmRUp8FL2sahmoWLYRzqonhdTRasosuvrlLkN+Rn6xQk0wML8Y0knHbu3xIp1eYk5Ph3VCKt8Kb5MBEHhQrz6xu7jXS/IrUBnFME7LylLKRSakFH5E6CQw9HusiV1DR9A1/ahaymQVySSl9PWwiZvLBWvbuiJ8TIdd2LTbguMkqlk2AiZV9JDd31HWBFsrMSMlo8n7exUWI47eBe6lv740XQVeSfUqD522ROpi69awCd3CxxJTSYUUwocReHwramBOkw5GLwBEthExxOf5QVhvEA1L9elrEHT+EbSPoyXlFmaE8yFcyJt6wwJNIMw/m48KSB+gJIOJBngo+t7gNs3rWqSGm9/cVDWKiVJBOCwujTTPyeomrWiAh/07ydpcDI63DedjSSVMRc0T0NES1ItDwwpO0NrUBldtjlPzve0YM6QltfekpRMHgUGGCwoED1xO8Tx1iU5JMSCOQsxHLhdy1mmPqc0X0TOhsfnTm6kP140YDoTioTV3CXT+rJ5R9sFv3gFjHarI6ZhTlLYoEnxt1Q+44KMkTrvDn6O85/Qn/ZmH2YlGLKG2ouvf7Gsk69+SbxV4/RkmzCudPr7Vi+YWVZyLFHUT4cHFWfbXxMf8SktPcRtaA5ls/y4B+uQ0TDzUzi0MtBf5qkrn7w6/+NyQu0CkOb6U31jKVCpyfB+5NzEJxWsDhif9EChTfDUD79FoghGklo5dE2ZV8EdIsS1NOaW+695Rm09vG77TMOIZNwOdpRbMmKU2FHzCdXvx+09JxMmGfbMEARfcRNgzkOe3pu3YwReKb8cD54ny+04Tvqhhw6FF+fm+KodF8o046ID22hc0bNQ5v8TGLl9MCcHrgQK/700vvIeWjovPQl14u0jIEH+CkTHGxFOKgRK3D965CWKaGstEeSrX+OG4DaSuMgyXyzRtCOG4X6D/+9w0PY/xI9qOQkTbr0GHf/3wB9KWicFmOmot4gWxA+MXDWQwg51oCYI9b8Ya9WA5aTS+DzmWKV/hjAxw/6mFveLGIT9DUsJC+MBnfi/MmYcaTe9ZsEhmnDrXGx1xqNs5pKneQKpdcPbBTc1bD3wleYLDtfD2L1lGPgwJLdLsSwaMHBL/d49fbGSZwiJi2FMa9oYbfz5V/nygufrYdVF6S5UdnzyqysdHqIeeuuy0uyf/LZqKSalH9eZdPl9dBEMkh0wJcEKNJhKCPG/NGH2vRQe8zLVzLY+1WNd27Yul0Pt8CPUg8emDBg4tkImSQSGjSJsa32/p5o51nVwaaG/iv9+gr/OtozCZArs5EG7hxq2daHzZ8+nD+asSYJENGp8ZQkk1+vx4w5ISP1t4ZulQCojchBMvPVBVki/EGOvELBSVhlNAAxlHIJK6R1a/sh6m8ypk8dVvg1azkid4VgKoyMl3I6HWTpdaJv/BMvgZran39Rw/StgEJ/jwGC0KykQx23kEzcf3LrpQKdefWAcbTdoUqMqNObFancgL/BvGNC/cTRZUoFjNJQe1PILftp4pK6n5gdqLgLf+YW35+WHA3lvugCTXtHF69dBcnoQffRLR2TlNgucviswQanuJf/yi2n87FdgoLyCaMDeJklq6nMa7fywmEL1o2mrvAK8dQq2YYNBMBg3OkSRpT9Df4SOHvrcUYna2rWU3/kd3Em/zl7SAUSzLXpPMMFKatAnQarlC/7wTiJ2wg61lvwqB/dpuyPuTOQG44a9nqFjoXAY+ICJGVdYJEivVXB9vw30QAPtJGGGoetfwxPzFoe1Js+mqZib/MJow5NnM2PNcS0vpqtn5dHLc1PrXS1AdNSk48sAa57dG70jLB5wRRBzlVS9d335ZWmnns7HX7I6pRYkvbH+pTq/+AvuSl6G1c6lAwdF4bq6kQc2rNO6n3Gm7XhOhpMZx9Ifv2KitDk1aT90nhKqgwRsHY8OeIQKxKVQV1zgaKEyGYeCFKeGgFH0gHx/IdX7MUG3bqEJtx00K938JnRI2C5LXx9wARitG5DKEJwyP1b2G1RDjZEHcWvAmcjP+cZPn0sqwHfScx1VFmWCXcHc2BszOpAO4TteVsPJrQ6FrBC4X6wK0TPA38DplNPAkptqwH9zqebheOl17O7eSHOuGpK0mJbNjYfhFI1Yvj3bt1Bxn9Vo41j7PsbOhp+p2KHzVbp2M1qOoZ7NTxZ/jm+Q8PiqjNVYZd3VC9Ft9xefaw0H92PhzKwZUfOS0GFJ8uG99808QnpgLgY2DhowWDMOYFyRiA86RWHe+wUjyyRIvvURCa+ivMgrmZR3VWYVXuMSkf8HGNsc9xMzjijzwDZOHwrpbjLoOA0MY0b0T+Pvk9EoXhU6m3k5v6Ng9i8ODfR/p08f2+SoSCxTJAApjp7HRI/F2H+aeDFD19kp6QATZ+J7tPow4D4YzKo72gfx3HEDwEAw3hUOHyKS8YkPvsZJSIcPPgfwWGmt6MN4ABn8Wvs67lHTR46GOqMlYCvpE5dkUFOHLpLGqMhSOxY/sgMd+IQLLWAUEWBev38f7fwCO+p0BneLZsB2EGNOf22zVvuZGe3ftxQD+210dotcGXzFtvrA+rV0cNNG7L4yhcXCBs2rnlyKid8O4XDtEkhp/w56HMHsdY4AT5boHzy2Kr77DGbH0h4/vHRsu+tgnjdXiLolS2CRX5A8tPAY9OZku298Jz2i/wodvck0GbHL3zLdbAf+Mz+R0PT7WFzLvJbf0QZlbIfm5j5cf2u9hdTpSnS2AyLzYmrsBxNtbURtWX+KRKE+AF24VfbBbLu43PY+vj2kDpXDAdGzji8s5tTTGBAb05pYrdDgwaBo16crqeEI/AOky2gw3nQ9VK8ZLYyL2WjbEHMBF1sshp9pENhWN9COlTXQ8zs4SEioRuKpS2WEvvVFIn9KSDp+P3n7aNT9CVLQz0EKHMBkMFTMSQOUW36m1QLUya8nK3Uf1QWeIO6fTEKndV9g+/ozIILyGbQjkzqbymAcSVwCUPovMbY+bYqOfZl0d3es4OchPRaT+pPHuEFfUsG321NnSiOlUdWAJgecjXXgJ9RZtHnTkDRq6PBZj/doiBLko754Vd541jRpcEMiDIi6Pbtoz6ov05YCNb8fg0l/t64uwbi4ob46K0bb2PLs+/Zbqt0OJytamtt9DQzUMJ54+5q+O9yQx3XZpU8fxv27R8GAfgpGtC9tCcoNAqaBr0D9qorq6h+kL36PiZphML0h1/4ZEu1/mQz1uDFBTC8J+xpd/YYa9WeSOj9oqMNhCm5bOBTEQAF79/dOyVSEp1SV8ZUj9YApJ2oFJHwXOdAT2VwAAAzSSURBVAV/IuRrHwZIVXBCIB+Dvm2nuxWZD80U7fi0hkJ1dc52EdwrfMAQ0UNCyYdaGRez0baEFOjWaBt1RI7W0vYVn5gCkNPBYHp8CUc254W1p4GnOeyclm2TfMue2Ed1R5+A5PG3YCBfRJmgG+nYDkvANpkfHvoW+t/DM/LD9PmTrb0+24FJTGdm3qA/BInnP9C32DKkuSglwrP7bbaBsHVXvyK9/n+huzyYtIiGE3HY9SRNS4xkLx4k3Ov/YnDZ1lEl0UnG0lt9om8UTu/dXBlsBbN9I9qJAaLReWvgMsd4zrUUCH1b7fYdtHc13n12KGlJmKdgLC1SdfvfT0r+8ME3IQV+4nqSQELd8/XXdHTnDse4CR9bhahn3ri25+akuLVH5BfPHICJ4wtYsGah+sfAmGuzzwiPMT54vgX8ZzDTZtN+jI+audnTgbKrprDAvXT9HmznVkXbkO0pgHbwgYdQ69CGH5Me/g3VPJVckufbFXzLwpH0BzzxDgwVqNbbaFdjAldUTcbqBAhv09U42lTUz0nuEyFPtnvfeZt5W6JHeHuF6xcYNBkHlgJ12oabHOFG+F2wO3Vl6U83dBhAz62eNrw2abVstM3mCoCcNN1pJMy6wtBP7vgMOms7vAAz+tRleGejQY8jv7u6neLoNB8r75f2WQYzlCowkNmgzUvA8bDJRExpKtM+xBDk8sr04PwGhsKdePDk32jJwUW0Gu7Ush2YoR4OPoexdxtAP4D6trlvwzHmbUp9Agxb4VEwPH7VEH6SluNEPVXwR8Zi+zsomsxT0eIPCz1w/YzeTbhClwq203gt/CkY6wGTBlb1cxrbvEs8Ncun+VZBILN5pmPRnlhd8BMHVVSmg8cKC0dpzkRvR6AyyGQEVuFNjRdA1FsdGaqmqoKlwG1baP+aNbjWNhJjO/UtJtO4OBL+5EhO7hupwJnxkaMvkz//SwyMUY4U1EmB8YCB2+Ivv6TSsnGU360rmpmar0ktgMOTo38OdlqbYCibFHg7REJ1sRJ+7Mpm7YFJxHLSjFHwonIRzEPOAzJQjrNbqdTta40w6CPU1/hvESb3e7gWt5JC4a3Y8rbtrZdVD2Lhq1pK5es3kwqCkdNFWIgr8AkTHXikbrlYJZPO4tK5VQZOdo01GCvVGHxv40WSL2nlum1EWOStguE7G2YCu83xZccCWBkijLdaXaGzgu8kbUn9Thrvr0abJzjvO8XX4h7FX3IVjUF7gSsWluTJzWgh3YBtpPJZ06m5QNa/2ZE96xW2AjhxdjmI8CYGIK4h2RGsVenmCDC94qFn0MgbfoBxyBJFcljSF8DV4dCs6qt6z28unPSboAmVd2NS485lOpM6ERbwANMbMPkiGnThJWCAyfuaT7HxQtN+Q8mLqq/skeVtTiJOWfo9YHoOlfhwLREORTU5FDSfBMLfiT+H4wr9RJE5uNf7nxQ4sCfjU143zamo8FH9kK4wLekB01Q8ckWngxkMBki4V9Nx6wMPCQnidzeiT2gp8yEqvDfCkp7Yihm8Dh38Lenat+Rr3EOH6/c4NtQ+99ahuNLZkyIO3HZpEKnCcjVUAsm3025oMH72MEj1PXBYYz/QfVjRdf0gLXskajqWrN6xtw0nDbaSTuBJ1Llvx3Jiu8R2CA4HahtixpOop/8JiMxTXUmBGJ+sAxx5w03U7fShSaVAlv7gnOALylcXOrKvO/uuUgo0LARHPT1zKRC04/vGXbvS2dNnUrAIap8kUqAWyCU91PD4nroDs1ZNGw4znBMsVKAf68EMlXgZp4rOrjqao09uACP5F/p4zh/bvcXDpwaosLATpFAwPV8umHoQ1/v4+htz6mjQzFPdRrQRfRSpp3CglvaFamnjYw2xLGl8Yo9YlUZ2SOBtE9ATVWnyAktc0oRnCattWnwMapqNbiNcJlZeiK0Uu/Zxdl0pFRqQAruPHEnDp96AHGhaghTIhs+GXn9P9ZV9f4sMyUXEeNiCxlX+BJz1F64YIFeFRX7QpZfTgEkVYMLxt5hY+lNS1OpG4+UfXtF/cTwKJ9iv8TNvBXPAjRq+6uOMxOgrHIjR7ygn9CieRkx+Wtq+ZEicJ04a1r4Ye7U7ogBrKds/NEq4UVLVUcWpC3QgAe5fuw6Pnm9pdepqSn96aI0/kgOnn45mJiMCsTLyNLY4m7EVdoFYdP6w0XbjEZwbgOG1DIwbRdQb2i4DhqkneGjU/4ItMQ4z4tuYulXgJcIYBAb4j7g/PA93h6cRGwenFxIZVHql7XMzw2v5Z1/Cy3FCUKCtB45zIoyf8R288focJK2A80JJckLHBjf3dMZ3rzO3nrEcMhCAXz39X6uvLPlP6G/SWMGrJI3f/kscZvyz2y0613ralVdT3/HlzVt0MAowxHp4fbkGesl3Yvie0J/jbi0n6V8AltEbi4ezppgHC6IBfQPjXH0NpMgVYKSf407yBqgg9kGerCMtBE8TWD2MnDw8ntsDjHMw/BGcRVrkRVo870NnFXm5PAo0U6B9T4Gb8cArrrnvUn5oCUS3C1xtN/kGxurV5g2Mwt59wLN0zB/Y1oX1zQGDnkmP+TGC0E/IWY9jCzsdUmBPcNWWWKfxPWqus3PlSioZdRb5AnwPGQ9r4EaKHgq9f0SJj9IA1rGz6r5PwKB+AYew94OJ5TgSuFldIaBvUziAUAIHEAImIvDEorSj6ETc55U4ePDzK364YxzKx6qBd1Z8+dDTdcapK+vfPAbYsUdFh8SuWbnb3ujtWR6i3mOgXKZreeOZMTqQJIwQBAkwva5Dh4JfYcZA+tPDjXPea1j8F1qwIA3p7xgWQwoOUqRLf0gl4xL1imnhiQO0UO0RysN7xIWl7AGJJ70I41zxxx9d0+vLtGB15Mw7agzqftZa0Auv5YmJQDW9nYYw9YeQ8qgLmGcJPntjRPQHlIH46484eKGmHma6Ija90WnikKfoq6/S71sA8cKpS4HMGU1b0Kze/wZ2TCvAvdxBhxS456tVVLdrNyQsbH3D4V1+oT9G06Y53I8lVM9G24bA+8ZZMNqGRMrX48JwloDnMvlA5OOQOvheQo0n/k+++sVXwEg9GJW60+CBzMbMP/xnsjSsaiz5xf6Yn8bSWSIXYgRtL2BG6QWPAmlRoGMxQL7wLulhjG5z2KfVkpaZMV9COGzY8Sl4KXtlNvQ/R/L7r2mZJe3vdQe/Ahw28Ui7aFwBGG0f2bKZDqxbCz4vdaGLOYu/c0b2bzzEVdpOP/gKmIKXaNLvB5OC2YhL2iVrhjlUJOz4aESyZC/Oo4AVBdpgRFpV5yDNn/MCGODX2LdiZYckmOkf3vbY/c03uCGy9bAWzINfPdOA1QECKbKweygN5h0KLpX43ZBM8RJ45Ah2gNs//5Iaaw9/FtHCr6Wo8eSIXjpvK4U1+OMzfgLBDY5WXUr3yajCvvSELE+W5MV5FLCiQMc5BIlh+eEDe7WJt/+39AcvcXyCGCsb92mQ3tAIJrhq9ZExw1bFJWX6Y0d4ha9P3q+F5h94bG+WGSQ4E67bhyupG9a/9Nk9kzN385RZ7ce/FN9eGD7zUVzkhxQu7sIfv3/Ll7Kzg4v5sDmBAVZhQcehlRc8CjikQMdjgOAseqPxvJ5HH1DIwRUhq4aGSezevKm2djhvv7IQYO0fGfx3uECPx6tDYVfbdK2+Vmzbvn5PFrA6MUCsmr+fhkx5k7r1XgOr76tx4vt9bInPwtYYPc48yw05TUY6mio29qBqSJle8CjgkAJpaKYdQvSyeRSwo0D5zGIcKg2ESvBCmLnAH546G1JhkVnM1OmZJxw2UHjo4o8ZqBn0/eChk/E2sbMX446V8j5ObQrERs+pTQWv9e1DAb4H3kUUUJBwE8Q3AZIhtrH6cDCyPvgrhKQN3V7CEDUFRZb4xBEwUHhSEaugV1xEquEDOlK70rEjgvZpsVdrB6NAwujqYNh56JwiFMBD6aNycigHRtNKy4MxfA8wtl7wKFKMzyI4JMCJGILiayXwQajTAdz+2AVv0TvxPi48PR9ooFXwvkx42N0LHgXSoIDHANMglpf1eFEADBEOlehovqRCXcNpFkyjc6JKwvwGg/bUGrS2HsyumhmeG+Xh8WqQV49HAY8CHgU8CngU8CjgUcCjgEcBjwIeBTwKeBTwKOBRwKOARwGPAh4FPAp4FPAo4FHAo4BHAY8CHgU8CngU8CjgUcCjgEcBjwIeBTwKeBTwKOBRwKOARwGPAh4FPAp4FPAo4FHAo4BHAY8CHgU8CngU8CjgUcCjgEcBjwIeBTwKeBTwKOBRwKOARwGPAh4FPAp4FPAo4FHAo4BHAY8CHgU8CngU8CjgUcCjgEcBjwIeBTwKeBTwKOBRwKOARwGPAh4FPAp4FPAocGpR4P8D562jRcudh/kAAAAASUVORK5CYII= + mediatype: image/png + maturity: stable + links: + - name: Source Code + url: https://github.com/quay/quay-operator + maintainers: + - email: quay-sig@googlegroups.com + name: Project Quay Contributors + provider: + name: Red Hat + selector: + matchLabels: + alm-owner-quay-operator: quay-operator + operated-by: quay-operator + version: 3.11.5 + replaces: quay-operator.v3.11.4 ## Except for ".0", always put the previous z-stream here diff --git a/operators/project-quay/3.11.5/manifests/quayregistries.crd.yaml b/operators/project-quay/3.11.5/manifests/quayregistries.crd.yaml new file mode 100644 index 00000000000..25d24f345ed --- /dev/null +++ b/operators/project-quay/3.11.5/manifests/quayregistries.crd.yaml @@ -0,0 +1,1049 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: quayregistries.quay.redhat.com +spec: + group: quay.redhat.com + names: + kind: QuayRegistry + listKind: QuayRegistryList + plural: quayregistries + singular: quayregistry + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: QuayRegistry is the Schema for the quayregistries API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: QuayRegistrySpec defines the desired state of QuayRegistry. + properties: + components: + description: Components declare how the Operator should handle backing + Quay services. + items: + description: Component describes how the Operator should handle + a backing Quay service. + properties: + kind: + description: Kind is the unique name of this type of component. + type: string + managed: + description: |- + Managed indicates whether or not the Operator is responsible for the lifecycle of this component. + Default is true. + type: boolean + overrides: + description: Overrides holds information regarding component + specific configurations. + properties: + affinity: + description: Affinity is a group of affinity scheduling + rules. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + env: + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + type: object + replicas: + format: int32 + nullable: true + type: integer + resources: + description: Resources describes the resource limits and + requests for a component. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ResourceList is a set of (resource name, + quantity) pairs. + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: ResourceList is a set of (resource name, + quantity) pairs. + type: object + type: object + volumeSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + required: + - kind + - managed + type: object + type: array + configBundleSecret: + description: |- + ConfigBundleSecret is the name of the Kubernetes `Secret` in the same namespace + which contains the base Quay config and extra certs. + type: string + type: object + status: + description: QuayRegistryStatus defines the observed state of QuayRegistry. + properties: + conditions: + description: Conditions represent the conditions that a QuayRegistry + can have. + items: + description: |- + Condition is a single condition of a QuayRegistry. + Conditions should follow the "abnormal-true" principle in order to only bring the attention of users to "broken" states. + Example: a condition of `type: "Ready", status: "True"“ is less useful and should be omitted whereas `type: "NotReady", status: "True"` + is more useful when trying to monitor when something is wrong. + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + currentVersion: + description: CurrentVersion is the actual version of Quay that is + actively deployed. + type: string + lastUpdated: + description: LastUpdate is the timestamp when the Operator last processed + this instance. + type: string + registryEndpoint: + description: RegistryEndpoint is the external access point for the + Quay registry. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/project-quay/3.11.5/metadata/annotations.yaml b/operators/project-quay/3.11.5/metadata/annotations.yaml new file mode 100644 index 00000000000..999bee7e19b --- /dev/null +++ b/operators/project-quay/3.11.5/metadata/annotations.yaml @@ -0,0 +1,7 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable-3.12 + operators.operatorframework.io.bundle.channels.v1: stable-3.11 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: project-quay diff --git a/operators/pubsubplus-eventbroker-operator/1.2.0/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml b/operators/pubsubplus-eventbroker-operator/1.2.0/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..fc5ac467789 --- /dev/null +++ b/operators/pubsubplus-eventbroker-operator/1.2.0/manifests/pubsubplus-eventbroker-operator.clusterserviceversion.yaml @@ -0,0 +1,414 @@ +apiVersion: operators.coreos.com/v1beta1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "pubsubplus.solace.com/v1beta1", + "kind": "PubSubPlusEventBroker", + "metadata": { + "name": "non-ha-standalone-example" + }, + "spec": { + "redundancy": false + } + } + ] + capabilities: Seamless Upgrades + categories: Streaming & Messaging + certified: "true" + com.redhat.delivery.operator.bundle: "true" + com.redhat.openshift.versions: v4.10 + containerImage: docker.io/solace/pubsubplus-eventbroker-operator:1.2.0 + createdAt: "2024-09-12T19:47:52Z" + description: The Solace PubSub+ Event Broker Operator deploys and manages the + lifecycle of PubSub+ Event Brokers + operators.openshift.io/valid-subscription: '[]' + operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart + support: Solace Products + name: pubsubplus-eventbroker-operator.v1.2.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: PubSub+ Event Broker + displayName: PubSub+ Event Broker + kind: PubSubPlusEventBroker + name: pubsubpluseventbrokers.pubsubplus.solace.com + resources: + - kind: ConfigMap + name: "" + version: v1 + - kind: Deployment + name: "" + version: v1 + - kind: Pod + name: "" + version: v1 + - kind: Secret + name: "" + version: v1 + - kind: Service + name: "" + version: v1 + - kind: StatefulSet + name: "" + version: v1 + specDescriptors: + - description: Redundancy true specifies HA deployment, false specifies Non-HA. + displayName: Redundancy + path: redundancy + - description: Developer true specifies a minimum footprint scaled-down deployment, + not for production use. If set to true it overrides SystemScaling parameters. + displayName: Developer + path: developer + - description: SystemScaling provides exact fine-grained specification of the + event broker scaling parameters and the assigned CPU / memory resources + to the Pod. + displayName: System Scaling + path: systemScaling + version: v1beta1 + description: | + ## Solace PubSub+ Platform + Solace [PubSub+ Platform](https://solace.com/products/platform/) is a complete event streaming and management platform + for real-time enterprises. The [PubSub+ Software Event Broker](https://solace.com/products/event-broker/software/) efficiently streams + event-driven information between applications, IoT devices, and user interfaces running in the cloud, on-premises, + and in hybrid environments using open APIs and protocols like AMQP, JMS, MQTT, REST and WebSocket. + It can be installed into a variety of public and private clouds, PaaS, and on-premises environments. + Event brokers in multiple locations can be linked together in an [Event Mesh](https://solace.com/what-is-an-event-mesh/) + to dynamically share events across the distributed enterprise. + + ## Solace PubSub+ Event Broker Operator + Solace Pubsub+ Event Broker Operator automatically deploys and manages PubSub+ Software Event Brokers on Kubernetes and OpenShift environments. + + Features include: + * Initial deployment configuration: Production-ready HA, non-HA or for developers + * Rolling update for configuration changes or broker upgrades + * Prometheus monitoring support + + ## Getting started + Refer to the [Solace PubSub+ Event Broker Operator Quick Start](https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart/blob/main/README.md) + displayName: Solace PubSub+ Event Broker Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAABwgAAAH0CAYAAAApE3neAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAFeySURBVHhe7d0/rjzLeSZoLUFL0BJ6Cb2CwV3CYKwxuQM549NqTwABeW2xLXoDOTQGaoNEG03QaIqABBCQAAoSIICGgDv93XNLv/MnzqmsyojIiO97HuDFYFqX956qysqMiDcy68++BwAAAAAAAMpQEAIAAAAAAEAhCkIAAAAAAAAoREEIAAAAAAAAhSgIAQAAAAAAoBAFIQAAAAAAABSiIAQAAAAAAIBCFIQAAAAAAABQiIIQAAAAAAAAClEQAgAAAAAAQCEKQgAAAAAAAChEQQgAAAAAAACFKAgBAAAAAACgEAUhAAAAAAAAFKIgBAAAAAAAgEIUhAAAAAAAAFCIghAAAAAAAAAKURACAAAAAABAIQpCAAAAAAAAKERBCAAAAAAAAIUoCAEAAAAAAKAQBSEAAAAAAAAUoiAEAAAAAACAQhSEAAAAAAAAUIiCEAAAAAAAAApREAIAAAAAAEAhCkIAAAAAAAAoREEIAAAAAAAAhSgIAQAAAAAAoBAFIQCwpb/8+7/9/s/+v/8iSQIAAADAPApCAGBLCsJcAQAAAGAeBSEAsCUFYa4AAAAAMI+CEADYkoIwVwAAAACYR0EIAGxJQZgrAAAAAMyjIAQAtqQgzBUAAAAA5lEQAgBbUhDmCgAAAADzKAgBgC0pCHMFAAAAgHkUhADAlhSEuQIAAADAPApCAGBLCsJcAQAAAGAeBSEAsCUFYa4AAAAAMI+CEABI4W/+5R++/8nvf/n9f/of/7VZQMnaAQAAAGAeBSEAkM7f/elfv//ZP/7m++9++4tmGSXrBQAAAIB5FIQAQGr//O9/+qEsdGfh2gEAAABgHgUhAFBOlIbxG4Z//t//qllWyfwAAAAAMI+CEAAoS1G4TgAAAACYR0EIAJQXRaHfK7w2AAAAAMyjIAQAeOVX//ZP7ii8IAAAAADMoyAEAHgn7ihUEs4NAAAAAPMoCAEAGuJOwlaRJWMCAAAAwDwKQgCAL/zFr/66WWhJ3wAAAAAwj4IQAOALP/vH3zQLLekbAAAAAOZREAIA3OH3CMcHAAAAgHkUhAAAd/zNv/xDs9SSfgEAAABgHgUhAMAB7iIcGwAAAADmURACABzwl3//t81iS/oEAAAAgHkUhAAAB3jM6NgAAAAAMI+CEADggH/+9z81iy3pEwAAAADmURACABz0n//nf2uWW3I+AAAAAMyjIAQAOOi73/6iWW7J+QAAAAAwj4IQAOCgv/z7v22WW3I+AAAAAMyjIAQAOOhn//ibZrkl5wMAAADAPApCAICD/uZf/qFZbsn5AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghAA4CAF4bgAAAAAMI+CEADgIAXhuAAAAAAwj4IQAOAgBeG4AAAAADCPghCAh0VJcjawozh2W+WWnA8AMMf7cfkz+bs//euP/zYAAHalICwoBvK3Qf3P/vE33//l3//tf+Qnv//l9//5f/63w/nut79487//6R9+bcIAm7p9d2/f5/h+377rrcX83mmdV37+x9/98Df987//6ce/Eq4Vx2Pr+JXzgSvE9eV2/YvEWPZ2Dbrl//xf/+9/XKOeSfzv3/87I7dr3C2udcCz3p/DXs/r/9P/+K/N627vxH/n9t98f55zfoN+Xq/pvR+3PDpmiXPF6//97d9rPQ+gDgXh5mKgHYPuuJDHxf0vfvXXzcH6qvnz//5X/zEoibIyBiIVPPs5VXl/6ONX//ZPP3yvbgsErWMqS2JBIiZDMUGK1w2jxHm4dQzK+cAzbotkMRa+Xe92Gw8/m3id8XpvBWS8D66BsL/bxoX4XsfGuezntNuaQLzeWNtQJlLJznP2+Htva3nGHwD7UhBuJhZB4uIbCwGZJwqx2J91oBGvqfWaj0RByFduCwkxUI+JdusYqpTbQoPvDT3F8dQ63uR84J73i2iudZ8nxtK3O/LjvOVOAFhXnNtik1uFMvBobusBCkMyuW3w37EMPJIYl8V5zKZdgL0oCDcQA4jsheC9ZBponBkIKjp47fViQut4kbe5FYYmK5yhIBwXeO39UzJax4w8FnfpwBpuY3jntuO5FYbG8ewm5g5x7MYx3Dq2MyfGHbGWGZu7jDkA1qUgXMitCGxdWOXrRHl622G4qhgQnS15FYQ13c4N7pQYlyhZTVw4QkE4LtRjkXy9xFj1tpjnrkN4Xnx/4vxWsRSYmVsBsfI6APn5vj+eGPuZfwOsQUF4sRhIxC5ejxLpl9vdhqstbESB2fp7H4mCsI5YNFUKzo9FBu5REI4LNdw2vRj77pHbXTvGoHCfkuDa3DYNr7QGQF5RbMWak6f5nE+MC40zAK6jILxIXPwMJOZkhYWNWAxr/W2PxqApt5hkxKKCRdM1YpGBljgPt44XOR/ycid8jthEAx/dSgJ3Qq+V291J0JuNvOMS8+9YD3FXIcBcCsJJYiJt0X+9xGcSg7tRdxvG595z4KggzCWOO+eFvRKfV9z1bdJSl4JwXNifjS41cysOjVPJ7lYGukNwv8R5ysY/HhXHS8z9lIHXJW6sML4AGEtBOFhcyOwm3Ce3wjAWt878AHr8b0fcIWpgtL9YWDDJ2D8WGepSEI4L+4rvRYyfWp+r1MptI43rI5nE8RzjPuP3HInrlXMUX4njw7hmrcS6qvUwgDEUhIPEgMIjRHMkBiIxIYzdojEgeX/nUPz/x/97/N/jnxu5a96AaF+KwbyxyFBLnIdbx4GcD/txJ7x8lZgLeRwpO1MS5I4xPO/5zq8fRSFAfwrCjuIiZZFERsZAaB8KwbqJSeX7jQTkoSAcF9YWi2buoJGzsSDPyuIa7+k/NRPXtniKELXEnE0huHfMvQHOUxB2EBejWDBpXaxEekZBuIeYXFpArZ34/KMgNlnJR0E4LqzJbnoZkTimjGtZhfOc3BK/L+nclF/M0WzmzZPb3BuA5ygIT4gSoHVxEhkVk5U1xaKCRwrLV4nd6Gd+15R1KAjHhXVYNJPZ8cgwZnOek3uJ48NjkvOIObs7hGvEXYUAj1EQPiEuNMoAuSIWTtZjcUEeSRwvJit7UxCOC9fzm4JydWKO5RGkjBTXcec5eSRxXjJ+31vMwVqfreSNgh/gOAXhg2LCGo+daF2AREZHQbiO+CycC14SOzEjsVMvJl+txMQ6/hnv2X/5YVHKd3lfCsJx4Tpxh7Nd9bJS7P6nt4pP/IgF8ji3x1g8NoDEGObeEy3iexf/XPzz8TMqxu4vUTbsKY73isfwbX4e3+H38/Jbbv9M9g0TCn6A+xSEB8UAuXWxyZ4YTMUFNQYQ8UjVmCxEjuzsjcHY7Z+P/238O+LfZZLxfOK95Drx/lfccRzf2zgHjhxYx787/hvVFm6UhfuJz6v1Wcr5MFcsdGa7psXriWLpNmadKca98Z7exrsVxwujEnOHe6UGtFR5pGCcb+K8N+Pu2zi3Vv+9RuektVUoBWd85+N9jIIx09OS4vUoCwE+UhAeUKkcjAlULGzMWFSJAUe8tzHBUBoeiyLhOvG9aH0mWROTjnjNVwygY6IT/+1Ki6sxWWEPCsJxYY44r2fajHHbxDJjYfxR8TfdxroKw/OJsQEcFYvn2X8GIObuV80P479boXz9LHFsxfmdtcT3vvV5ZclV3/k41rOMYxT8AB8pCO+oUArMuDvoiNeLKNknc89GQThfHJeVCuwY+K802Y2/pcr5wGRlDwrCcWG8OH4znFPjfLnC2PVRt934ysLnE5/9imUw64jzQvbi6spi8L1KY/VWbPJbQ/bv/Srf+fi+ZxjDKPgB3lIQfiLrYzPiQnjVXUHPir81Lt6VSprPoiCcI465So/O2WWxLRZWq5wH4vjb6TxdiYJwXBgjw0aXOCdmLYXiXB9j88oL7M/GwjyvxfHQOk6yJDb1rj42rDR/ep+4zhq7z5f5jsHV5+hZNp1F+eq7C1SnIGyIMqp14dg9GRacYxBSeeKhIBwvw0LqI9nxcV3ZF4BuWX1SWJWCcFzoL34Tb+fFmzgPVhn73IrC1vsgn8fCHhXG7lGC7EJJ6Hw0Q7zPmY+1eG07yHL+jdfgST5AZQrCdzKWg/EIgGyLKzEQqTj5UBCOFe9vlR388Tpj4XhXca6u8FnFa/S9X0t8Hq3PSs6HvnYvm3bcwNJDjHEzPyZtRCzK15V97B6vbbdF6/guZi9sv4rz0XjZNwXstCEgZPnO73i+BehFQfijuBBkm1zssuuoh5gcVpiIKArGqFQ2x/ck08A347n7s1Q6p69MQTgunLf7Ik387RZWv4lrXIXxba9Y3KshzhHZx+4ZzoXV74h2Pesv65O+btl9Y9TuY9DXiWMNoBIF4f+WcYG56gUtdltlLgsUhH3FILbSLv34bmScqFYqCXf4/ZnsFITjwjm7L8xYTG3b/XOdHSVhbhW+D1nOhfEaqozPP4vrWj/ZC+csG0EzzcuVhEAl5QvCjJOM6heyzI9mUhD2U2GB4XWyL5hVKm0sNlxLQTguPG/3x205r91X6WkHZ6MkzCk+0/jpjNZnniVx7GY6F1b53fCvEusSnFPhjuFMMt3pqSQEqihdEGbbhRR3lvBWTCQzlUAKwvMy7Wo7mkoD20oLqBZAr6EgHBceFwvJuy+YW3w5rtrmprNRPOeQabH5q+z82+Bfcc56iWvdY6pc73b7vcGj4vPLtObi+wtkV7YgzLbAZwL8uXhfspQGCsJzYuJdrRzM8riSo+L7nn13+esoCedTEI4Lj8mweObOisfF3aLVxjJnYgPl3qqUg7v/9thXqv8W4S3G7MdlGN8cSfYxUJSfrde9a5SEQGYlC8Jsj5/MuutohN3vHlMQPqfK4sL7VJ6EVnukkUWHeRSE48JxUXq03sOdEps5eJ5H9z0WY+i9VBm7x/gtSv/sWq+9auLcTVuVYjCSeVPAaxnP5ebcQEblCsJsu1jsvH5cXNB3HXha3Hhc1XKwyqTjMzHBrHaHhZJwDgXhuHBMlmLIIuk51e6YP5u4RsZ7xvoqPS6+ykbfbBu0z8ac/qNK5WC161G2sYo5N5BRqYIwTuKtE/zOqbDjcIRdB6AmE4+pWg7GINwiWM3P34RlPAXhuHBfPCq79d7tmKy/tzVTpuNhRmysXF+lx1FWOh4rlb5H4g76tyqVg5FqG3mz3aQRsd4CZFOmIMx2UbILto/dBqMKwmMqL5hZ/HqrapkT1wgbSMZQEI4LX8u2eEYfzkmPxfVxTdU2dVX7jXCbGT7GuaheMRip9t2/ybpJoOrnCeRToiCMgVcMwFon9F1T/fGBPe00MFUQ3hd3T2X7vj8Sx8hHVR/BFuc1G0n6sxg/Lnwu41019OPxfY8lfsOTdVQrBysWQ8ZO7VQvFzL8nvKjqVoKZ94kENcwgN2VKAizDTxiUmHRt69dSkLlz9eql4PuHmyr+qjZiJKwP4tc40JbxkfkR+jHeenxGFOvoeIYreJGX+eoz1O1MMp6R9lXqT5Xz7xO4yc+gN2lLwgzPrKg+qMoRlq9KLSY0bZLwTsyysGvVfpNm1Y8/qQfi1zjwkeZz11+g7Cvypthnk38BAXXqLqpr/JTgFrvh7yk0vpO5WtV9U2b2R817OkEwM5SF4QZBx8uOuOtPGFVELZVLwcjjo2vxcS79b5VioXQPhSE48JbsZCUeQHdxoW+sh8vIxLvV/UF2yvEe1718e+VN/q23g95SZXiOOsTEY7EOt6L1nuTKebbwK5SF4QZJx5RejLeqoNXJdBHFR9P8j5xruO+ir9z8T7u2DlPQTguvJX9+hblDH0ZEz2eynd0XSHKwaob+6pvimi9J/KSCtfDKMcrb2Kxjvci+28mxzHuiW/AjtIWhBkHHzGZYq6f/P6Xzc/iqigIv/EorZfEuc7u9+MqT0xviULZMfM8BeG48E2Vosc1rL/W+yxfR0k4R+ZHJt+Lebxz071kvsOs+uYVdw9+U+UuUuMKYDcpC8KsxUGUVcy30i4nBeGLqr9b0kr13ciPcnfFS/xm5fMUhOPCi2qPRLZw1pe75R+PJzGMl/23p+7F3UMKwiPJuGHGpl7f//da71HGuJMQ2EnKgjDrbxoYWFwjBuqrlFEKwtq/W9KKR0Y+pvoC1evYdPIcBeG48KLiRgZj3H7i929a77F8HcfgODb25Sx+HtV6X+Rtsp2HfPdfoih6K/tjRm+xIRfYSbqCMPPFxsTiWis8Fqd6QVj50UStKHieU2VSciQxaTdpfYyCcFyoXe7E+SgWEznPguxzcfz1545Wm/luWu+NvE2mu5lX+6mWq2K+/lGluVSMx6zjAjtIVRDGpK51Us4Srnf1j+pXLggtyn+MhaznuLvibfwuzmOci8aFvE/BOJo4H1lIOU8p81w8tr0v4y2Pr72J83rr/ZGPybBxzxNbvsUGgY+qnQ+UxMAO0hSEcZHJvFvW7enruHKyW7UgdMfXx1jEOsfdFR9jAnuMgnBcqrPb/ltc485xnno+HjV6XszL/RzAS2zme+GcdDy7lwk2qHyLTZifq7a+Yz0XWF2agjAmc60TcZa4oKzlqgFNxYLQ7uN2lDnnVPyNr3vxCJRjLHKNS3UW1N8mHivOc+IOlNZ7KvcTi9ucoyB4ibsHvzF2Op6d133cOfg27hz7XMWfjqm4lgfsI01BmH0iYvfRWq56nG21QUX2xwafiSLnnOybSp6NzSj3WeQal8pc79qxmPK81vspx2KM9Tzjq29RDnxj7PRYdpT9iV7PxIbez1Usk20aAVaWoiCsMhFhLVc8PqfSQlnFXWVH466KPkxi24n3JcPvn4xikWtcKrv6N45Xjo0Lz7nqaRcZ4hG3z3HMfUuMpfjGvO6x7DbnNzb+GGXQfa33LXscF8CqUhSEVR5j4jcM1jN751OVgtCdFF+nUlE8kkdgfR4L8p+zCDIulbXeD/kWvwv3OAvyz0e58zjH29somd9yfDyW3e48s8npYzyu+r6qx40xLbCi7QvCuIurddLNGI8oWNPM3bJViiGTjK9DHxYrvk78/icfKQjHpSrH1P1EYeOxj49xjTsXGzOPs7HvY8zb33I+eizxfu3CY4XbMY+6r+pd5+4iBFa0fUEYz/ZvnXQzxu8Qrit2ibY+s97JXhDGYw1br1u+xe+Z9FNpg8mzsfv1I2XOuFTlbubj8fjj45yrzsWd9MfEInjr/ascx85HCsLHsktB6HP9PNxX+fqhJARWs31BWO1OIwsja5pVbGUvCKvuInskHknR1+zfEd0xdsG/ZdF9XKpyHjoej+07zrnqfPhazH/8nvPHuHPoI0XSY9mhILSx9/Mof46pPk7JvrYH7GXrgrDi3R8mHOuacRdh5kGEx5Mci0de9eXOnfuJSa5H+31j0X1cqmq9F/J5bJY7rvX+yfFYvPuajX3tGKt/pCB8LDs8wWPWE5R2jCewHFO9ZHacACvZuiCs9HjR1zFZXdfogXLWz96k8Vg8sqg/Zc/xWJR/4ZgZl4ocT8/FpoVjWu+dHI/Fu7b4/rnzuR13ObeZ6z2W1c89Ngd8HU9fOa76tcTPxwCr2LogrDowURKsa/QuqIwFoceTHI8BZH+Ov+OxUPpCoTMuFVk0fS6eqHFM672T4/GYuDbnrc/jpwDaHDOPJd6vVRkH34+7iI+rXjbHY7oBVrBtQVh9UVdJuK6Rx2a2gtAE47FkLIhXYBfs8cTv/lbnvDUuFXlE1/OJ8RZfa71v8liMvd6KzUKt90kUyl9RED6WVQvCKL5af698i7nSY5wbbMIF1rBtQRi37bdOrpXi0QXrGlU4ZFukUMw8Fo9UG6Pq46qfTfXd8QrCcanIdfD5uFPnPsfX+bhb9RvXv69jkfdzfmv+sax6fbOp6X7iustxcY1tvY/VYtMbcLVtC0I7TV52KSoM1jSqwM5UECr5Hw9juJ48luo75C2QjktFCpznYzH+PsfX+Xi8+zdxZ0zrPZKXKJM/Z+z0WFac8/tZhmNZ9e7PVTk3vMT1A7jatgWhCe+3ZCqNMhmxGyrLZ20X6eOJHZuMYcL7eCpvUDGRHZeKjGfPxUa5rzm+zsdjI1/E+9B6f+Rb+FrrPZOPWfE3yeJaG39X6++Vt7E295g4tlrvY8X47UrgStsWhCYp3xKDNQsk6xkx2Mky4PT9fTx2I47Ves/l61Q9JhWE41KRAudcLMR9zfHVJ9XZ2Hc/8V3ja+Z/x7Li3fGetnI8HhX5uNb7WDGeWABcaduCsHVCrRyTkjX1fk5/hoUwiwzPZdXfosjCY7MeT9XNKQrCcalIgXMufo/7a46vPqm+q1+xcz8Wdu9zPjqWFR816BxwPDyu9T5WTHzPAK6yZUFoce7zKBHW03NAvXtB6HcHn4+7hMeyM/a5VJzIGIOMS0UWTM/F3fVfc3z1SeX5lWLgWDwa7j7zwPtZcVztOnI88V7xOMfYt/gtQuAqCsKEMUFZS+wobX1Oz2T3gtDg7/kwloLw+VRbODUGGZeKXBfPRUH4NcdXn1Q9zjz143i4z29+389qd6L6zB6LO4mfY6zyLfFUI4ArbFkQ2n32deKxb0rCdcRn0fqcnsnOBaFF9edjoDie4/P5VLuL0LEyLhVZFDkXBeHXHF99UvU4c/fgscT3jGMcU19ntTUcGygfizHJcxxnb+PJUcAVtiwIXUCORVG4jl53Ee5aENp9eC7xW5aM13rv5VgqLY4pCMelImPac7EY9zUFYZ9ULIAUOcfjPHScMdTnWe2JHDblP55d12quZiz8NtZ+gCsoCJMnSkK/S3i9XncR7jro9J09FwsPc7Teezme2AhQgcWtcanII/zOxfXxawrCPqlWELrOPRalwGOUzx+z4tM4oqRo/a3yeWzOf46x8NvEGi7AbArCIvFjt9frMRnadQIag5zW65Fj8f2dw0LquVTZ7WjhdFwqcjydi4Lwa65r/VKJ4+axVNkg1UvP3+fPkhU3dJu/Px6eYyz8McpmYDYFYbHEb5m52Fyjx12EOxaEFhnOZ9dieDcWLM6nwh3rJrHjUpW7KZ6P6+PXjMH6pQp3DT2W+I7xuO9++4vm+1kxK17HfD6PJ9bZeI651ce4tgCzKQgLxmNHr3N2J95uC2F+e7BP/FD1HK4t51NhcmwSOy5VWZB/PnxNQdgvFcR4011DjyWKFB5nLPWSFY+fOA+0/lb5Ogqd5znm2gGYSUFYPLFrfbfSaWdRmMX7/Wx2K4rcFdEnzBHfsdb7L48l+6NGHSfjUpXNNM/Fwvx9CsJ+qfAEltjk03rt8nlsun1e9Wvfz//4ux/fibXYtPRcPPL8nNZ7Wj1+ZgaYSUEoPyQerecuJXqKSU/rWJPHYjfiPIqfPom7DzJznIxLZTbUPB6LcfcpCPslzv2Z9fgphIrJflyMVnVdJ9ZeVuUu4udiTHJO6z2tHhvhgJkUhPIficHgqjvZ2I/dh32iIJzH4036JfO1REE4LpX5DdTH4ze171MQ9kv2Isi4/bnEXXCcU+3O1ZXndsa4z0dBeI5i+mOyb7oF1rJlQejOpDmJQY67CnmG72i/mGzM1foM5LlkvX5YPBmX6pQ5x5P9Uca9OKb6JXNBGI/JbL1m+Tpx5zd9VJg7RhG6+tjYY4afT/ZNJKMZr7TjMdZ8Js4572PTEmdsWRDGgd86eUr/xK4VFyUeZRdyvygI5zIx7pes1w5jkHGpziL98cT3kPssuPVL5mMuHmPWes3ydVa+E2xHma+Bsaay+l3vfg/5XIxLzjFeaWflxxHTV5xDIrH+F4mxWXwvzn43YjPT7d8Tx1P8u+N6G/8tNwTxmoJQDiUWzQ16OMojIvpFQTiXyUm/ZP3dBGOQccFvER6Ju3aOc03rl6zzII9Xfz7x/aKvjCXhDncOBpuUzsVC+znGK+24zuQTm0XifBvrfPH5rjD3i78jbvL46R9+rTgsbMuCMLQOapmXOHm4fZkWdw/2jWJ+Lr8D1jcx+M1GQTguvHAn8+eJDUgmrcdZcOuXrOMxdw8+H5v4xolHju6+4TTmxDtdr2xQOhfOMQf/PH5zey/xed3Kv9bnuWviGhHXtbg+m4vltG1BaACzRhSFvOfuwb5REM4Vg7nW5yDPJa4R2SgIx4UXjrHPEztbOU5B2C8Zx2OxwNN6rXIsGTdBrSTWGHbcMBNz4d2ODY8XPR/OMQf/PK4164vSLNY9Kq2Fxhwj5mX6gDy2LQhNeNeKopAQu2Vax4c8HwXhXCYnfROD5GyUN+PCN3ZSf0wsFPMY86V+yTgei0XH1muVYzFGnyPG5rssusY5d8c1EeeCczE+Oc8c/PPEe8N6KpaCnyXOgVEWurNwb9sWhC4gaycGxyZN9XgsWv8wl/Knf7L9uLpjZFx4KzbdmHS+xOLIcxSE/ZJtXuPuwfOxEDZffA9XOq/FNTquT7sfC57OdS5xTHKO9d3Pk3HD7W5iE4Ux9WO5XR/dSLSPbQtCC3R7RFFYh4WGMWEu15b+ybar1jEyLnzkeLPwdobFjH7JNp+Jne+t1ynHw3Xi+3jl72fG2DYWjDOUxObw52Occp6C8OvYkDJfvOdxXNpAcT5xp2W2cXRG2xaEBjJ7RVGYn4WGMWEui/FjkmnnmGNkXGir/OivWIS1KPI8BWG/ZJvHxGJN63XK8XC9GF/GY81mPMUmFonjqRhxd38m5vDnE2U15ygIv4611HniuhLnek9x6R+9wNq2LQjDlbvG5FxigB0LXuTh8aL9YzfiNVqfhZxLLERmoSAcF75WqSiMSXm2RdgrKAj7JdOCht8MPx9j9D3EQm98d+P6GQXEV4l/Jv7Zatce14nzieOHc8yvvk62n+xYSWxE9Nvv10RhuJatC8K4ELcOMtknisIc3NE7JhYfrtH6LORc4lyfhQnsuHBfhd8ljA1Hfq+iDwu//ZJpASPuuGq9RjkeY3SycJfM+SgIzzO/+jquOf3dHiHqHHh94vi2MfR6WxeEoXVwyb6Jk3OcpD1Oai923IyJgeA13A07Jlk2g5jAjguPybZRzgJbfwrCfslUELZenzwWY3Qy8HjRPjF+Oc/86n44L0ooY+O1E51AbGRjvu0LQl/unFEU7sX3cExMNq7heB6TLI9GMYEdFx4XE93dNzXEHcZ2jY7hetYvWQpC17A+yfTodOrKttHoqngi1nmuTfeTZRxyFee7vRJzGPPDubYvCD0iJXcUhXtofXZyPgrCa1hQHZMoMTIwgR0XnhfXix0fkeM6N5brWb9kWZizQNYnzl1k8N1vf9E8vuWxKG7OM7+6H8fZc+J9i82IrfdU1o/x1jzbF4TBl71WYsem36ZZh5J+XFwMr2FBdVwyTGxMYMeFPlb+TY1YjLTAMY/rWb9kOW533EiwYozRyaB1bMvjMa45z/zqfrI8jWeGDE9YkY/x6NGxUhSEfv+sZhSFa4jPofX5yPlYfLiGa8q4ZBjUmcCOC/3FY6+uLomikIjzqjHbfArCfsmwABwLZq3XJo/HGJ3dOR/0i4LwPPOr+4kxHfe5gSF34nvgCYNjpCgIDW5qx270a1l8GheLD9eI9731ecj5ZPjNHhPYcWGcKOdiwjzrcWJRCsb3/ed//N2PfwFXMEbrlwxzjdgw0Hpt8niM0dmd8Wy/WIs6z/F4P1l+rmOUKI08NrlGYp7pvNtfioIw2CUgt8RiiJPFHMr5sXEcX0NBODa7M4EdF64VJWIc31HqxXnwq8S4O/5Z16m1KQj7JcOx7njolzgPws48MUVkv7hz6qOYt3h8et3EhlTfiz7SFISxqNE6WKRuFIXjxcW49d5Lnzh+rxGLPq3PQ/okNhbsLL6Xrdcl5wOcExPkGJvFZNliSd9kGJO1Xpc8FwUhu7NhQGS/WB96y7qNROLuWiXheWkKwuB2YmlFUTiOC/LYOG6v4bgem90fOaggHBfgcbHpIu7otNg7NruPyTz1o28UhOzuL371181jW0TWze7z6J5iM1zrPZKaiY2Ru29Ev1qqgjAY6Mi9KAz7sRg1No7TayiAxiY28+zM8TEuQFvsio3fj4vzpzsDr8nuYzKbn/rGGJ2defqWyJ6JRwNXFuPhuFus9d6I3BJzJh6XriD04+tyNIrC81rvq/SL4/MaCqCx2f0H1h0f4wJ8Ewu4cWeghZA1svuYzKa+vjFGZ2fGsiJ7Jq7lVSkH5ZEoCR+XriAMSkJ5JnGLeizGcIyJxfhwDcf2+Oz8jHjHx7hARX4zcI/sXgi1XpM8H48YZWfuKBbZN9XEYyONkeXZKAqPS1kQBo8alWcSF54YMPuB0/tiQav1Hkq/cA0F0PjsvNDq+BgXqOD140Jb3wNZM65b8joKQnamIBTZN5UoB6VHlITHpC0I3UUoZxIXISeRr5lYjA/XsJA2PjufXx0f4wJZ3R4XqhTcNzsXhDb19Y+CkJ25FonsmypPPfNIUekZ6/v3pS0Ig0U86ZUYRHv86Ft+y2R8uEYMRlufh/TLzj+wbmwxLrA7vxuYNzsXhPEI29ZrkuejIGRn5vEi+2bn8cgRikEZmezfnzNSF4TBhEh65fb4UV6YWIwP12l9HtIvO//AuoJwXGBHSsEa2XlBwZi9f8wJ2VnrmBaRPRJjzszc4SwjE+v68ehaPkpfEMbuA88slp6JBSC7Dr73vZoQrtP6PKRfFITSCuwiSsEoCPzmeZ3sPPY3Zu8fBSE7ax3TIrJHMl9/3OAjMxLj4uiKeCt9QXhj56SMSJxY4nc9qvEIxjnhOq3PQ/pmVwrCcYHVuDtQbtm1IIxjuPV65FwUhOwq7pxoHdMiskeiRMvG/FquSMbv0hllCsKYHNk9KaMSt8FX2oHgAj4nXKf1eUjf7Mr5b1xgBUpBaWXXgtA1a0x2/i1lanNOENk7Oz+Jp8VavVyZ7I/sfUSZgjDEnV6tA0KkRyrdTWhiMSdcp/V5SN9YbJX3gavEJq+f/eNv/O6JfBrXLHmdbAu01OGcILJ3sl1/bMiTq7PrGL+3UgVhiAUAJyAZnfhNmswnmdhl0Xrd0jdcp/V5SN9YbJX3gRni8WrxSBm7leWR7HrNikdhtl6PnIuCkF3FZpjWMS0ieyTL9ccNPLJSjOsKFoQhFgYsCsiMZP19CosN4+MCda3WZyJ9EwsUO1IQjguMEo8virFLbOBqHXsi97JrQRiPwmy9HjkX43R2ZR4vsnfihpfdxY071uRltVR/3GjJgjDYrSCzEhPIbL9PaGIxPhYertX6TKRvdt1AoSAcF+jp9thQTw6RHtm1IIzxZOv1yLnEZgPYkXm8yP7ZnbGJrJq4oayqsgXhTTxiqHVQiIzIrnfMvGdiMT4Kwmu1PhPpGwWhvA88K+4QjDulKt4hGAVovPb3BZbFl75REMr7wI7M48fE3B3ui/G6Owdl9ey6TnVW+YIw2FksMxOl9O4sNoyPSca1Wp+J9I2CUN4HHhUbryqOSb777S9+eO2x0PIZY7W+2bUgtBA3LrAjBeGYmLvDfcamsksq3kmoIPxRPIZIUSgzE8fbVws7K3NhHx+TjGu1PhPpm12PcQXhuMBnqj4uNM6T8bqfeVS9sVrf7FoQtl6L9MmuxwS1+V3ScQHaYhxrw5Lslmq/SaggfEVJKLMTF8kddyZYdBofBeG1Wp+J9I2CUN4H3osxUjx5odKiQjwmNe7wOLuJzFitbxSE8j4KQnbk2jAuQJuNCbJjYv75zCbNXSkI31ESyuzsWBKaWIyPgvBadriNj4JQ3gduKj46NIrQnoWDsVrfKAjlfar+Rg17c20YF+CjWOtsfV9EdkiGnwg7SkH4CUWhzM5ORaGJxfjsWp5k4Rgfn12PcQXhuFBTfKfiN/Vax0TWxF2CUYKO5DrWNzsWhK5XYxN3RMBuXBvGZdeNJDCKcYhkSJW1WQXhF5SEMju7lIQmFuNT5SK0Ksf4+Ox6jJvojAt1xBg7CrIoylrHQtbEee/nf/zdj+/CWK5jfaMglPcxVmdHrg3joiCEt6qN8yVvKpzfFYR3xAJG3FLaOkBERiQuonHcrczEYnwsOlzLMT4+ux7jFlzHhfzid/XisXzVHuMc57vZE0vXsb7ZcWHA9WpsjNXZkWvDuPz0D7/+8V0GYiNg63sismMqjPkUhA9wgpOZicdtrcrEYnwsOlzLMT4+ux7jFlzHhXzibrmK59MZjxC9x3WsbxSE0grsxrVhXDx2GF5YO5eM2XX96igF4YNiolVt17Ncl1UHmSYW45P94rM6j8MYn12PcQuu40IeFR8fGok5QtwhuQJjtb5REEoru/x+PNy4NoyL+Tu8sJYiWbPjfOAoBeETYiLgtwllVq7egd5iYjE+JhjXan0m0je7HuMWXMeFvcXj0aMcq7ooED9JsNIj4o3V+kZBKK1kXigiJ9eGcTF/B3cPSu5kPs8rCE+K54y3DhqRnolC2qJTrZhgXKv1mUjfxGL6jiy4jgt7uRWClZ+sscrdgi3Gan2jIJRWVj4HQEscs61jWfoEKjPukArZdR3rHgVhB3FHoVuoZXRWOglZdBofBeG1Wp+J9M2ui2omPuPCHhSDL9fov/vTv/74jqzJWK1vFITSivE6u1EQjs3qYwMYKdYsW98LkWzJeK5XEHYSiyVOhjI6P//j73484q7lWB8fCw7Xan0m0jcKQnkf1qYYfEk8PWQHCsK+URBKK/GUF9iJgnBsdrxWQA9RmLS+EyIZs+ta1lcUhAPEidGkXEblu9/+4scj7TomFuOjILxW6zORvlEQyvuwFoXgt/zk97/84f3YiblI3ygI5bPE04RgF+bxY5Nx0RiO8FQ9qZZVbuDpRUE4UOwwtqgiI3L1icjEYnwUhNdqfSbSN7vchfOeBddxYR3GsC+J92DXyZ+CsG8UhPJZdjw2qMs8fmyy/jYVfCXGyq3vg0jmrHDzTk8KwkkstEjvxG72q1hwmBOu0/o8pG92XVBz/hsXrhPHtULpW2LCt9sdg+/5PPtm12tW67VI3ygE2ImF/LGJNT+oJMbL1rqlanbd9N6iIJwoTpyx4NA6qESeyVU/jGqBfE64TuvzkL5REMr7MF+MI4xN3+bKDVg9KQj7RkEon8XvELIT49jxgUp+9o+/aX4PRCok0xhQQXiBGJR5PrP0yFWPoTSxmBOu0/o8pG92vTvH+W9cmCe+f35f8GNikSMLBWHfKAjlq8AujGPHZ9frBTzDRkOpnqtu3OlNQXgxO7flbK4qCVt/i/QN12l9HtI3u7KwMi6MFWNOpdHHREn6q3/7px/fpTx81n2z64Kv42BOMm0uILe43rWOYemX2IAFFXhksch1a/K9KQgXEZPOuDW1dbCJ3MsVixatv0P6huu0Pg/pl50HUQrCcWEcdwu2k7UcDIqhvlEQylfJ8mhiamgdw9IvcQMAVBC/wdv6DohUy+6/XR8UhIuJ3YcWcOTRXLHYrtAeH67T+jykXxSE0gr9Rfnlet1O5nIwKIb6RkEoX2XncQ31tI5h6Re/S0oVfjpL5CVxN+3uFIQLiwbajgw5mjhWZnJsjg/XiHNv6/OQftn50TsKwnGhj3iUqFLw62SYxN2jGOqbXQvCuN62Xo/0T+YNB+RijDA+zgdk99M//Lp57ItUTJTlu1MQbiAWepQxciQzfxzVgsP4cA0F0PjEhGJXjo9x4TxPorifKr8VpiDsGwWh3IvfIWQXrg/jU2EjErXFo3Rbx75I1cxcjx9BQbgRRaHcy8y7cuwYGh+uoQAan10XWoPjY1x4nqdOHMvOdy8/ygJw3+x63XLNmpfZT3OBZ7k+jE+l8QY12ZAo8ja7bxRTEG4sHltgMUjeZ9ZutSisW/996ReuYTFtfHbm+BgXHhfXfBP0+4nHqWX48fhHWADum10LQo9Nn5tq5xn25M7i8cnwuDn4TBQhreNepHJ2//1ZBWEC7iyU15m5e7X135d+2f0W9V0pgMZm94GT42NceIw7+Y8lCtSKvwWkIOybXQvC0Ho9MiYeK8gOjB/mxIYBsrL+LNLOzud9BWEiikK5ZdZJyQ+cj83Oi1E7UwCNTSxa78zxMS4cZ7x3PFV/F0xB2Dc7j8mM1+flJ7//5Y/vOqzLWHZOzOXJyrhCpJ2dz/sKwsQUhnUTPxg8g8eTjI1JxTVMmsdm98V6x8e48LXY/GNCfjzxeK/Ku/cVhH2z85gsSqvWa5IxcdcQq4tjtHXsSt/svikSWuKpHK3jXUT2/j1qBWEBMQCMIsdv1NRJfNYzePb42CgIr6H4Hpvdj2sF4bjwOeXg46n+qD8FYd/sfO0yrpmbqncts5fWsSt9M2tNBmayBijyeXbeGKIgLEhhWCOzHnHT+m9LnygIr2EhbVyi4NidgnBc+Egx+HhifOs3fBWEvbPzmCy+D63XJGMSdy/D6lwj5sSGAbKJp5W1jnUReUnM33ekICxMUZg7sxbiLVyOi4LwGgrCcZn1+OORFITjwlvKwecS53As/vbO7mOy1muScYlHsMHKPHp4TnZ+3By0GF+KfJ1d5wwKQn5YgPrpH379w27H1sEt+2bGzgU7iMbFjsNrKAjHJcPCvYJwXPhGOfhcqv/u4GsWcPpm94LQ8TA3MbeGlZnvzMmsTdswS+s4F5Fv2XUdV0FIUxzQCsP9M2Mx3mL5uLgL4hoW0cYlw8K9c9648CJ2m7feH/k6Huv3lmtZ3+xeECoD5sdmBVYWd7m2jlvpn+q/iUwe5sEi9zPr5756UxDyJUXh3onFodFi8tv6b8v5KAivYVF1TLLsoDUxGhe+/+Guk9Z7I/fjrvu3XMv6ZveC0LVrfpyTWF3ruJX+2XWxGN4zlhC5nxnr8CMoCDlEUbhn4vclZ/AYtDFREF7DouqYZPkNDhOjcanOsfV8Zo13duJa1je7F4Q29M1Pht9dJjfrO3PiCQdkEXfDto5xEfkWBSGlxCTZwsMembGgEQVy678t5+JHza/h3DYmf/enf/3xHd6bEmdcKnPeOZcs55eeHFN9s3tBGPxu+Py4i5CVefTwvDgXkIFzhsix7EhByCmKwvUz4y60WJhr/bflXOK7xXytz0LOJdPOWQXhuFRlsn0u7tJpMz7vmwwFoUcYz4/zEyuzyXdenAvIwJxF5Fh2pCCkC0Xhupn1zPt4vFfrvy/PR0F4jdZnIeeS6W5YBeG4VPSrf/un5nshxxOPO+Ij4/K+yVAQun5dk3i8K6zIGGRePAqdDGJtsXV8i8jb7EhByBBxR1ksCLe+KDI38fuAM9iB2D8Kwmu0Pgs5l0yP/7PAOi7V2IV7Ph7F/TkFYd9kKAiD42J+Zs3F4BlxfLaOW+mfWRu3YRRjCJFj2XH9S0HIUIrCNTKDx4z2jx80n89O2v7JdhwrCMelEtfMPnH34Ocs4vRNloLQxoRrkmmjFLlYq5kXc3t2Z2wpciw7zhu2Kwhj8TZOSmfjUR/XUBhek1knJ59t/zCX8qd/si3gO0bGpYr4TrRevzyWGM/zuXh/Wu+bPJcsBWFovT4ZG8UAqzKunZv4LVjYlbGlyLHsOG/YriDsNYDJNMnbkaJwbmYd7xY9+4e5TJL7JxvHyLhUEQvFrdcvjyXuhOJzFnH6JtPc0bFxTdzxzKpax6uMiUcOszPjB5Fj2XHeULYgtKiwBkXhnMw8ObX++/J83O08l0dv9c13v/3Fj+9sHgrCcanA7/X2S6bCZgSLOH2T6XiLO1har1HGJuOYiBxcL+bGI4fZlXOFyLHsOG8oWxD++X//qx//jawkPl8Xnf6ZWYhb/OwbC6BzKQj7JmPB3WscIh+Tnetjv9iBf5/xdN9kG4+5k/ma2KTMijwFaG48cphdGVuKHMuOyhaEkfg9Q9YUi2hR4rY+N3k8MyejsSOu9TfIc1EQzuWO5n7JulNeQTgu2VmQ75c4V/M1izh9k208ZrxzTWxSZkWxoa91vMq4WItkRzZTixzLjkoXhFFCsa4YqP7k979sfnbyWGbvVo2d/a2/Qx6P89RcFlT7JeuxqyAcl8zszu8bd+Hc53rWN9kKQuek62Jsz4rM3+cm1rlgNwpCkWPZUemC0K39e3Exej6zF9LcRdgvFkHncodPn2T+nR0F4bhk5ZrYP3be36cg7JtsBWGIa3Xrtcr4ZDye2JtNA/MT7znsxG8Yi9xPzMF2VLogjPiB4L3EgpDdbY/nipLJokOf2F04V+szkMeTeXe8gnBcsvI0hP7hPgVh32QsdOJa3XqtMj67Lh6Rl8eMzo/HpbMb82CR+1EQTtL7hOQRH3uy2PZYrigILTr0iQWEuVqfgTyW+H2dWGTIysRoXLJyZ3L/cJ+CsG8yFoQKgWuT8ZhibzZiz0/mORP5mAeL3M+uT9MqXxD6ofC9xR2F8Rm2Plv5lqseUxm74lp/jxxPTNSYw4C3T7IveDlOxiUj18H+sXHmGAVh32S9tnms4LXxNCNWYow7P372iN20jmMR+ZZdfyaqfEEYyb6YmV1MrOx2+zpX3SlrktEnzOF4PZ8Kk1zHybhkZBNT/ygIj1EQ9k3m+aLz1HXxiEFW43wwP9Yj2Ykno4h8nV3P6QrC/x2/8bW/eDSDkvDzXHmCMoA4H+aInT6t91+OJ364PLsR4xB5STbxlIPW65RzURAeoyDsm8wLuO50vjbuImQlzgfzY1zDTowvRb6OgnCSUQtzBuY5eORoO1eeoOK71fqb5HgyL0qtxIT4XKrsgh81DpF8BaEJ9Jjs+tiW2Rx/fZN9LGaj5bUx1mcVfpv0mribuK74zsXnH2uZO7CpWuTz7PxELQXhj6lw10MVFm8/5mqKl3OxaDCHxdRzqXKcusaMSzat1yjnoyA8xjWtb7Jf42Iu3HrdMifxfYVVfPfbXzSPUxkbNy3U9Hq8Fk+3i8JwZebCIp9n5/GcgvBVXJBzMbB9ySo7GOxMfj4WQ+dovfdyLFf9zukVTIrGJRO7a8fFLvtjFIR9k70gDDb0XZsKv+PMHtxFeE3iSVirl0P0c++aG+uZq65Re2qbSDs7r4spCF/FXYS5xODKhWudHQxxomz9fXI/FkPHMxF+PtUWtBSE45KJTUrj4k6bYxSEfVOhIPS7qdfHegSrMI65JjYG1xB3CrY+//eJ9cwVjwljTJF2dnlUcIuC8FXiDidyUUqtVS5FkdD6G+XrWAwdT+nzfKotZjlWxiUT17txcU08xuJN31QoCIPj5tq4g4hV/PyPv2seozI+nmyW2zNrlLFWvdI4xJNSRNrZmYLwXezYyaf6Yu5KAwl3dT4fxjLIfS4Vr5nVrykjk4VjZGxs6DtG0dM3K42nR7PB4fpUOt5Yl8cOX5ed70KhrdfNC7GedvVjDD19SeRjdl8bUxC+i2f/51R5cLvaDjRFzHOxk3Cso4/5kG+pustd+TMuWXh6wfhwn4KwbyoVNs5h18dGCFbgscPXxdMSchlxXY1j5MoiOa5Trb9LpGp2nysoCBupNAGsovLgdjXuInwuzktjWUh9PFXvuJ8xDqmaLGyEGR/uc13rm0rjMGP1NVJ1nMValADXJR7zyv5Gbrq58hixwVrkbXanIPwkFe+KyK7ibti4aK/IwsPjsUgwVus9l89T+XhUEI5LFoqZ8bFp5j7HYd9UO+aM1deIOwlruD3tKD7v1dahnAuuzarrOdw3cv0xvpNXP2Eqzg2tv02kYjKsjykIP4nF+JyqDW5X3nUW37HW3yztfPfbX/z4ztGbx+c8ljiPrrZ4MZOCcFyyUMyMj3H6fY7DvqlYShurrxHnu9zef8+iJFztpyXcKXRt/B7hfkbfnLDKdcEdxiIvyXCeVhB+Er9FmFO13yJc+Xfr7EZ8LLHQxxgKn8dSfaHK8TIuWbi2jU+M5/iagrBvKhaExurrREGQ02clQnzvVvrMY02h9XfKnKx4ZymfG10OrnRn+U//8Ovm3yhSKXHNzkBB+EVWOvHST+uzzphdFs+ijG/9/fIxKxe+O6u2ceBMYsJTnYJwXLJovTbpH4tlX1MQ9k3FgjAoCdeJjRF5HC0Q4ru3yrnH+Pf6VL0O7WJ0MRhZ8ZGz1vOkerL8XqyC8E5chPOpsmCyy0K+ycbxOB+NYRH1WNzF+sI5a1yyaL026Z8sk7ERPDq7fyqPwWYsesqx2Ki1vzg/P1q6r/K5mzNdmzhubI5a04zrZBRxK37+HkEslZPl7sGgILwTC6L5VPk9jZ0GjyYbx+I3SMZovdfyMQrqFwrCccmi9dqkf1bcRb2CZxaf5X6qXwPdIbBOPG50X2fOzyuUhMbA18f65HpmFWSrjkNsSpPKyfR0BwXhgbgI51LhAhbPAt9NleL2TDz2uD8T3fuxW/Utx8y4ZNF6bTImHr39TZynY5zQep/kfFZdmJvJhr514jfJ9tJz48bVi5Fx937r75K5cTfxteL8O+tnSla9c/A1v0UoFRPfzUwUhAdjUphL6zPOlB0XzGLQY3fy/dCXYvp+dtxwMJKCcFyyaL02GRPnpxfKwfExF/z+h/lF672Ra+I3CffQsxy85erP3maBNeK6dI3ZY64dPmfjA6mYbE+zURA+ELt08sg8qN19sey73/6i+brkJRZD+1JKfx0Tz4+uHIdkTxat1ybjUv08NWsHe/W4Hr6IhVGPsF0r1ijWNKIYjKxy96iScI3EMRbHGuPFOGDm9S++6ztxd7FUSsYnTSoIH0i220cryzyg3f1xW/H3W3j4PHYL9xOT69Z7LC/x+15tCsJxyaL12mRcKl8XlYPzoiD8xiLgelESriU+jxHz2ZXKIOPhdaIkHG/2IzR3/UxtvpYqyTjuUhA+mHgcHfvLWhBm2cUwewC2U2xU6MfE9vPEcbbC7uQVOW7GJYvWa5Ox2X1z1DOUg3OjIHzL3UPrRUm4hvgcWp9Pj6z2GbsOrRMl4RgxH77iON/1qVF+vkUqJOuarILwicQjENlbxkltDAozLei7k/DzWADow+Ns23Hn4NcUhOOShd2z16RKgWNB9pooCD+yoW/NmCdcY+S5eZXHirYoBNZKrJ/EXd6cE9e3K9aiMmzSNU6VzMm27v6agvDJuOjuLWNBmHFR38JDOzHo4jwF9Me4c/A+BeG4ZOHOmmuy22+1PMOiy3VRELY5360ZTz2aJ8bNIzcdxnxl9TvDbIxaLzYKPGf09/leMtwFGhv9W69NJEMyb6ZXED6ZzK1xBRkns1kfr+Uur4/Jekv7TDH4br231WMB9D4F4bhkYcH8umRdFL96wUpcHz/jiR/rxobC8eL4j80prfe/V3bYmG5svGbiHGDN8rj4rl15Pdv1saItNrRJ1mRddw8KwpOxM2dPrc9y52RftDDp+Bg7g88xaH2bCnfe9OJ8NC5ZeNzWtcm0iS82s7gzY41kH2ufZWPEuolziN8m62vGdT42hewkrrs2C6yZ+FwylU89XfUo0ddZ+RHCZ1hvkWzJXA4GBeHJxMUk+0GSUeuz3DVVFvYtuL6NQuccE9hvcR17jIJwXLKIzWOt1yfzkmGx5eqd7PI2CsKvKQfWj4LgvBgvzyjDd72GxXWr9XpkjcSxa873Iq7pK2zAiutm1g0ccay1XrPIjsn8aNEbBWGHZN3xkVW2xd1Kd7Hanfw2BvjP8XjRt/Gbuo+xWWFcsizAZxtn7JqdN9I4z6yXLOenkZQD6yfuSrNu8ZxZdxrtXhi4a2jtxPEVY4yq54G4lq+0ppR9Lc/5QDIkzpsVzpkKwo7xuNE9RPPf+vx2TMVjTrnzLe4ifI6i+SWOn+dkuoaslkxl9YxFRDmWHTbyxd+nFFw78flwTHznWu+hrJUoC202/Fycl2eP+bLM7c3X90ncRZd5TWm1QvCW+JuqML6VnRPnyCobKhSEnWN36fqylAOVF/djB2frPamYrI+kGCUu7q33sVqivLAo9BwF87hkWoB3nKyVGDOter2MhTm/M7h+Ki3mnRXjC5sk9sjtbiLeivdk9jGc7fFlSoG9cisKMyyEx2uI17LqZpUdNq71FK/VOFd2TeYNFO8pCAckBpOVTvg72eH4ORKLFC/sUH4533Bc7JZuvY+V4jdozmm9p9Inma5tHrW3bq5+xN5TheD/8399/2f/9//R/r/JtMxYJMi0eUdBsF9uJUElcT24ohC8JfOmX8XA3onPLuaNK29IjvW9KNd3Oc4qb+62eVJ2S7Xvq4JwUKrtCtlFlkfDuWvshUnHS6pN5J8Vx0vr/auU+B0AnhcLt633VfokzudZOFbWTiwEz7x2xrgtxqBPL0BHOfhnf9b+v8m0jNzEEGOUKK/jPJhpDmlj1p6J4zDOkZnXM2Jd6erfx6qwZhTXv6vKV+mXOCfE9yU2wF15zMbxFOemuLbsdlxVX7PxdAHZKRWfrqAgHBgl4XoylEkW+N8y6ci987SnGJS33r8qcZyc566w8ck0bsow5sie+Ixid/yI4+5WCjoOciXmor3F8RfX6Nt/I9NY//1rk70Sc6w4j8X5LINYoI5FvxXOy5XWiqrPwTImvkNR0sX3Ka6LI+5+j/NOzL3ivxEbdHZe86lYNrT4qSDZIXF+q3J9fk1BOCEx+MsyqN7Z1TsEe8SjAT9XfeLhsbNfq3w3T0ymXIP68GiU8ck0gVYo75uYGMb3PY7HVmLBPP7vzgk1E8dADzE2+aw8i2v3iAXXq8Q4pPU6Zc/EcRvnwRGF+VlxrMWcedU7jCqPyzOsx4g8Epv7P4qxzc5lr+ROjG2qUhBOigXaa0X73/pcdooC6L7qO5JWnKSvovKE1HHRR4bryA7JdK1zzIjkzdlra8wL7y2QRQmTibuI8ua2oSI2xswqtuMaG9/DOK5umzZaf9tKsSZks53USaW7hB/lTkJZMdnG3Y9SEE5MDAhj0Mx8MWFpfSY7RcF8TOUiSIncFgPzqrvUYtGEPtwNNi+ZJtN+f0uuSkxyI63/m5zPmYX+RxbGet2tuAqLgnUS85JbcXgrD2Mt55bWtT7Kxdf/TCSOmdu/4/bvbP33Vo9y8EV87q5Nkj3KwfvMkWS1VL9GKwgvSpwMXTDm2L0wqr6L4VlVi0LHy1txnq1YDnqcSV9xHLXeZxmTTJsdHDsyO3H+v80xbGyYk5jXfbaoEJ9FbNY5sxCW8bdQKm/ok1pRDLbFOU1RKNmiGHxMlvV92TsxRkdBeGlisBivh3FiMN5673eKCcXzqi4+uGvsm9ht3HqPMkc52J87HuYn029v2SErs/L+/B/fo9Y/J2MSc7vbHU6RnhuUMi5eKAcke5SDX1MSSqbE9105+DjzbLkySv1vFIQLJBawGWP3Aadj47xdH0NzJganLyoujCoH+4vvUty90Xq/ZVwyHcvu4pIZ+ew707OkkmsTi2iZKAckc5SDxzgPSIb4vp9jM6VcEd/btxSEi0Uh1Mfui3EKnv5i4az1XmdOfA+qqrYgrxgcIwaMFtevSywYZRF3drdeo8jZ3HtqgJ3ZuZLpvHijIJBMiU1lFhwfF+eBiht7Ze/Etcu6XR+xudu8W2ZF9/KRgnDBxEXGo0efl2FBt3KxM1K1kjC+B5ke03dUDNIrDS6Vg2NYsFwjWY7vauclGZ84no48UjzGxa3/veybjI+Sd82VDFEWnFdxU6/sGd/3/mzOlRmxftamIFw4cdC64Dwm3q/dHwVnJ8NY1SYdMXCtptLuU4ObMSxUrpUsx3lc31uvT+TRxOLJI3eoeExynmRekHTtlZ2jLOjnJ7//ZfM9Flklvu/jeOqKjEysFdKmINwkMbF3V+HnMkwo4zM2yJin2sAj427z9yp9ptl+h2gVcfe2XYvrJsNju0x65UziN1qeGStWe+x2xjxaCu8sjvFqG/pk39jcO06sfxmXy0qxOXceGyulZ5T69ykIN0u03YrCtzLchl5p0r+SWKitNOnIXBJmOA8cTYWyd7YYLPpx9H0SO8t3HuC7Q0aeydlFaIus+6bqPEFJKKvHmHy8OPcZN8kKifkHcxkHSI/EOFo5eJ+CcPNULQwzLebadXi9+J2+ShOPTJPZKsVghjunVhPfA4/d2z/xGe54TvP4LDmSGJv0+i1hdxHuGdd+d17LWnEXwnWMnWR2Yp3BDRrXUxTKM6m6we5ZCsIkuS2QVRisxuvMUgh4RME6MpXOR5KhmK6yYGQhop94H+PYVwzmS4wL4rPtVaaMFsei41C+SowRe5/7K2yoyZQdNz+MEmsAjl+5Oubu18u0FiRrJ+bgyoV1KAnlkfj+Pk5BmCwxWIoTZ8YvQux8zrSYZoKxplhgbn1eGfPsbxmtoMoOUueJPmLsYFJRJ3FuizHD6mKs1vr7pXZiLD+qGHL3xT5RDn4U58xY8Gm9XyIjM/K8zOOcC2R0dl4nycw4Vo7EBvvnKAiLJL4gP/3Dr7cpDm+LuRl3hzlZ7aHaY0djsLX6cRnlbYUdo7ERIuMmj9Hi+I1SKK4d7syS97ltoIoFvtXOdcpricy6sz9+nqD135frE+cp1/9jKm3ok+sS12fz9rW5o1B6JY6jHTYY4nsv7Sj2z1EQFkwsnN4WyVZ5FNfrhd3MJ3rl4H4qLUDEd2/F3bHxN1UpfAxqHhPXsPiOVirzpU/imImNESssxsd33jFcN7M3hZhLrZkYgykHHxPHsgVCGZFV50S0xbnTOErOJI6fXX6mgBfxvTcGkFuiS+AcBaH8sDARi9KxyBrv7+gLYyyExX8n7miML3GVhf/YsW3hf0/VFiDiO3n1pDi+K5WKwTi+4pzIY9xBIGcTx9AKlIQ1c9Xd++4iXCsWJp8X3x/Hs/RMHE++j3vy+EF5JqvMBXhcnKvNn8SGnj4UhCKDEwNV8og7XSvuVIqiLo7leP09FzNjUBcX9Ox3D38WE5JzFIRyNqt9B+2GzZ34bFc55pQq18du577cRSTPJo4bd/DmEXNVZaF8FU/tySc2W7c+a8kZm+v6UxCKDIydDDnFYDIGla3PvEpe33kcg7E4N99ym2DH//f1/3t8H+KfjwWxWJisvAhuIaIPBaGczWoFYYhrjEXufFntrpT4W1p/p8yJpwaMY2wgRxNzEd/FvGL+WeVpNHIs8Z33O4N5xXfeRsv8cRPOGApCkQGJi5LF//xicGnSIY8kzg0rFhK7sggoZ7Pq91FJmCcxTlh1Mco5dH5iHBDzWcaKeZhzqHwVjxKtIcZTrnUSiU3K7hrMz2b+vFHwj6Ug/CIxoY/BxFcDxzj5xF0xTkASWXWhkfHiPOFxXdLKyovDuzPhl7PZ4brtkTn7JXa27rIIFUWK3dbjY7fzdWKMbq4ukbjmKwhqi7U717wasTEXa3T7J77H7vSfQ0H4SZ6Z2N/KQiegeokCwB2DhDhHuatQIiYl4ykI5Wx2+Y7GGMO1Zf3E7vQd70iJ+Uvr9cj5xFjAHYNrMEavmyiIdzw3M0as25lD5I7vPK9FwWRjwH5xp/9cCsJ3iZNGjzs94iCOk5BHm+TPTrvEmScW2yxC1I1HmMxhci9ns1OJH+eUOLe0Xodcm12LwddiPNt6bfJ8YoHSWGA97iCqk1hcVNDzmbhuG1fliu88n4nvu5t59kiM0WKsxlwKwleZcQDGDvCYgCsO9k2crNzizCNuuxQtRuRNhsXhHSkI5Wx2KghfUxZem8znfMfVudg4uBdj9FyJNRaLijwr1hoVCHvFd55nuPavlzj3eirftRSEPyYmc7MpC/dLXERM+nlWHDtRLvvO54li8FoKQjmbXQvCmxgXu6bMSSwixPFS4ZyvJHw87lrYm8XCvaMkoCdF4frxnaeHuPYb816b+C4bP6+hfEEYk4DVJvqKw3Vi8Z/R4pxmULJHbhMRmwTWoSCUs9m9IHzNJLdv4r2sPmGNa57CpJ1bYWxMkFcc/0qCNRPnZ3caMEusB8Ux53p4XYzJmOH2XW8dg9Inyv11lS8IV39UpLJwfkz4uUIMRuK4811fLyYk64rPJb43Is8m43fb5Pb5xG+Hx9zAGPCbmIv4TfVvMU+oJ74DyoHrE3Ok+O7ZvMtV4rzvaUDz4jvPVW5zKdf9fokNV4rBtZUuCGOyu5OYnMQF0iR9TOJ9dcJiBXGeMyC5NrfzgQVAYFeKwmOJBajYjGcB6msxB2m9f1VyW6g0LqgrPvsYG5qLz813v/3F9z//4+9+/BRgDebrYxLvZ7yvGTfwsZ+47sfYz6aA5+P7vI+yBWEcpJnEoNmdhsdyG3SYaLCT26JETJJNRPolFnliJ6iFYSC7uI5U3vl+KwI9lu68mI9lfvTiba7gWOEIm3j7xJic3cWxG8ewRxPfz+s1ORtv2Mnte27t/W2ss++vZEEYB27mgWe8tigS4supSHhJTDhiUcjOBbKwKeC5xDkxSlZ3BwKVxXiowjgxzvcWnMfJVhQaH3DWbeEwjqXWMSZv4xxNVjb3fkyMF2Izhc03ZBHHcvU1OWPnPEoWhHFRqiROWjHwjoWgKieueJ3xeuNEZcJBdq83BSgM3+ZWCMY50GQE4KPYcJKlLLwtPtkQNleMQ3ZdILGwwUhxLopzkjuKXnLbtOsOA6qpeC64jcncJUgFt3X37E8TuK21u47nU64grFYOHhUT+9ugJb7sKw5cYuEq/q74++LvjL9X+QfHxIAlFsBuE5Pdi8Tb+SAWGWIgFucDAPqJxZzb2DBKlCuvG+/Hfxaa9nDbwBTX6ivmFnHMxn/XccOqXs/B4zy768Li63F5fOdtyoPHvD8XXHHNvJfWepzvOtwX488o1OJ7E9+hlTdlxjgkvuM22NdTqiCML6GJ4ePiPb8NViK3AjHSY7HoNnm/5fbfuS36OynBOPEduw1Wbgt4kdZ3dXZicBJ/y20SEn9n/L0AXONWGt42nLweE7bO4/dyW2yKxILYbQx4O98bt+cT4/r4bN+PO55ZLHl9/NzGCnFsGiuwu9dlQeTM96RXXn/f4m+6zdWdp2Gc27jrNl9/fT6ItL6rj+b1v681FrMeB/29vs7fxsMzN2O+/r7b2EPYriC8XSCfiQN+rtsCgPcd9nUbuEReT0xueb24dyTxz7//d9wmH5H47wGQw20s6NzOs27jAyUEfPN+TeT92PqR8fnrQuCWW9Eecf6G/bw+R7h+wl5er8HFZpzX1+fWdfx93q+5vV5vg89sVxACAAAAAAAAz1MQAgAAAAAAQCEKQgAAAAAAAChEQQgAAAAAAACFKAgBAAAAAACgEAUhAAAAAAAAFKIgBAAAAAAAgEIUhAAAAAAAAFCIghAAAAAAAAAKURACAAAAAABAIQpCAAAAAAAAKERBCAAAAAAAAIUoCAEAAAAAAKAQBSEAAAAAAAAUoiAEAAAAAACAQhSEAAAAAAAAUIiCEAAAAAAAAApREAIAAAAAAEAhCkIAAAAAAAAoREEIAAAAAAAAhSgIAQAAAAAAoBAFIQAAAAAAABSiIAQAAAAAAIBCFIQAAAAAAABQiIIQAAAAAAAAClEQAgAAAAAAQCEKQgAAAAAAAChEQQgAAAAAAACFKAgBAAAAAACgEAUhAAAAAAAAFKIgBAAAAAAAgEIUhAAAAAAAAFCIghAAAAAAAAAKURACAAAAAABAIQpCAAAAAAAAKERBCAAAAAAAAIUoCAEAAAAAAKAQBSEAAAAAAAAUoiAEAAAAAACAQhSEAAAAAAAAUIiCEAAAAAAAAApREAIAAAAAAEAhCkIAAAAAAAAoREEIAAAAAAAAhSgIAQAAAAAAoBAFIQAAAAAAABSiIAQAAAAAAIBCFIQAAAAAAABQiIIQAAAAAAAAClEQAgAAAAAAQCEKQgAAAAAAAChEQQgAAAAAAACFKAgBAAAAAACgEAUhAAAAAAAAFKIgBAAAAAAAgEIUhAAAAAAAAFCIghAAAAAAAAAKURACAAAAAABAIQpCAAAAAAAAKERBCAAAAAAAAIUoCAEAAAAAAKAQBSEAAAAAAAAUoiAEAAAAAACAQhSEAAAAAAAAUIiCEAAAAAAAAApREAIAAAAAAEAhCkIAAAAAAAAoREEIAAAAAAAAhSgIAQAAAAAAoBAFIQAAAAAAABSiIAQAAAAAAIBCFIQAAAAAAABQiIIQAAAAAAAAClEQAgAAAAAAQCEKQgAAAAAAAChEQQgAAAAAAACFKAgBAAAAAACgEAUhAAAAAAAAFKIgBAAAAAAAgEIUhAAAAAAAAFCIghAAAAAAAAAKURACAAAAAABAIQpCAAAAAAAAKERBCAAAAAAAAIUoCAEAAAAAAKAQBSEAAAAAAAAUoiAEAAAAAACAQhSEAAAAAAAAUIiCEAAAAAAAAApREAIAAAAAAEAhCkIAAAAAAAAoREEIAAAAAAAAhSgIAQAAAAAAoBAFIQAAAAAAABSiIAQAAAAAAIBCFIQAAAAAAABQiIIQAAAAAAAAClEQAgAAAAAAQCEKQgAAAAAAAChEQQgAAAAAAACFKAgBAAAAAACgEAUhAAAAAAAAFKIgBAAAAAAAgEIUhAAAAAAAAFCIghAAAAAAAAAKURACAAAAAABAIQpCAAAAAAAAKERBCAAAAAAAAIUoCAEAAAAAAKAQBSEAAAAAAAAUoiAEAAAAAACAQhSEAAAAAAAAUIiCEAAAAAAAAApREAIAAAAAAEAhCkIAAAAAAAAoREEIAAAAAAAAhSgIAQAAAAAAoBAFIQAAAAAAABSiIAQAAAAAAIBCFIQAAAAAAABQiIIQAAAAAAAAClEQAgAAAAAAQCEKQgAAAAAAAChEQQgAAAAAAACFKAgBAAAAAACgEAUhAAAAAAAAFKIgBAAAAAAAgEIUhAAAAAAAAFCIghAAAAAAAAAKURACAAAAAABAIQpCAAAAAAAAKERBCAAAAAAAAIUoCAEAAAAAAKAQBSEAAAAAAAAUoiAEAAAAAACAQhSEAAAAAAAAUIiCEAAAAAAAAApREAIAAAAAAEAhCkIAAAAAAAAoREEIAAAAAAAAhSgIAQAAAAAAoBAFIQAAAAAAABSiIAQAAAAAAIBCFIQAAAAAAABQiIIQAAAAAAAAClEQAgAAAAAAQCEKQgAAAAAAAChEQQgAAAAAAACFKAgBAAAAAACgEAUhAAAAAAAAFKIgBAAAAAAAgEIUhAAAAAAAAFCIghAAAAAAAAAKURACAAAAAABAIQpCAAAAAAAAKERBCAAAAAAAAIUoCAEAAAAAAKAQBSEAAAAAAAAUoiAEAAAAAACAQhSEAAAAAAAAUIiCEAAAAAAAAMr4/vv/H4GEmU4rGlZWAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pubsubplus.solace.com + resources: + - pubsubpluseventbrokers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pubsubplus.solace.com + resources: + - pubsubpluseventbrokers/finalizers + verbs: + - update + - apiGroups: + - pubsubplus.solace.com + resources: + - pubsubpluseventbrokers/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + serviceAccountName: pubsubplus-eventbroker-operator + deployments: + - label: + app.kubernetes.io/component: controller + app.kubernetes.io/name: solace-pubsubplus-eventbroker-operator + app.kubernetes.io/version: version + control-plane: controller-manager + name: pubsubplus-eventbroker-operator + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: solace-pubsubplus-eventbroker-operator + app.kubernetes.io/version: version + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --zap-log-level=info + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + image: docker.io/solace/pubsubplus-eventbroker-operator:1.2.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + imagePullSecrets: + - name: regcred + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pubsubplus-eventbroker-operator + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: pubsubplus-eventbroker-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - solace + - pubsubplus + - pubsub+ + - pubsub + - messaging + - advanced event broker + - event broker + - event mesh + - event streaming + - data streaming + - event integration + - middleware + links: + - name: Operator QuickStart + url: https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart + - name: Operator Documentation + url: https://github.com/SolaceProducts/pubsubplus-kubernetes-quickstart/blob/main/docs/EventBrokerOperatorUserGuide.md + - name: Solace.com + url: https://solace.com + - name: Understanding Solace Technology + url: https://solace.com/products/platform/ + - name: Solace PubSub+ Technical Documentation + url: https://docs.solace.com/ + - name: Solace Developer Portal + url: https://www.solace.dev/ + - name: Solace Community + url: https://solace.community/ + maintainers: + - email: support@solace.com + name: Solace R&D + maturity: stable + minKubeVersion: 1.23.0 + provider: + name: Solace Corporation + url: www.solace.com + version: 1.2.0 diff --git a/operators/pubsubplus-eventbroker-operator/1.2.0/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml b/operators/pubsubplus-eventbroker-operator/1.2.0/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml new file mode 100644 index 00000000000..c1c3515b40a --- /dev/null +++ b/operators/pubsubplus-eventbroker-operator/1.2.0/manifests/pubsubplus.solace.com_pubsubpluseventbrokers.yaml @@ -0,0 +1,1661 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/version: v1.2.0 + name: pubsubpluseventbrokers.pubsubplus.solace.com +spec: + group: pubsubplus.solace.com + names: + kind: PubSubPlusEventBroker + listKind: PubSubPlusEventBrokerList + plural: pubsubpluseventbrokers + shortNames: + - eb + - eventbroker + singular: pubsubpluseventbroker + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: PubSub+ Event Broker + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EventBrokerSpec defines the desired state of PubSubPlusEventBroker + properties: + adminCredentialsSecret: + description: |- + Defines the password for PubSubPlusEventBroker if provided. Random one will be generated if not provided. + When provided, ensure the secret key name is `username_admin_password`. For valid values refer to the Solace documentation https://docs.solace.com/Admin/Configuring-Internal-CLI-User-Accounts.htm. + nullable: true + type: string + brokerContainerSecurity: + description: ContainerSecurityContext defines the container security + context for the PubSubPlusEventBroker. + properties: + runAsGroup: + description: Specifies runAsGroup in container security context. + 0 or unset defaults either to 1000002, or if OpenShift detected + to unspecified (see documentation) + format: int64 + type: number + runAsUser: + description: Specifies runAsUser in container security context. + 0 or unset defaults either to 1000001, or if OpenShift detected + to unspecified (see documentation) + format: int64 + type: number + type: object + developer: + default: false + description: |- + Developer true specifies a minimum footprint scaled-down deployment, not for production use. + If set to true it overrides SystemScaling parameters. + type: boolean + enableServiceLinks: + default: false + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's environment + variables, matching the syntax of Docker links. Optional: Defaults to false. + type: boolean + extraEnvVars: + description: |- + List of extra environment variables to be added to the PubSubPlusEventBroker container. Note: Do not configure Timezone or SystemScaling parameters here as it could cause unintended consequences. + A primary use case is to specify configuration keys, although the variables defined here will not override the ones defined in ConfigMap + items: + description: ExtraEnvVar defines environment variables to be added + to the PubSubPlusEventBroker container + properties: + name: + description: Specifies the Name of an environment variable to + be added to the PubSubPlusEventBroker container + type: string + value: + description: Specifies the Value of an environment variable + to be added to the PubSubPlusEventBroker container + type: string + required: + - name + - value + type: object + type: array + extraEnvVarsCM: + description: 'List of extra environment variables to be added to the + PubSubPlusEventBroker container from an existing ConfigMap. Note: + Do not configure Timezone or SystemScaling parameters here as it + could cause unintended consequences.' + type: string + extraEnvVarsSecret: + description: List of extra environment variables to be added to the + PubSubPlusEventBroker container from an existing Secret + type: string + image: + description: Image defines container image parameters for the event + broker. + properties: + pullPolicy: + default: IfNotPresent + description: Specifies ImagePullPolicy of the container image + for the event broker. + type: string + pullSecrets: + description: pullSecrets is an optional list of references to + secrets in the same namespace to use for pulling any of the + images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + repository: + description: Defines the container image repo where the event + broker image is pulled from + type: string + tag: + default: latest + description: Specifies the tag of the container image to be used + for the event broker. + type: string + type: object + monitoring: + description: Monitoring specifies a Prometheus monitoring endpoint + for the event broker + properties: + enabled: + default: false + description: Enabled true enables the setup of the Prometheus + Exporter. + type: boolean + extraEnvVars: + description: List of extra environment variables to be added to + the Prometheus Exporter container. + items: + description: MonitoringExtraEnvVar defines environment variables + to be added to the Prometheus Exporter container for Monitoring + properties: + name: + description: Specifies the Name of an environment variable + to be added to the Prometheus Exporter container for Monitoring + type: string + value: + description: Specifies the Value of an environment variable + to be added to the Prometheus Exporter container for Monitoring + type: string + required: + - name + - value + type: object + type: array + image: + description: Image defines container image parameters for the + Prometheus Exporter. + properties: + pullPolicy: + default: IfNotPresent + description: Specifies ImagePullPolicy of the container image + for the Prometheus Exporter. + type: string + pullSecrets: + description: pullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any + of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + repository: + description: Defines the container image repo where the Prometheus + Exporter image is pulled from + type: string + tag: + default: latest + description: Specifies the tag of the container image to be + used for the Prometheus Exporter. + type: string + type: object + includeRates: + default: false + description: Defines if Prometheus Exporter should include rates + type: boolean + metricsEndpoint: + description: MetricsEndpoint defines parameters to configure monitoring + for the Prometheus Exporter. + properties: + containerPort: + default: 9628 + description: ContainerPort is the port number to expose on + the Prometheus Exporter pod. + format: int32 + type: number + endpointTlsConfigPrivateKeyName: + default: tls.key + description: EndpointTlsConfigPrivateKeyName is the file name + of the Private Key used to set up TLS configuration + type: string + endpointTlsConfigSecret: + description: EndpointTLSConfigSecret defines TLS secret name + to set up TLS configuration + type: string + endpointTlsConfigServerCertName: + default: tls.crt + description: EndpointTlsConfigServerCertName is the file name + of the Server Certificate used to set up TLS configuration + type: string + listenTLS: + default: false + description: Defines if Metrics Service Endpoint uses TLS + configuration + type: boolean + name: + description: Name is a unique name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + enum: + - TCP + - UDP + - SCTP + type: string + servicePort: + default: 9628 + description: ServicePort is the port number to expose on the + service + format: int32 + type: number + serviceType: + default: ClusterIP + description: Defines the service type for the Metrics Service + Endpoint + type: string + type: object + sslVerify: + default: false + description: Defines if Prometheus Exporter verifies SSL + type: boolean + timeOut: + default: 5 + description: Timeout configuration for Prometheus Exporter scrapper + format: int32 + type: number + type: object + monitoringCredentialsSecret: + description: |- + Defines the password for PubSubPlusEventBroker to be used by the Exporter for monitoring. + When provided, ensure the secret key name is `username_monitor_password`. For valid values refer to the Solace documentation https://docs.solace.com/Admin/Configuring-Internal-CLI-User-Accounts.htm. + nullable: true + type: string + nodeAssignment: + description: NodeAssignment defines labels to constrain PubSubPlusEventBroker + nodes to run on particular node(s), or to prefer to run on particular + nodes. + items: + description: NodeAssignment defines labels to constrain PubSubPlusEventBroker + nodes to specific nodes + properties: + name: + description: Defines the name of broker node type that has the + nodeAssignment spec defined + enum: + - Primary + - Backup + - Monitor + type: string + spec: + description: If provided defines the labels to constrain the + PubSubPlusEventBroker node to specific nodes + properties: + affinity: + default: {} + description: Affinity if provided defines the conditional + approach to assign PubSubPlusEventBroker nodes to specific + nodes to which they can be scheduled + nullable: true + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + nodeSelector: + additionalProperties: + type: string + default: {} + description: NodeSelector if provided defines the exact + labels of nodes to which PubSubPlusEventBroker nodes can + be scheduled + type: object + tolerations: + description: Toleration if provided defines the exact properties + of the PubSubPlusEventBroker nodes can be scheduled on + nodes with d matching taint. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + type: object + required: + - name + - spec + type: object + type: array + podAnnotations: + additionalProperties: + type: string + default: {} + description: PodAnnotations allows adding provider-specific pod annotations + to PubSubPlusEventBroker pods + type: object + podDisruptionBudgetForHA: + default: false + description: |- + PodDisruptionBudgetForHA enables setting up PodDisruptionBudget for the broker pods in HA deployment. + This parameter is ignored for non-HA deployments (if redundancy is false). + type: boolean + podLabels: + additionalProperties: + type: string + default: {} + description: PodLabels allows adding provider-specific pod labels + to PubSubPlusEventBroker pods + type: object + preSharedAuthKeySecret: + description: |- + PreSharedAuthKeySecret defines the PreSharedAuthKey Secret for PubSubPlusEventBroker. Random one will be generated if not provided. + When provided, ensure the secret key name is `preshared_auth_key`. For valid values refer to the Solace documentation https://docs.solace.com/Features/HA-Redundancy/Pre-Shared-Keys-SMB.htm?Highlight=pre%20shared. + nullable: true + type: string + redundancy: + default: false + description: Redundancy true specifies HA deployment, false specifies + Non-HA. + type: boolean + securityContext: + description: SecurityContext defines the pod security context for + the event broker. + properties: + fsGroup: + description: Specifies fsGroup in pod security context. 0 or unset + defaults either to 1000002, or if OpenShift detected to unspecified + (see documentation) + format: int64 + type: number + runAsUser: + description: Specifies runAsUser in pod security context. 0 or + unset defaults either to 1000001, or if OpenShift detected to + unspecified (see documentation) + format: int64 + type: number + type: object + service: + description: Service defines broker service details. + properties: + annotations: + additionalProperties: + type: string + default: {} + description: Annotations allows adding provider-specific service + annotations + type: object + ports: + default: + - containerPort: 2222 + name: tcp-ssh + protocol: TCP + servicePort: 2222 + - containerPort: 8080 + name: tcp-semp + protocol: TCP + servicePort: 8080 + - containerPort: 1943 + name: tls-semp + protocol: TCP + servicePort: 1943 + - containerPort: 55555 + name: tcp-smf + protocol: TCP + servicePort: 55555 + - containerPort: 55003 + name: tcp-smfcomp + protocol: TCP + servicePort: 55003 + - containerPort: 55443 + name: tls-smf + protocol: TCP + servicePort: 55443 + - containerPort: 55556 + name: tcp-smfroute + protocol: TCP + servicePort: 55556 + - containerPort: 8008 + name: tcp-web + protocol: TCP + servicePort: 8008 + - containerPort: 1443 + name: tls-web + protocol: TCP + servicePort: 1443 + - containerPort: 9000 + name: tcp-rest + protocol: TCP + servicePort: 9000 + - containerPort: 9443 + name: tls-rest + protocol: TCP + servicePort: 9443 + - containerPort: 5672 + name: tcp-amqp + protocol: TCP + servicePort: 5672 + - containerPort: 5671 + name: tls-amqp + protocol: TCP + servicePort: 5671 + - containerPort: 1883 + name: tcp-mqtt + protocol: TCP + servicePort: 1883 + - containerPort: 8883 + name: tls-mqtt + protocol: TCP + servicePort: 8883 + - containerPort: 8000 + name: tcp-mqttweb + protocol: TCP + servicePort: 8000 + - containerPort: 8443 + name: tls-mqttweb + protocol: TCP + servicePort: 8443 + description: Ports specifies the ports to expose PubSubPlusEventBroker + services. + items: + description: Port defines parameters configure Service details + for the Broker + properties: + containerPort: + description: Port number to expose on the pod. + format: int32 + type: number + name: + description: Unique name for the port that can be referred + to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + enum: + - TCP + - UDP + - SCTP + type: string + servicePort: + description: Port number to expose on the service + format: int32 + type: number + required: + - containerPort + - name + - protocol + - servicePort + type: object + type: array + type: + default: LoadBalancer + description: ServiceType specifies how to expose the broker services. + Options include ClusterIP, NodePort, LoadBalancer (default). + type: string + type: object + serviceAccount: + description: ServiceAccount defines a ServiceAccount dedicated to + the PubSubPlusEventBroker + properties: + name: + description: |- + Name specifies the name of an existing ServiceAccount dedicated to the PubSubPlusEventBroker. + If this value is missing a new ServiceAccount will be created. + type: string + required: + - name + type: object + storage: + description: Storage defines storage details for the broker. + properties: + customVolumeMount: + description: CustomVolumeMount can be used to show the data volume + should be mounted instead of using a storage class. + items: + description: StorageCustomVolumeMount defines Image details + and pulling configurations + properties: + name: + description: Defines the name of PubSubPlusEventBroker node + type that has the customVolumeMount spec defined + enum: + - Primary + - Backup + - Monitor + type: string + persistentVolumeClaim: + description: Defines the customVolumeMount that can be used + mount the data volume instead of using a storage class + properties: + claimName: + description: Defines the claimName of a custom PersistentVolumeClaim + to be used instead + type: string + required: + - claimName + type: object + type: object + type: array + messagingNodeStorageSize: + default: 30Gi + description: MessagingNodeStorageSize if provided will assign + the minimum persistent storage to be used by the message nodes. + type: string + monitorNodeStorageSize: + default: 3Gi + description: MonitorNodeStorageSize if provided this will create + and assign the minimum recommended storage to Monitor pods. + type: string + slow: + default: false + description: Slow indicate slow storage is in use, an example + is NFS. + type: boolean + useStorageClass: + description: UseStrorageClass Name of the StorageClass to be used + to request persistent storage volumes. If undefined, the "default" + StorageClass will be used. + type: string + type: object + systemScaling: + description: |- + SystemScaling provides exact fine-grained specification of the event broker scaling parameters + and the assigned CPU / memory resources to the Pod. + type: object + x-kubernetes-preserve-unknown-fields: true + timezone: + default: UTC + description: Defines the timezone for the event broker container, + if undefined default is UTC. Valid values are tz database time zone + names. + type: string + tls: + description: TLS provides TLS configuration for the event broker. + properties: + certFilename: + default: tls.key + description: Name of the Certificate file in the `serverCertificatesSecret` + type: string + certKeyFilename: + default: tls.crt + description: Name of the Key file in the `serverCertificatesSecret` + type: string + enabled: + default: false + description: Enabled true enables TLS for the broker. + type: boolean + serverTlsConfigSecret: + default: example-tls-secret + description: Specifies the tls configuration secret to be used + for the broker + type: string + type: object + updateStrategy: + default: automatedRolling + description: UpdateStrategy specifies how to update an existing deployment. + manualPodRestart waits for user intervention. + enum: + - automatedRolling + - manualPodRestart + type: string + type: object + status: + description: EventBrokerStatus defines the observed state of the PubSubPlusEventBroker + properties: + broker: + description: Broker section provides the broker status + properties: + adminCredentialsSecret: + type: string + brokerImage: + type: string + haDeployment: + type: string + serviceName: + type: string + serviceType: + type: string + statefulSets: + items: + type: string + type: array + tlsSecret: + type: string + tlsSupport: + type: string + type: object + conditions: + description: Conditions provide information about the observed status + of the deployment + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + podsList: + description: PodsList are the names of the eventbroker and optionally + the monitoring pods + items: + type: string + type: array + prometheusMonitoring: + description: Monitoring sectionprovides monitoring support status + properties: + enabled: + type: string + exporterImage: + type: string + serviceName: + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pubsubplus-eventbroker-operator/1.2.0/metadata/annotations.yaml b/operators/pubsubplus-eventbroker-operator/1.2.0/metadata/annotations.yaml new file mode 100644 index 00000000000..d6a20999992 --- /dev/null +++ b/operators/pubsubplus-eventbroker-operator/1.2.0/metadata/annotations.yaml @@ -0,0 +1,18 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: pubsubplus-eventbroker-operator + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + # Required by RedHat certification + com.redhat.openshift.versions: "v4.11" diff --git a/operators/pubsubplus-eventbroker-operator/1.2.0/tests/scorecard/config.yaml b/operators/pubsubplus-eventbroker-operator/1.2.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..32323e94180 --- /dev/null +++ b/operators/pubsubplus-eventbroker-operator/1.2.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.23.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.23.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.23.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.23.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.23.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.23.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/pulsar-resources-operator/0.6.1/bundle.Dockerfile b/operators/pulsar-resources-operator/0.6.1/bundle.Dockerfile new file mode 100644 index 00000000000..9cc4042d586 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=pulsar-resources-operator +LABEL operators.operatorframework.io.bundle.channels.v1=alpha,beta,stable +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.31.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-controller-manager-metrics-service_v1_service.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..5f429958c54 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: pulsar-resources-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-manager-config_v1_configmap.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..b0010382a50 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + # Copyright 2024 StreamNative + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: ed4866ca.streamnative.io +kind: ConfigMap +metadata: + name: pulsar-resources-operator-manager-config diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..aefabbcdb40 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: pulsar-resources-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator.clusterserviceversion.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..595ca3d9e19 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/pulsar-resources-operator.clusterserviceversion.yaml @@ -0,0 +1,678 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarConnection", + "metadata": { + "name": "pulsarconnection-sample", + "namespace": "pulsar" + }, + "spec": { + "adminServiceURL": "http://c-sn-platform-broker.pulsar.svc.cluster.local:8080", + "authentication": { + "token": { + "secretRef": { + "key": "brokerClientAuthenticationParameters", + "name": "c-sn-platform-vault-secret-env-injection" + } + } + } + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarGeoReplication", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "pulsar-resources-operator", + "app.kubernetes.io/instance": "pulsargeoreplication-sample", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "pulsargeoreplication", + "app.kubernetes.io/part-of": "pulsar-resources-operator" + }, + "name": "pulsargeoreplication-sample" + }, + "spec": { + "connectionRef": { + "name": "local-pulsarconnection" + }, + "destinationConnectionRef": { + "name": "remote-pulsarconnection" + } + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarNamespace", + "metadata": { + "name": "pulsarnamespace-sample", + "namespace": "pulsar" + }, + "spec": { + "backlogQuotaLimitSize": "1Gi", + "backlogQuotaLimitTime": "2h", + "backlogQuotaRetentionPolicy": "producer_request_hold", + "bundles": 16, + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "maxConsumersPerSubscription": 4, + "maxConsumersPerTopic": 12, + "maxProducersPerTopic": 2, + "messageTTL": "1h", + "name": "tenant-one/testns", + "retentionSize": "2Gi", + "retentionTime": "20h" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarPackage", + "metadata": { + "name": "pulsarpackage-sample", + "namespace": "pulsar" + }, + "spec": { + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "description": "test", + "fileURL": "https://www.apache.org/dyn/mirrors/mirrors.cgi?action=download\u0026filename=pulsar/pulsar-2.10.4/connectors/pulsar-io-file-2.10.4.nar", + "lifecyclePolicy": "CleanUpAfterDeletion", + "packageURL": "function://public/default/test@latest" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarPermission", + "metadata": { + "name": "pulsarpermission-namespace", + "namespace": "pulsar" + }, + "spec": { + "actions": [ + "produce", + "consume" + ], + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "resourceName": "tenant-one/testns", + "resourceType": "namespace", + "roles": [ + "ironman" + ] + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarPermission", + "metadata": { + "name": "pulsarpermission-topic", + "namespace": "pulsar" + }, + "spec": { + "actions": [ + "produce", + "consume", + "functions" + ], + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "resourceName": "persistent://tenant-one/testns/topic123", + "resourceType": "topic", + "roles": [ + "superman" + ] + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarTenant", + "metadata": { + "name": "pulsartenant-sample", + "namespace": "pulsar" + }, + "spec": { + "adminRoles": [ + "admin", + "ops", + "devops" + ], + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "name": "tenant-one" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarTopic", + "metadata": { + "name": "pulsartopic-sample", + "namespace": "pulsar" + }, + "spec": { + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "maxConsumers": 9, + "maxProducers": 4, + "messageTTL": "1h", + "name": "persistent://tenant-one/testns/topic123" + } + } + ] + capabilities: Auto Pilot + categories: Streaming & Messaging + containerImage: olm.streamnative.io/streamnativeio/pulsar-resources-operator:v0.6.1 + createdAt: "2024-09-18T13:43:17Z" + description: Authored by StreamNative, this Pulsar Resources Operator manages + the Pulsar resources automatically using the manifest on Kubernetes. + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operators.openshift.io/valid-subscription: '["StreamNative Private Cloud License"]' + operators.operatorframework.io/builder: operator-sdk-v1.31.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + support: StreamNative, Inc. + name: pulsar-resources-operator.v0.6.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: PulsarConnection is the Schema for the pulsarconnections API + displayName: Pulsar Connection + kind: PulsarConnection + name: pulsarconnections.resource.streamnative.io + version: v1alpha1 + - description: PulsarFunction is the Schema for the pulsarfunctions API + displayName: Pulsar Function + kind: PulsarFunction + name: pulsarfunctions.resource.streamnative.io + version: v1alpha1 + - description: PulsarGeoReplication is the Schema for the pulsargeoreplications + API + displayName: Pulsar GeoReplication + kind: PulsarGeoReplication + name: pulsargeoreplications.resource.streamnative.io + version: v1alpha1 + - description: PulsarNamespace is the Schema for the pulsarnamespaces API + displayName: Pulsar Namespace + kind: PulsarNamespace + name: pulsarnamespaces.resource.streamnative.io + version: v1alpha1 + - description: PulsarPackage is the Schema for the pulsarpackages API + displayName: Pulsar Package + kind: PulsarPackage + name: pulsarpackages.resource.streamnative.io + version: v1alpha1 + - description: PulsarPermission is the Schema for the pulsarpermissions API + displayName: Pulsar Permission + kind: PulsarPermission + name: pulsarpermissions.resource.streamnative.io + version: v1alpha1 + - description: PulsarSink is the Schema for the pulsarsinks API + displayName: Pulsar Sink + kind: PulsarSink + name: pulsarsinks.resource.streamnative.io + version: v1alpha1 + - description: PulsarSource is the Schema for the pulsarsources API + displayName: Pulsar Source + kind: PulsarSource + name: pulsarsources.resource.streamnative.io + version: v1alpha1 + - description: PulsarTenant is the Schema for the pulsartenants API + displayName: Pulsar Tenant + kind: PulsarTenant + name: pulsartenants.resource.streamnative.io + version: v1alpha1 + - description: PulsarTopic is the Schema for the pulsartopics API + displayName: Pulsar Topic + kind: PulsarTopic + name: pulsartopics.resource.streamnative.io + version: v1alpha1 + description: | + Authored by [StreamNative](https://streamnative.io), this Pulsar Resources Operator is a controller that manages the Pulsar resources automatically using the manifest on Kubernetes. Therefore, you can manage the Pulsar resources without the help of `pulsar-admin` or `pulsarctl` CLI tool. It is useful for initializing basic resources when creating a new Pulsar cluster. + displayName: Pulsar Resources Operator + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgd2lkdGg9Ijc2OCIgaGVpZ2h0PSI3NjgiPgo8cGF0aCBkPSJNMCAwIEMyNTMuNDQgMCA1MDYuODggMCA3NjggMCBDNzY4IDI1My40NCA3NjggNTA2Ljg4IDc2OCA3NjggQzUxNC41NiA3NjggMjYxLjEyIDc2OCAwIDc2OCBDMCA1MTQuNTYgMCAyNjEuMTIgMCAwIFogIiBmaWxsPSIjRkVGRUZFIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIi8+CjxwYXRoIGQ9Ik0wIDAgQzYuMjYxOTA0MjkgMC4wMjUyOTg2IDEyLjUyMzgxOTMzIDAuMDI3Mzc3NzcgMTguNzg1NzY2ODQgMC4wMzIxMDE2MyBDMjkuOTMxNDgzODUgMC4wNDM3NTA0OSA0MS4wNzcwNjUzNSAwLjA3MjUwODUgNTIuMjIyNzIwOSAwLjExMDY3MjUgQzYyLjMzMjQ0ODU0IDAuMTQ1MTAyNDcgNzIuNDQyMTUxOTcgMC4xNjk5ODg0NyA4Mi41NTE5MjU5IDAuMTg1ODQ5MTkgQzgzLjIxOTg5MzM2IDAuMTg2OTAwMDggODMuODg3ODYwODMgMC4xODc5NTA5OCA4NC41NzYwNjk3MyAwLjE4OTAzMzcyIEM4Ny45MjgxNjI1MSAwLjE5NDI1NTExIDkxLjI4MDI1NTUxIDAuMTk5MzA5NjQgOTQuNjMyMzQ4NjYgMC4yMDQyODEzMyBDMTIyLjI5NzExMTkyIDAuMjQ1ODk4MzQgMTQ5Ljk2MTc0MTgyIDAuMzE2MDg2OTEgMTc3LjYyNjM4ODc5IDAuNDA1NTc1NzUgQzE3Ny42NDAzODA1NiAyLjk1NzE5MDA4IDE3Ny42NTA1NzQyMSA1LjUwODcyNjU1IDE3Ny42NTg2MTUzNSA4LjA2MDM2MDkxIEMxNzcuNjYyOTM1NzIgOC43NzcyMDU1NCAxNzcuNjY3MjU2MSA5LjQ5NDA1MDE4IDE3Ny42NzE3MDczOSAxMC4yMzI2MTczOCBDMTc3LjY4NDkyODExIDE1LjgzNDM5NjE1IDE3Ny4yNjMxOTI3MSAyMS4yNDU1OTk3MiAxNzYuMzc2Mzg4NzkgMjYuNzgwNTc1NzUgQzE3Ni4xNzUwNTMzNCAyOC4wOTk2NDkyNCAxNzYuMTc1MDUzMzQgMjguMDk5NjQ5MjQgMTc1Ljk2OTY1MDUxIDI5LjQ0NTM3MDY3IEMxNjkuOTA1MTQyMTYgNjcuNzk1Mjc5MjUgMTU1LjMwNjU0MTQ1IDEwNS42MDE4MjE5NCAxMjguNjI2Mzg4NzkgMTM0LjQwNTU3NTc1IEMxMjcuNzY2NTg0MSAxMzUuMzQ2NTkxMzggMTI2LjkwNjc3OTQxIDEzNi4yODc2MDcgMTI2LjAyMDkyMDA0IDEzNy4yNTcxMzgyNSBDMTA1Ljk3NjEyMTQ0IDE1OC4yNzkwMDk3NSA3OS44MTgxODk1NCAxNzAuNzYwMTU4ODMgNTEuNjI2Mzg4NzkgMTc2LjQwNTU3NTc1IEM1MC4wNDI3NzU1MSAxNzYuNzQ1ODg4MjUgNTAuMDQyNzc1NTEgMTc2Ljc0NTg4ODI1IDQ4LjQyNzE3MDA0IDE3Ny4wOTMwNzU3NSBDMzIuMDA0ODE4MTUgMTgwLjA2MDIyNTkxIDE0LjM2NzQ0MTMzIDE3OS4zNDEyNjU3NSAtMi4wNjExMTEyMSAxNzYuOTA1NTc1NzUgQy0zMC43NzU4NDMxMiAxNzIuNzE3MDQ1MDcgLTYwLjA1MzI1NDAzIDE3NC40NjkyMjQ1MiAtODcuMzczNjExMjEgMTg0LjQwNTU3NTc1IEMtODguMDQ2MTc5NTcgMTg0LjY0Njc5MTU3IC04OC43MTg3NDc5MyAxODQuODg4MDA3MzkgLTg5LjQxMTY5NzE1IDE4NS4xMzY1MzI3OCBDLTExMS4wODc4MjE3MyAxOTMuMDE3MjgyNzMgLTEyOS45MDU3Njk0OSAyMDUuMzIwMTUxMjUgLTE0Ni4zNzM2MTEyMSAyMjEuNDA1NTc1NzUgQy0xNDcuMjEwMjEyNzcgMjIyLjE4MDMwMjMxIC0xNDguMDQ2ODE0MzQgMjIyLjk1NTAyODg4IC0xNDguOTA4NzY3NDYgMjIzLjc1MzIzMiBDLTE4MS4yMTM0OTEwNyAyNTQuNDE5NjgxMTkgLTE5MS41MjMyMjEwNSAyOTUuODAwOTAyNjkgLTE5Ni4zNzM2MTEyMSAzMzguNDA1NTc1NzUgQy0xOTkuNzczNTk0NSAzMzUuMTAyNTA1MTcgLTIwMi40NTk1ODA4NyAzMzEuNjA0MzM2MzMgLTIwNS4wNjExMTEyMSAzMjcuNjU1NTc1NzUgQy0yMDUuNDkzMTg4ODUgMzI3LjAwMzA2ODQzIC0yMDUuOTI1MjY2NDkgMzI2LjM1MDU2MTEgLTIwNi4zNzA0MzczOCAzMjUuNjc4MjgwODMgQy0yMTAuNzIzOTU2OTYgMzE5LjAxMzQ2NyAtMjE0LjY2MTA5ODYgMzEyLjEzNjUxMDgxIC0yMTguNDQwOTk0MDIgMzA1LjEzMzExNDgxIEMtMjE5LjIyODY0MjMxIDMwMy42NzQxMDk3NyAtMjIwLjAzMDA2NTU3IDMwMi4yMjI1NTM3MiAtMjIwLjgzNDU0ODcxIDMwMC43NzI3NjMyNSBDLTIyNC42MDc4MDM4NCAyOTMuNjgyODg4OTYgLTIyNy4wODc3ODc4MyAyODYuMTIwODYzMjEgLTIyOS42NDYwNzIxNSAyNzguNTMxMDY0MDMgQy0yMzAuMzEyOTAzMzIgMjc2LjU4MjkzMjQyIC0yMzEuMDE3MjIxODcgMjc0LjY0NzczNzM5IC0yMzEuNzI1MTczNzEgMjcyLjcxNDE2OTUgQy0yNDguNDI3NjM3ODUgMjI2LjAzOTQ5MjEyIC0yNDQuNTA0NjMyNCAxNjkuMDA0MzA4MjggLTIyMy40OTg2MTEyMSAxMjQuMzY2NTEzMjUgQy0yMjEuNTQ4NjE0MzkgMTIwLjMzMDEyNTg3IC0yMTkuNDg0MzI4MiAxMTYuMzU5ODY4OTQgLTIxNy4zNzM2MTEyMSAxMTIuNDA1NTc1NzUgQy0yMTYuNzU3NDM5MzQgMTExLjI0NDEzMDQ0IC0yMTYuMTQxMjY3NDYgMTEwLjA4MjY4NTEzIC0yMTUuNTA2NDIzNzEgMTA4Ljg4NjA0NDUgQy0yMDguMDAyMjc0NjUgOTUuMjYzMzY3MjcgLTE5OS4wNjc5MjM3IDgyLjcwMjA5MjI0IC0xODguMzczNjExMjEgNzEuNDA1NTc1NzUgQy0xODcuMjAwOTMyNTEgNzAuMDU2NjEyMDIgLTE4Ni4wMzQwMDQ4NyA2OC43MDI2MjE2NCAtMTg0Ljg3MzYxMTIxIDY3LjM0MzA3NTc1IEMtMTY5LjE2MTM0MTU1IDQ5LjM0NDcyNTI4IC0xNTAuMjY0MjkwMjggMzUuNzUwMjQ0OTcgLTEyOS4zNzM2MTEyMSAyNC40MDU1NzU3NSBDLTEyOC43NTgwODM4NyAyNC4wNjY4NzQ1OCAtMTI4LjE0MjU1NjUyIDIzLjcyODE3MzQxIC0xMjcuNTA4Mzc2ODQgMjMuMzc5MjA4NTYgQy0xMTEuMjI4NDc5MTkgMTQuNDk2NzMzMDUgLTkzLjQ1NDYyMzA5IDguMzU0MzU4NDUgLTc1LjM3MzYxMTIxIDQuNDA1NTc1NzUgQy03NC41NTIwOTI1NiA0LjIyNDI3MzY0IC03My43MzA1NzM5MSA0LjA0Mjk3MTUzIC03Mi44ODQxNjA3NiAzLjg1NjE3NTQyIEMtNDguODkxOTkxNzQgLTEuMTQ0NTk4MTkgLTI0LjM2OTczNjYyIC0wLjExNTM0MDc5IDAgMCBaICIgZmlsbD0iIzAwOTFGRSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNDE5LjM3MzYxMTIxMTc3NjczLDQwLjU5NDQyNDI0Nzc0MTcpIi8+CjxwYXRoIGQ9Ik0wIDAgQzMuNDc3MDY0OTggMy4yMTQ0OTQ4NiA2LjA5NjczNTc5IDYuODE1ODE5NzkgOC42ODc1IDEwLjc1IEM5LjMzODg3OTM5IDExLjczNzQ2MjE2IDkuMzM4ODc5MzkgMTEuNzM3NDYyMTYgMTAuMDAzNDE3OTcgMTIuNzQ0ODczMDUgQzE4LjM1MTU4MzQ1IDI1LjU2MTI2Mjk1IDI1LjE0MDI3NTc3IDM4Ljg3ODU2MDU5IDMxIDUzIEMzMS4zOTk2MDkzNyA1My45NjE2NDA2MiAzMS43OTkyMTg3NSA1NC45MjMyODEyNSAzMi4yMTA5Mzc1IDU1LjkxNDA2MjUgQzM3LjUyMzkyODA5IDY5LjY0MjgzMDE4IDQwLjc2MjMxMjU4IDg0LjQ3OTgxNjMxIDQzIDk5IEM0My4xMDQ0MTQwNiA5OS42NjcyNTA5OCA0My4yMDg4MjgxMyAxMDAuMzM0NTAxOTUgNDMuMzE2NDA2MjUgMTAxLjAyMTk3MjY2IEM1MS4yNTM5MzkwNSAxNTQuMDEwMDI3ODcgMzYuNjUzMTE4MDcgMjA4LjU5NDIyMDgyIDUuMzI4MTI1IDI1MS43MzA0Njg3NSBDMC45MTU5NzY1IDI1Ny42NDg4OTQ3OCAtMy44NDQ1NTMxIDI2My4yMzQ5OTg3IC04Ljg0NzY1NjI1IDI2OC42NjAxNTYyNSBDLTEwLjk2NzE2NjE0IDI3MC45NjQzMDU4NCAtMTMuMDE0MzUzNDIgMjczLjMxOTk1NDM0IC0xNS4wNjI1IDI3NS42ODc1IEMtMTguNzYyNzgwNjkgMjc5Ljg0NTc3MjIxIC0yMi43MzEyNzM4NSAyODMuNDM5MDAzMzEgLTI3IDI4NyBDLTI4LjMwOTA0Mjk3IDI4OC4xNDA4MjAzMSAtMjguMzA5MDQyOTcgMjg4LjE0MDgyMDMxIC0yOS42NDQ1MzEyNSAyODkuMzA0Njg3NSBDLTM2Ljc2NjE2MzA2IDI5NS40MjUyODY3MyAtNDQuMjAxODYyOTkgMzAwLjc2NTkzMzMzIC01Mi4xMjUgMzA1LjgwMTc1NzgxIEMtNTMuODg4ODQ4NzQgMzA2LjkyODk2NzQgLTU1LjYzMTkzODE3IDMwOC4wODMyMTUwNSAtNTcuMzc1IDMwOS4yNDIxODc1IEMtOTEuNTc2MDgyNzQgMzMxLjQxOTQ5MDU0IC0xMzEuODczMzI1OTEgMzM4LjE4NTYzMDUyIC0xNzEuODMzMDA3ODEgMzM4LjExMzUyNTM5IEMtMTc0LjAzMTc5NDIyIDMzOC4xMTMyNDI5NSAtMTc2LjIzMDU4MDcyIDMzOC4xMTM0MDIzNyAtMTc4LjQyOTM2NzA3IDMzOC4xMTM5Njc5IEMtMTg0LjM2ODU1ODAzIDMzOC4xMTQyNTM2MyAtMTkwLjMwNzcyODYxIDMzOC4xMDgzOTMwNiAtMTk2LjI0NjkxNDg2IDMzOC4xMDEzOTM5NCBDLTIwMi40NjQ4ODE0NyAzMzguMDk1MTIzMTYgLTIwOC42ODI4NDg1OSAzMzguMDk0NTUzNjYgLTIxNC45MDA4MTc4NyAzMzguMDkzMzY4NTMgQy0yMjUuOTk0Mzg5MDcgMzM4LjA5MDQ0MjI5IC0yMzcuMDg3OTUxODcgMzM4LjA4MzIyOTI2IC0yNDguMTgxNTE5MjQgMzM4LjA3MzcyNTgxIEMtMjU4LjI0ODc3OTI5IDMzOC4wNjUxNDc1NCAtMjY4LjMxNjAzNzg1IDMzOC4wNTg5MTAxMSAtMjc4LjM4MzMwMDc4IDMzOC4wNTQ5MzE2NCBDLTI3OS4zNzc3MjE3OCAzMzguMDU0NTM3NTYgLTI3OS4zNzc3MjE3OCAzMzguMDU0NTM3NTYgLTI4MC4zOTIyMzIwOSAzMzguMDU0MTM1NTEgQy0yODMuNzE4NDMyMzUgMzM4LjA1MjgzMDM2IC0yODcuMDQ0NjMyNjMgMzM4LjA1MTU2ODk0IC0yOTAuMzcwODMyOTIgMzM4LjA1MDMyMzYxIEMtMzE3LjkxMzg5Mzc5IDMzOC4wMzk4ODQwMyAtMzQ1LjQ1Njk0NjM3IDMzOC4wMjIzMDU4NiAtMzczIDMzOCBDLTM3My4wMTk0NjczIDMzNC44MDk3NDE3NSAtMzczLjAzMTE0NzMyIDMzMS42MTk0OTkwMyAtMzczLjA0MTUwMzkxIDMyOC40MjkxOTkyMiBDLTM3My4wNDcwNjgwMiAzMjcuNTMyODMyNDkgLTM3My4wNTI2MzIxNCAzMjYuNjM2NDY1NzYgLTM3My4wNTgzNjQ4NyAzMjUuNzEyOTM2NCBDLTM3My4wNzUzMzM4NyAzMTguNzMzNDg0MTQgLTM3Mi41NDU2Njg1NiAzMTIuMDExNzQ4OTUgLTM3MS4zNzUgMzA1LjEyNSBDLTM3MS4xOTg5NjI0IDMwNC4wNDIwMjYzNyAtMzcxLjAyMjkyNDggMzAyLjk1OTA1MjczIC0zNzAuODQxNTUyNzMgMzAxLjg0MzI2MTcyIEMtMzY4LjI2MDU4OTIgMjg2Ljc1ODQ0OTY3IC0zNjQuNDg0NDc2NzcgMjcxLjkwMzgzMjA5IC0zNTggMjU4IEMtMzU3LjM4MjQ0NTQ0IDI1Ni41ODYwOTc3NiAtMzU2Ljc2NTI5OTIyIDI1NS4xNzIwMTcxNSAtMzU2LjE0ODQzNzUgMjUzLjc1NzgxMjUgQy0zNTAuNTg5ODg0OSAyNDEuMjQzOTM2MTUgLTM0NC4wNTYwNjk1OCAyMjkuMDgyODI4MTcgLTMzNiAyMTggQy0zMzUuNjEzNDQyMzggMjE3LjQ2NjgxMTUyIC0zMzUuMjI2ODg0NzcgMjE2LjkzMzYyMzA1IC0zMzQuODI4NjEzMjggMjE2LjM4NDI3NzM0IEMtMzEyLjExNDU2MzAzIDE4NS4yOTA5ODYwMiAtMjc5LjM3NDk2ODMyIDE2Ny42ODE4MDYxNCAtMjQxLjgwNzg2MTMzIDE2MS40MjExNDI1OCBDLTIyMy44NDk5Nzc1NyAxNTguNzI3Njk0MjMgLTIwNi4xODE0NjE3MiAxNTkuNzkxNDkwNjcgLTE4OC4yNSAxNjIgQy0xNjEuNTkyOTg2NzggMTY1LjI0NTAzOTUzIC0xMzYuNTIyNTEwMTEgMTY0LjQ1MzgwMjM0IC0xMTEgMTU1IEMtMTA5Ljc2NTA3ODEzIDE1NC41NDc1MzkwNiAtMTA4LjUzMDE1NjI1IDE1NC4wOTUwNzgxMiAtMTA3LjI1NzgxMjUgMTUzLjYyODkwNjI1IEMtNjUuOTU2ODU4NjEgMTM4LjAyMzEwNzA4IC0zNC41NjU4NzcxMSAxMDguMTE0NDYwNjMgLTE1LjMyNDIxODc1IDY4LjU1NDY4NzUgQy01LjM2Njk4Njk2IDQ2LjM3NjA0NzE4IC0xLjg2ODg4NDM1IDI0LjA0NzIwNjcyIDAgMCBaICIgZmlsbD0iIzAwOTFGRiIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNTUyLDM5MCkiLz4KPHBhdGggZD0iTTAgMCBDMTUuNTI0NzIxNDcgMTEuMjA1MzQzMzIgMjUuNjkzNzY2MTYgMjUuMTE4MTM5ODcgMjkuNTExNzE4NzUgNDQuMTA5Mzc1IEMzMS43MjMzNTE4NiA2MC44NjA4NTM1IDI4LjQ3MDMwMDQ4IDc3LjA2MDk1MzY5IDE4LjkwNjI1IDkxLjA5NzY1NjI1IEM4LjI1NTM4MTgxIDEwNC44MzUwNjg1NyAtNi41MjM0MzgwNSAxMTYuNTU2ODk5OTYgLTI0LjI0MjE4NzUgMTE4Ljg4MjgxMjUgQy00My44NTM3OTE4MSAxMjAuMzYwMzk5MTMgLTU5LjI2NTYwMjcgMTE3LjI3MzU3MDU2IC03NC44NzEwOTM3NSAxMDQuODk0NTMxMjUgQy04Ny4zODAxMzcyOCA5NC4xMzQ4NzI3NiAtOTYuODIwMDAzMTkgNzkuNzk0Nzk2NjUgLTk4LjM3ODkwNjI1IDYzLjAzMTI1IEMtOTguNDkzODU2MDEgNTkuODYwMjIyMTkgLTk4LjUwMzYzNjk2IDU2LjcwNzkzMTAzIC05OC40Njg3NSA1My41MzUxNTYyNSBDLTk4LjQ4MDM1MTU2IDUyLjQ3NjE5MTQxIC05OC40OTE5NTMxMyA1MS40MTcyMjY1NiAtOTguNTAzOTA2MjUgNTAuMzI2MTcxODggQy05OC40NDI4MDE1IDMzLjc5NzMzNjU4IC05MC45NTU0NzIzMSAyMC4yNDMxNTEwOSAtNzkuNjU2MjUgOC40OTYwOTM3NSBDLTU4LjIxMTA1MTMzIC0xMS41NzYwODkxNSAtMjUuMjE5ODA1OSAtMTUuOTY1NzY0MjIgMCAwIFogIiBmaWxsPSIjMDAwMDJCIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0MjIuMDkzNzUsMzI5LjkwMjM0Mzc1KSIvPgo8L3N2Zz4K + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarconnections/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarconnections/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarfunctions/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarfunctions/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsargeoreplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsargeoreplications/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsargeoreplications/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnamespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnamespaces/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnamespaces/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpackages + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpackages/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpackages/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpermissions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpermissions/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpermissions/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsinks/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsinks/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsources/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsources/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsartenants + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsartenants/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsartenants/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsartopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsartopics/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsartopics/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: pulsar-resources-operator-controller-manager + deployments: + - label: + control-plane: controller-manager + name: pulsar-resources-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + service.istio.io/canonical-revision: 0.6.1 + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.4 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: olm.streamnative.io/streamnativeio/pulsar-resources-operator:v0.6.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: pulsar-resources-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: pulsar-resources-operator-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - resources + - pulsar resources + - pulsar + - streamnative + links: + - name: Pulsar Resources Operator + url: https://github.com/streamnative/pulsar-resources-operator + maintainers: + - email: cloud@streamnative.io + name: StreamNative Cloud + maturity: alpha + provider: + name: StreamNative + url: https://streamnative.io + version: 0.6.1 diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarconnections.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarconnections.yaml new file mode 100644 index 00000000000..5872ae38377 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarconnections.yaml @@ -0,0 +1,307 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarconnections.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarConnection + listKind: PulsarConnectionList + plural: pulsarconnections + shortNames: + - pconn + singular: pulsarconnection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.adminServiceURL + name: ADMIN_SERVICE_URL + type: string + - jsonPath: .spec.adminServiceSecureURL + name: ADMIN_SERVICE_SECURE_URL + priority: 1 + type: string + - jsonPath: .spec.brokerServiceURL + name: BROKER_SERVICE_URL + type: string + - jsonPath: .spec.brokerServiceSecureURL + name: BROKER_SERVICE_SECURE_URL + priority: 1 + type: string + - jsonPath: .metadata.generation + name: GENERATION + priority: 1 + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarConnection is the Schema for the pulsarconnections API + It represents a connection to a Pulsar cluster and includes both the desired state (Spec) + and the observed state (Status) of the connection. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarConnectionSpec defines the desired state of PulsarConnection + It specifies the configuration for connecting to a Pulsar cluster. + + + For plaintext (non-TLS) Pulsar clusters: + - Set AdminServiceURL to "http://:" + - Set BrokerServiceURL to "pulsar://:" + + + For TLS-enabled Pulsar clusters: + - Set AdminServiceSecureURL to "https://:" + - Set BrokerServiceSecureURL to "pulsar+ssl://:" + - Optionally set BrokerClientTrustCertsFilePath if using custom CA certificates + properties: + adminServiceSecureURL: + description: |- + AdminServiceSecureURL is the HTTPS URL for secure connections to the Pulsar admin service. + Use this for encrypted administrative operations. + pattern: ^https://.+$ + type: string + adminServiceURL: + description: |- + AdminServiceURL is the HTTP(S) URL for the Pulsar cluster's admin service. + This URL is used for administrative operations. + pattern: ^https?://.+$ + type: string + authentication: + description: |- + Authentication defines the authentication configuration for connecting to the Pulsar cluster. + It supports both token-based and OAuth2-based authentication methods. + properties: + oauth2: + description: |- + OAuth2 specifies the configuration for OAuth2-based authentication. + This includes all necessary parameters for setting up OAuth2 authentication with Pulsar. + For detailed information on the OAuth2 fields, refer to the PulsarAuthenticationOAuth2 struct. + properties: + audience: + description: |- + Audience is the intended recipient of the token. In Pulsar's context, this is usually + the URL of your Pulsar cluster or a specific identifier for your Pulsar service. + type: string + clientID: + description: ClientID is the OAuth2 client identifier issued + to the client during the registration process. + type: string + issuerEndpoint: + description: |- + IssuerEndpoint is the URL of the OAuth2 authorization server. + This is typically the base URL of your identity provider's OAuth2 service. + type: string + key: + description: |- + Key is either the client secret or the path to a JSON credentials file. + For confidential clients, this would be the client secret. + For public clients using JWT authentication, this would be the path to the JSON credentials file. + properties: + secretRef: + description: SecretKeyRef indicates a secret name and + key + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + value: + type: string + type: object + scope: + description: |- + Scope is an optional field to request specific permissions from the OAuth2 server. + If not specified, the default scope defined by the OAuth2 server will be used. + type: string + required: + - audience + - clientID + - issuerEndpoint + - key + type: object + token: + description: |- + Token specifies the configuration for token-based authentication. + This can be either a direct token value or a reference to a secret containing the token. + If using a secret, the token should be stored under the specified key in the secret. + properties: + secretRef: + description: SecretKeyRef indicates a secret name and key + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + value: + type: string + type: object + type: object + brokerClientTrustCertsFilePath: + description: |- + BrokerClientTrustCertsFilePath is the file path to the trusted TLS certificate + for outgoing connections to Pulsar brokers. This is used for TLS verification. + type: string + brokerServiceSecureURL: + description: |- + BrokerServiceSecureURL is the TLS-enabled URL for secure connections to Pulsar brokers. + Use this for encrypted communications with the Pulsar cluster. + pattern: ^pulsar\+ssl://.+$ + type: string + brokerServiceURL: + description: |- + BrokerServiceURL is the non-TLS URL for connecting to Pulsar brokers. + Use this for non-secure connections to the Pulsar cluster. + pattern: ^pulsar?://.+$ + type: string + clusterName: + description: |- + ClusterName specifies the name of the local Pulsar cluster. + When setting up Geo-Replication between Pulsar instances, this should be enabled to identify the cluster. + type: string + type: object + status: + description: |- + PulsarConnectionStatus defines the observed state of PulsarConnection. + It provides information about the current status of the Pulsar connection. + properties: + conditions: + description: |- + Conditions represent the latest available observations of the connection's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + secretKeyHash: + description: |- + SecretKeyHash is the hash of the secret reference used for authentication. + This is used to detect changes in the secret without exposing sensitive information. + The controller should update this hash when the secret changes. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarfunctions.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarfunctions.yaml new file mode 100644 index 00000000000..e7652170c51 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarfunctions.yaml @@ -0,0 +1,457 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarfunctions.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarFunction + listKind: PulsarFunctionList + plural: pulsarfunctions + shortNames: + - pfunction + singular: pulsarfunction + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarFunction is the Schema for the pulsar functions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarFunctionSpec defines the desired state of PulsarFunction + properties: + autoAck: + description: AutoAck is the flag to indicate whether the function + should auto ack + type: boolean + batchBuilder: + description: BatchBuilder is the batch builder that the function uses + type: string + className: + description: ClassName is the class name of the function + type: string + cleanupSubscription: + description: CleanupSubscription is the flag to indicate whether the + subscription should be cleaned up when the function is deleted + type: boolean + connectionRef: + description: ConnectionRef is the reference to the PulsarConnection + resource + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + customRuntimeOptions: + description: CustomRuntimeOptions is the custom runtime options of + the function + x-kubernetes-preserve-unknown-fields: true + customSchemaInputs: + additionalProperties: + type: string + description: CustomSchemaInputs is the custom schema inputs of the + function + type: object + customSchemaOutputs: + additionalProperties: + type: string + description: CustomSchemaOutputs is the custom schema outputs of the + function + type: object + customSerdeInputs: + additionalProperties: + type: string + description: CustomSerdeInputs is the custom serde inputs of the function + type: object + deadLetterTopic: + description: DeadLetterTopic is the dead letter topic of the function + type: string + exposePulsarAdminClientEnabled: + description: ExposePulsarAdminClientEnabled is the flag to indicate + whether the function should expose pulsar admin client + type: boolean + forwardSourceMessageProperty: + description: ForwardSourceMessageProperty is the flag to indicate + whether the function should forward source message properties + type: boolean + go: + description: Go is the go of the function + properties: + url: + type: string + type: object + inputSpecs: + additionalProperties: + description: ConsumerConfig represents the configuration for the + consumer of the pulsar functions and connectors + properties: + consumerProperties: + additionalProperties: + type: string + type: object + cryptoConfig: + description: CryptoConfig represents the configuration for the + crypto of the pulsar functions and connectors + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + poolMessages: + type: boolean + receiverQueueSize: + type: integer + regexPattern: + type: boolean + schemaProperties: + additionalProperties: + type: string + type: object + schemaType: + type: string + serdeClassName: + type: string + type: object + description: InputSpecs is the input specs of the function + type: object + inputTypeClassName: + description: InputTypeClassName is the input type class name of the + function + type: string + inputs: + description: Inputs is the inputs of the function + items: + type: string + type: array + jar: + description: Jar is the jar of the function + properties: + url: + type: string + type: object + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + logTopic: + description: LogTopic is the log topic of the function + type: string + maxMessageRetries: + description: MaxMessageRetries is the max message retries of the function + type: integer + maxPendingAsyncRequests: + description: MaxPendingAsyncRequests is the max pending async requests + of the function + type: integer + name: + description: Name is the name of the function + type: string + namespace: + description: Namespace is the namespace of the function + type: string + output: + description: Output is the output of the function + type: string + outputSchemaType: + description: OutputSchemaType is the output schema type of the function + type: string + outputSerdeClassName: + description: OutputSerdeClassName is the output serde class name of + the function + type: string + outputTypeClassName: + description: OutputTypeClassName is the output type class name of + the function + type: string + parallelism: + description: Parallelism is the parallelism of the function + type: integer + processingGuarantees: + description: ProcessingGuarantees is the processing guarantees of + the function + type: string + producerConfig: + description: ProducerConfig is the producer config of the function + properties: + batchBuilder: + type: string + compressionType: + type: string + cryptoConfig: + description: CryptoConfig represents the configuration for the + crypto of the pulsar functions and connectors + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + maxPendingMessages: + type: integer + maxPendingMessagesAcrossPartitions: + type: integer + useThreadLocalProducers: + type: boolean + type: object + py: + description: Py is the py of the function + properties: + url: + type: string + type: object + resources: + description: Resources is the resources of the function + properties: + cpu: + type: string + disk: + format: int64 + type: integer + ram: + format: int64 + type: integer + type: object + retainKeyOrdering: + description: RetainKeyOrdering is the flag to indicate whether the + function should retain key ordering + type: boolean + retainOrdering: + description: RetainOrdering is the flag to indicate whether the function + should retain ordering + type: boolean + runtimeFlags: + description: RuntimeFlags is the runtime flags of the function + type: string + secrets: + additionalProperties: + description: FunctionSecretKeyRef indicates a secret name and key + properties: + key: + type: string + path: + type: string + required: + - key + - path + type: object + description: Secrets is the secrets of the function + type: object + skipToLatest: + description: SkipToLatest is the flag to indicate whether the function + should skip to latest + type: boolean + subName: + description: SubName is the sub name of the function + type: string + subscriptionPosition: + description: SubscriptionPosition is the subscription position of + the function + type: string + tenant: + description: Tenant is the tenant of the function + type: string + timeoutMs: + description: TimeoutMs is the function timeout in milliseconds + format: int64 + type: integer + topicsPattern: + description: TopicsPattern is the topics pattern that the function + subscribes to + type: string + userConfig: + description: UserConfig is the user config of the function + x-kubernetes-preserve-unknown-fields: true + windowConfig: + description: WindowConfig is the window config of the function + properties: + actualWindowFunctionClassName: + type: string + lateDataTopic: + type: string + maxLagMs: + format: int64 + type: integer + processingGuarantees: + type: string + slidingIntervalCount: + type: integer + slidingIntervalDurationMs: + format: int64 + type: integer + timestampExtractorClassName: + type: string + watermarkEmitIntervalMs: + format: int64 + type: integer + windowLengthCount: + type: integer + windowLengthDurationMs: + format: int64 + type: integer + type: object + required: + - connectionRef + type: object + status: + description: PulsarFunctionStatus defines the observed state of PulsarFunction + properties: + conditions: + description: Represents the observations of a connection's current + state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsargeoreplications.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsargeoreplications.yaml new file mode 100644 index 00000000000..399e02f7fb0 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsargeoreplications.yaml @@ -0,0 +1,175 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsargeoreplications.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + kind: PulsarGeoReplication + listKind: PulsarGeoReplicationList + plural: pulsargeoreplications + singular: pulsargeoreplication + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarGeoReplication is the Schema for the pulsargeoreplications + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarGeoReplicationSpec defines the desired state of PulsarGeoReplication + properties: + connectionRef: + description: ConnectionRef is the reference to the source PulsarConnection + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + destinationConnectionRef: + description: DestinationConnectionRef is the connection reference + to the remote cluster + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + required: + - connectionRef + - destinationConnectionRef + type: object + status: + description: PulsarGeoReplicationStatus defines the observed state of + PulsarGeoReplication + properties: + conditions: + description: Conditions Represents the observations of a connection's + current state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarnamespaces.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarnamespaces.yaml new file mode 100644 index 00000000000..6a78df3c9b3 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarnamespaces.yaml @@ -0,0 +1,308 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarnamespaces.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarNamespace + listKind: PulsarNamespaceList + plural: pulsarnamespaces + shortNames: + - pns + singular: pulsarnamespace + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarNamespace is the Schema for the pulsarnamespaces API + It represents a Pulsar namespace in the Kubernetes cluster and includes both + the desired state (Spec) and the observed state (Status) of the namespace. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarNamespaceSpec defines the desired state of a Pulsar namespace. + It corresponds to the configuration options available in Pulsar's namespace admin API. + properties: + backlogQuotaLimitSize: + anyOf: + - type: integer + - type: string + description: |- + BacklogQuotaLimitSize specifies the size limit for message backlog. + When the limit is reached, older messages will be removed or handled according to the retention policy. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + backlogQuotaLimitTime: + description: |- + BacklogQuotaLimitTime specifies the time limit for message backlog. + Messages older than this limit will be removed or handled according to the retention policy. + type: string + backlogQuotaRetentionPolicy: + description: |- + BacklogQuotaRetentionPolicy specifies the retention policy for messages when backlog quota is exceeded. + Valid values are "producer_request_hold", "producer_exception", or "consumer_backlog_eviction". + type: string + backlogQuotaType: + description: |- + BacklogQuotaType controls how the backlog quota is enforced. + "destination_storage" limits backlog by size (in bytes), while "message_age" limits by time. + enum: + - destination_storage + - message_age + type: string + bundles: + description: |- + Bundles specifies the number of bundles to split the namespace into. + This affects how the namespace is distributed across the cluster. + format: int32 + type: integer + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + geoReplicationRefs: + description: |- + GeoReplicationRefs is a list of references to PulsarGeoReplication resources, + used to configure geo-replication for this namespace. + This is **ONLY** used when you are using PulsarGeoReplication for setting up geo-replication + between two Pulsar instances. + Please use `ReplicationClusters` instead if you are replicating clusters within the same Pulsar instance. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + lifecyclePolicy: + description: |- + LifecyclePolicy determines whether to keep or delete the Pulsar namespace + when the Kubernetes resource is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + maxConsumersPerSubscription: + description: MaxConsumersPerSubscription sets the maximum number of + consumers allowed on a single subscription in the namespace. + format: int32 + type: integer + maxConsumersPerTopic: + description: MaxConsumersPerTopic sets the maximum number of consumers + allowed on a single topic in the namespace. + format: int32 + type: integer + maxProducersPerTopic: + description: MaxProducersPerTopic sets the maximum number of producers + allowed on a single topic in the namespace. + format: int32 + type: integer + messageTTL: + description: |- + MessageTTL specifies the Time to Live (TTL) for messages in the namespace. + Messages older than this TTL will be automatically marked as consumed. + type: string + name: + description: Name is the fully qualified namespace name in the format + "tenant/namespace". + type: string + offloadThresholdSize: + anyOf: + - type: integer + - type: string + description: |- + OffloadThresholdSize specifies the size limit for message offloading. + When the limit is reached, older messages will be offloaded to the tiered storage. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + offloadThresholdTime: + description: |- + OffloadThresholdTime specifies the time limit for message offloading. + Messages older than this limit will be offloaded to the tiered storage. + type: string + replicationClusters: + description: |- + ReplicationClusters is the list of clusters to which the namespace is replicated + This is **ONLY** used if you are replicating clusters within the same Pulsar instance. + Please use `GeoReplicationRefs` instead if you are setting up geo-replication + between two Pulsar instances. + items: + type: string + type: array + retentionSize: + anyOf: + - type: integer + - type: string + description: |- + RetentionSize specifies the maximum size of backlog retained in the namespace. + Should be set in conjunction with RetentionTime for effective retention policy. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + retentionTime: + description: |- + RetentionTime specifies the minimum time to retain messages in the namespace. + Should be set in conjunction with RetentionSize for effective retention policy. + Retention Quota must exceed configured backlog quota for namespace + type: string + required: + - connectionRef + - name + type: object + status: + description: PulsarNamespaceStatus defines the observed state of PulsarNamespace + properties: + conditions: + description: |- + Conditions represent the latest available observations of the namespace's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status of the namespace. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + geoReplicationEnabled: + description: |- + GeoReplicationEnabled indicates whether geo-replication between two Pulsar instances (via PulsarGeoReplication) + is enabled for the namespace + type: boolean + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarpackages.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarpackages.yaml new file mode 100644 index 00000000000..c770c1973b3 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarpackages.yaml @@ -0,0 +1,197 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarpackages.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarPackage + listKind: PulsarPackageList + plural: pulsarpackages + shortNames: + - ppackage + singular: pulsarpackage + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarPackage is the Schema for the pulsar package management + service's package API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarPackageSpec defines the desired state of PulsarPackage + properties: + connectionRef: + description: ConnectionRef is the reference to the PulsarConnection + resource + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + contact: + type: string + description: + type: string + fileURL: + description: FileURL is the download-able URL of the package from + http or https protocol + type: string + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + packageURL: + description: PackageURL is the Pulsar Package URL, in format of type://tenant/namespace/package@version + type: string + properties: + additionalProperties: + type: string + type: object + required: + - connectionRef + - fileURL + - packageURL + type: object + status: + description: PulsarPackageStatus defines the observed state of PulsarPackage + properties: + conditions: + description: Represents the observations of a connection's current + state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarpermissions.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarpermissions.yaml new file mode 100644 index 00000000000..2b28711a8bf --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarpermissions.yaml @@ -0,0 +1,222 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarpermissions.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarPermission + listKind: PulsarPermissionList + plural: pulsarpermissions + shortNames: + - ppermission + singular: pulsarpermission + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.resourceName + name: RESOURCE NAME + type: string + - jsonPath: .spec.resourceType + name: RESOURCE TYPE + type: string + - jsonPath: .spec.roles + name: ROLES + type: string + - jsonPath: .spec.actions + name: ACTIONS + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarPermission is the Schema for the pulsarpermissions API. + It represents a set of permissions granted to specific roles for a Pulsar resource (namespace or topic). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarPermissionSpec defines the desired state of PulsarPermission. + It specifies the configuration for granting permissions to Pulsar resources. + properties: + actions: + description: |- + Actions is a list of permissions to grant. + Valid options include "produce", "consume", and "functions". + items: + type: string + type: array + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this permission. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + lifecyclePolicy: + description: |- + LifecyclePolicy determines how to handle the Pulsar permissions + when the PulsarPermission resource is deleted. + type: string + resourceName: + description: |- + ResourceName is the name of the target resource (namespace or topic) + to which the permissions will be granted. + type: string + resourceType: + description: ResourceType indicates whether the permission is for + a namespace or a topic. + enum: + - namespace + - topic + type: string + roles: + description: |- + Roles is a list of role names that will be granted the specified permissions + for the target resource. + items: + type: string + type: array + required: + - connectionRef + - resourceName + - resourceType + - roles + type: object + status: + description: |- + PulsarPermissionStatus defines the observed state of PulsarPermission. + It provides information about the current status of the Pulsar permission configuration. + properties: + conditions: + description: |- + Conditions represent the latest available observations of the PulsarPermission's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status of the permission configuration. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarsinks.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarsinks.yaml new file mode 100644 index 00000000000..3cfca18536e --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarsinks.yaml @@ -0,0 +1,364 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarsinks.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarSink + listKind: PulsarSinkList + plural: pulsarsinks + shortNames: + - psink + singular: pulsarsink + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarSink is the Schema for the pulsar functions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarSinkSpec defines the desired state of PulsarSink + properties: + archive: + description: Archive is the archive of the PulsarSink + properties: + url: + type: string + type: object + autoAck: + description: AutoAck is the flag to enable or disable the auto ack + type: boolean + className: + description: ClassName is the class name of the PulsarSink + type: string + cleanupSubscription: + description: CleanupSubscription is the flag to enable or disable + the cleanup of subscription + type: boolean + configs: + description: Configs is the map of configs of the PulsarSink + x-kubernetes-preserve-unknown-fields: true + connectionRef: + description: ConnectionRef is the reference to the PulsarConnection + resource + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + customRuntimeOptions: + description: CustomRuntimeOptions is the custom runtime options of + the PulsarSink + x-kubernetes-preserve-unknown-fields: true + deadLetterTopic: + description: DeadLetterTopic is the dead letter topic of the PulsarSink + type: string + inputSpecs: + additionalProperties: + description: ConsumerConfig represents the configuration for the + consumer of the pulsar functions and connectors + properties: + consumerProperties: + additionalProperties: + type: string + type: object + cryptoConfig: + description: CryptoConfig represents the configuration for the + crypto of the pulsar functions and connectors + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + poolMessages: + type: boolean + receiverQueueSize: + type: integer + regexPattern: + type: boolean + schemaProperties: + additionalProperties: + type: string + type: object + schemaType: + type: string + serdeClassName: + type: string + type: object + description: InputSpecs is the map of input specs of the PulsarSink + type: object + inputs: + description: Inputs is the list of inputs of the PulsarSink + items: + type: string + type: array + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + maxMessageRetries: + description: MaxMessageRetries is the max message retries of the PulsarSink + type: integer + name: + description: Name is the name of the PulsarSink + type: string + namespace: + description: Namespace is the namespace of the PulsarSink + type: string + negativeAckRedeliveryDelayMs: + description: NegativeAckRedeliveryDelayMs is the negative ack redelivery + delay in milliseconds of the PulsarSink + format: int64 + type: integer + parallelism: + description: Parallelism is the parallelism of the PulsarSink + type: integer + processingGuarantees: + description: ProcessingGuarantees is the processing guarantees of + the PulsarSink + type: string + resources: + description: Resources is the resource requirements for the PulsarSink + properties: + cpu: + type: string + disk: + format: int64 + type: integer + ram: + format: int64 + type: integer + type: object + retainKeyOrdering: + description: RetainKeyOrdering is the flag to enable or disable the + retain key ordering + type: boolean + retainOrdering: + description: RetainOrdering is the flag to enable or disable the retain + ordering + type: boolean + runtimeFlags: + description: RuntimeFlags is the runtime flags of the PulsarSink + type: string + secrets: + additionalProperties: + description: FunctionSecretKeyRef indicates a secret name and key + properties: + key: + type: string + path: + type: string + required: + - key + - path + type: object + description: Secrets is the map of secrets of the PulsarSink + type: object + sinkType: + description: SinkType is the type of the PulsarSink + type: string + sourceSubscriptionName: + description: SourceSubscriptionName is the source subscription name + of the PulsarSink + type: string + sourceSubscriptionPosition: + description: SourceSubscriptionPosition is the source subscription + position of the PulsarSink + type: string + tenant: + description: Tenant is the tenant of the PulsarSink + type: string + timeoutMs: + description: TimeoutMs is the timeout in milliseconds for the PulsarSink + format: int64 + type: integer + topicToSchemaProperties: + additionalProperties: + type: string + description: TopicToSchemaProperties is the map of topic to schema + properties of the PulsarSink + type: object + topicToSchemaType: + additionalProperties: + type: string + description: TopicToSchemaType is the map of topic to schema type + of the PulsarSink + type: object + topicToSerdeClassName: + additionalProperties: + type: string + description: TopicToSerdeClassName is the map of topic to serde class + name of the PulsarSink + type: object + topicsPattern: + description: TopicsPattern is the pattern of topics to consume from + Pulsar + type: string + transformFunction: + description: TransformFunction is the transform function of the PulsarSink + type: string + transformFunctionClassName: + description: TransformFunctionClassName is the transform function + class name of the PulsarSink + type: string + transformFunctionConfig: + description: TransformFunctionConfig is the transform function config + of the PulsarSink + type: string + required: + - connectionRef + type: object + status: + description: PulsarSinkStatus defines the observed state of PulsarSink + properties: + conditions: + description: Represents the observations of a connection's current + state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarsources.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarsources.yaml new file mode 100644 index 00000000000..560fe8bcddb --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsarsources.yaml @@ -0,0 +1,293 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarsources.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarSource + listKind: PulsarSourceList + plural: pulsarsources + shortNames: + - psource + singular: pulsarsource + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarSource is the Schema for the pulsar functions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarSourceSpec defines the desired state of PulsarSource + properties: + archive: + description: Archive is the archive of the PulsarSource + properties: + url: + type: string + type: object + batchBuilder: + description: BatchBuilder is the batch builder of the PulsarSource + type: string + batchSourceConfig: + description: BatchSourceConfig is the batch source config of the PulsarSource + properties: + discoveryTriggererClassName: + type: string + discoveryTriggererConfig: + x-kubernetes-preserve-unknown-fields: true + type: object + className: + description: ClassName is the class name of the + type: string + configs: + description: Configs is the map of configs of the PulsarSource + x-kubernetes-preserve-unknown-fields: true + connectionRef: + description: ConnectionRef is the reference to the PulsarConnection + resource + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + customRuntimeOptions: + description: CustomRuntimeOptions is the custom runtime options of + the PulsarSource + x-kubernetes-preserve-unknown-fields: true + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + name: + description: Name is the name of the PulsarSource + type: string + namespace: + description: Namespace is the namespace of the PulsarSource + type: string + parallelism: + description: Parallelism is the parallelism of the PulsarSource + type: integer + processingGuarantees: + description: ProcessingGuarantees is the processing guarantees of + the PulsarSource + type: string + producerConfig: + description: ProducerConfig is the producer config of the PulsarSource + properties: + batchBuilder: + type: string + compressionType: + type: string + cryptoConfig: + description: CryptoConfig represents the configuration for the + crypto of the pulsar functions and connectors + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + maxPendingMessages: + type: integer + maxPendingMessagesAcrossPartitions: + type: integer + useThreadLocalProducers: + type: boolean + type: object + resources: + description: Resources is the resources of the PulsarSource + properties: + cpu: + type: string + disk: + format: int64 + type: integer + ram: + format: int64 + type: integer + type: object + runtimeFlags: + description: RuntimeFlags is the runtime flags of the PulsarSource + type: string + schemaType: + description: SchemaType is the schema type of the PulsarSource + type: string + secrets: + additionalProperties: + description: FunctionSecretKeyRef indicates a secret name and key + properties: + key: + type: string + path: + type: string + required: + - key + - path + type: object + description: Secrets is the map of secrets of the PulsarSource + type: object + serdeClassName: + description: SerdeClassName is the serde class name of the PulsarSource + type: string + tenant: + description: Tenant is the tenant of the PulsarSource + type: string + topicName: + description: TopicName is the topic name of the PulsarSource + type: string + required: + - connectionRef + type: object + status: + description: PulsarSourceStatus defines the observed state of PulsarSource + properties: + conditions: + description: Represents the observations of a connection's current + state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsartenants.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsartenants.yaml new file mode 100644 index 00000000000..2962d68a9b8 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsartenants.yaml @@ -0,0 +1,230 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsartenants.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarTenant + listKind: PulsarTenantList + plural: pulsartenants + shortNames: + - ptenant + singular: pulsartenant + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarTenant is the Schema for the pulsartenants API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarTenantSpec defines the desired state of PulsarTenant. + It corresponds to the configuration options available in Pulsar's tenant admin API. + properties: + adminRoles: + description: |- + AdminRoles is a list of roles that have administrative privileges for this tenant. + These roles can perform actions like creating namespaces, topics, and managing permissions. + items: + type: string + type: array + allowedClusters: + description: |- + AllowedClusters is a list of clusters that this tenant is allowed to access. + This field is optional and can be used to restrict the clusters a tenant can connect to. + Please use `GeoReplicationRefs` instead if you are setting up geo-replication + between multiple Pulsar instances. + items: + type: string + type: array + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this tenant. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + geoReplicationRefs: + description: |- + GeoReplicationRefs is a list of references to PulsarGeoReplication resources, + used to configure geo-replication for this tenant across multiple Pulsar instances. + This is **ONLY** used when you are using PulsarGeoReplication for setting up geo-replication + between multiple Pulsar instances. + Please use `AllowedClusters` instead if you are allowing a tenant to be available within + specific clusters in a same Pulsar instance. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + lifecyclePolicy: + description: |- + LifecyclePolicy determines whether to keep or delete the Pulsar tenant + when the Kubernetes resource is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + name: + description: |- + Name is the tenant name. + This field is required and must be unique within the Pulsar cluster. + type: string + required: + - connectionRef + - name + type: object + status: + description: |- + PulsarTenantStatus defines the observed state of PulsarTenant. + It contains information about the current state of the Pulsar tenant. + properties: + conditions: + description: |- + Conditions represent the latest available observations of the PulsarTenant's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status of the tenant. + Other condition types may be used to provide more detailed status information. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsartopics.yaml b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsartopics.yaml new file mode 100644 index 00000000000..830e215b3ca --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/manifests/resource.streamnative.io_pulsartopics.yaml @@ -0,0 +1,328 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsartopics.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarTopic + listKind: PulsarTopicList + plural: pulsartopics + shortNames: + - ptopic + singular: pulsartopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=="PolicyReady")].status + name: POLICY_READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarTopic is the Schema for the pulsartopics API + It represents a Pulsar topic in the Kubernetes cluster and includes both + the desired state (Spec) and the observed state (Status) of the topic. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarTopicSpec defines the desired state of PulsarTopic. + It corresponds to the configuration options available in Pulsar's topic admin API. + properties: + backlogQuotaLimitSize: + anyOf: + - type: integer + - type: string + description: |- + BacklogQuotaLimitSize specifies the size limit for message backlog. + When the limit is reached, older messages will be removed or handled according to the retention policy. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + backlogQuotaLimitTime: + description: |- + BacklogQuotaLimitTime specifies the time limit for message backlog. + Messages older than this limit will be removed or handled according to the retention policy. + type: string + backlogQuotaRetentionPolicy: + description: |- + BacklogQuotaRetentionPolicy specifies the retention policy for messages when backlog quota is exceeded. + Valid values are "producer_request_hold", "producer_exception", or "consumer_backlog_eviction". + type: string + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this topic. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + geoReplicationRefs: + description: |- + GeoReplicationRefs is a list of references to PulsarGeoReplication resources, + used to configure geo-replication for this topic across multiple Pulsar instances. + This is **ONLY** used when you are using PulsarGeoReplication for setting up geo-replication + between two Pulsar instances. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + lifecyclePolicy: + description: |- + LifecyclePolicy determines whether to keep or delete the Pulsar topic + when the Kubernetes resource is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + maxConsumers: + description: MaxConsumers sets the maximum number of consumers allowed + on the topic. + format: int32 + type: integer + maxProducers: + description: MaxProducers sets the maximum number of producers allowed + on the topic. + format: int32 + type: integer + maxUnAckedMessagesPerConsumer: + description: |- + MaxUnAckedMessagesPerConsumer sets the maximum number of unacknowledged + messages allowed for a consumer before it's blocked from receiving more messages. + format: int32 + type: integer + maxUnAckedMessagesPerSubscription: + description: |- + MaxUnAckedMessagesPerSubscription sets the maximum number of unacknowledged + messages allowed for a subscription before it's blocked from receiving more messages. + format: int32 + type: integer + messageTTL: + description: |- + MessageTTL specifies the Time to Live (TTL) for messages on the topic. + Messages older than this TTL will be automatically marked as deleted. + type: string + name: + description: Name is the topic name + type: string + partitions: + default: 0 + description: |- + Partitions specifies the number of partitions for a partitioned topic. + Set to 0 for a non-partitioned topic. + format: int32 + type: integer + persistent: + default: true + description: |- + Persistent determines if the topic is persistent (true) or non-persistent (false). + Defaults to true if not specified. + type: boolean + replicationClusters: + description: |- + ReplicationClusters is the list of clusters to which the topic is replicated + This is **ONLY** used if you are replicating clusters within the same Pulsar instance. + Please use `GeoReplicationRefs` instead if you are setting up geo-replication + between two Pulsar instances. + items: + type: string + type: array + retentionSize: + anyOf: + - type: integer + - type: string + description: |- + RetentionSize specifies the maximum size of backlog retained on the topic. + Should be set in conjunction with RetentionTime for effective retention policy. + Retention Quota must exceed configured backlog quota for topic + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + retentionTime: + description: |- + RetentionTime specifies the minimum time to retain messages on the topic. + Should be set in conjunction with RetentionSize for effective retention policy. + Retention Quota must exceed configured backlog quota for topic + type: string + schemaInfo: + description: SchemaInfo defines the schema for the topic, if any. + properties: + properties: + additionalProperties: + type: string + description: |- + Properties is a map of user-defined properties associated with the schema. + These can be used to store additional metadata about the schema. + type: object + schema: + description: |- + Schema contains the actual schema definition. + For AVRO and JSON schemas, this should be a JSON string of the schema definition. + For PROTOBUF schemas, this should be the protobuf definition string. + For BYTES or NONE schemas, this field can be empty. + type: string + type: + description: |- + Type determines how to interpret the schema data. + Valid values include: "AVRO", "JSON", "PROTOBUF", "PROTOBUF_NATIVE", "KEY_VALUE", "BYTES", or "NONE". + For KEY_VALUE schemas, use the format "KEY_VALUE(KeyType,ValueType)" where KeyType and ValueType + are one of the other schema types. + type: string + type: object + required: + - connectionRef + - name + type: object + status: + description: PulsarTopicStatus defines the observed state of PulsarTopic + properties: + conditions: + description: |- + Conditions represent the latest available observations of the PulsarTopic's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type indicates the overall status of the topic. + The "PolicyReady" condition type indicates whether the topic policies have been successfully applied. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + geoReplicationEnabled: + description: |- + GeoReplicationEnabled indicates whether geo-replication is enabled for this topic. + This is set to true when GeoReplicationRefs are configured in the spec and successfully applied. + type: boolean + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.6.1/metadata/annotations.yaml b/operators/pulsar-resources-operator/0.6.1/metadata/annotations.yaml new file mode 100644 index 00000000000..896f35ec7d6 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/metadata/annotations.yaml @@ -0,0 +1,17 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: pulsar-resources-operator + operators.operatorframework.io.bundle.channels.v1: alpha,beta,stable + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.31.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + # OpenShift annotations. + com.redhat.openshift.versions: v4.6-v4.15 diff --git a/operators/pulsar-resources-operator/0.6.1/tests/scorecard/config.yaml b/operators/pulsar-resources-operator/0.6.1/tests/scorecard/config.yaml new file mode 100644 index 00000000000..21f1d101ef8 --- /dev/null +++ b/operators/pulsar-resources-operator/0.6.1/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/sailoperator/0.1.0/README.md b/operators/sailoperator/0.1.0/README.md new file mode 100644 index 00000000000..e2878edf18e --- /dev/null +++ b/operators/sailoperator/0.1.0/README.md @@ -0,0 +1,465 @@ +# About the Sail Operator + +The Sail Operator is able to install and manage the lifecycle of the Istio +control plane in an OpenShift cluster. + + +## Prerequisites + +You have deployed a cluster on OpenShift Container Platform 4.13 or later. + +You are logged in to the OpenShift Container Platform web console as a user with +the `cluster-admin` role. + +You have access to the OpenShift CLI (oc). + + +## Installing the Sail Operator + +1. Navigate to the OperatorHub. + +1. Click **Operator** -> **Operator Hub**. + +1. Search for "sail". + +1. Locate the Sail Operator, and click to select it. + +1. When the prompt that discusses the community operator appears, click **Continue**. + +1. Verify the Sail Operator is version 0.1, and click **Install**. + +1. Use the default installation settings presented, and click **Install** to continue. + +1. Click **Operators** -> **Installed Operators** to verify that the Sail Operator +is installed. `Succeeded` should appear in the **Status** column. + + +## Deploying Istio + +To deploy Istio, you must create two resources: `Istio` and `IstioCNI`. The +`Istio` resource deploys and configures the Istio Control Plane, whereas the +`IstioCNI` resource deploys and configures the Istio CNI plugin. You should +create these resources in separate projects. + + +### Creating the istio-system and istio-cni Projects + +1. In the OpenShift Container Platform web console, click **Home** -> **Projects**. + +1. Click **Create Project**. + +1. At the prompt, you must enter a name for the project in the **Name** field. +For example, `istio-system`. The Operator deploys Istio to the project you +specify. The other fields provide supplementary information and are optional. + +1. Click **Create**. + +Repeat the process to create a project named `istio-cni`. + + +### Creating the Istio resource + +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. +1. Select the `istio-system` project from the **Namespace** drop-down menu. +1. Click the Sail Operator. +1. Click **Istio**. +1. Click **Create Istio**. +1. Click **Create**. This action deploys the Istio control plane. +1. When `State: Healthy` appears in the `Status` column, Istio is successfully deployed. + + +### Creating the IstioCNI resource + +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. +1. Click the Sail Operator. +1. Click **IstioCNI**. +1. Click **Create IstioCNI**. +1. Ensure that the name is `default`. +1. Select the `istio-cni` project from the **Namespace** drop-down menu. +1. Click **Create**. This action deploys the Istio CNI plugin. +1. When `State: Healthy` appears in the `Status` column, the Istio CNI plugin is successfully deployed. + + +### Selecting the Istio and IstioCNI versions + +The `version` field of the `Istio` and `IstioCNI` resource defines which version +of each component should be deployed. This can be set using the `Istio Version` +drop down menu when creating a new `Istio` with the OpenShift Container Platform +web console. For a list of available versions, see the [versions.yaml](/versions.yaml) file +or use the command: + + ```sh + $ kubectl explain istio.spec.version + ``` + +### Customizing Istio configuration + +The `spec.values` field of the `Istio` and `IstioCNI` resource can be used to +customize Istio and Istio CNI plugin configuration using Istio's `Helm` +configuration values. When you create this resource using the OpenShift +Container Platform web console, it is pre-populated with configuration settings +to enable Istio to run on OpenShift. + +To view or modify the `Istio` resource from the OpenShift Container Platform web console: + +1. Click **Operators** -> **Installed Operators**. +1. Click **Istio** in the **Provided APIs** column. +1. Click `Istio` instance, "istio-sample" by default, in the **Name** column. +1. Click **YAML** to view the `Istio` configuration and make modifications. + +An example configuration: + +``` +apiVersion: sailoperator.io/v1alpha1 +kind: Istio +metadata: + name: example +spec: + version: v1.20.0 + values: + global: + mtls: + enabled: true + trustDomainAliases: + - example.net + meshConfig: + trustDomain: example.com + trustDomainAliases: + - example.net +``` + +For a list of available configuration for the `spec.values` field, run the +following command: + + ```sh + $ kubectl explain istio.spec.values + ``` + +For the `IstioCNI` resource, replace `istio` with `istiocni` in the command above. + +Alternatively, refer to [Istio's artifacthub chart documentation](https://artifacthub.io/packages/search?org=istio&sort=relevance&page=1) for: + +- [Base parameters](https://artifacthub.io/packages/helm/istio-official/base?modal=values) +- [Istiod parameters](https://artifacthub.io/packages/helm/istio-official/istiod?modal=values) +- [Gateway parameters](https://artifacthub.io/packages/helm/istio-official/gateway?modal=values) +- [CNI parameters](https://artifacthub.io/packages/helm/istio-official/cni?modal=values) +- [ZTunnel parameters](https://artifacthub.io/packages/helm/istio-official/ztunnel?modal=values) + + +## Installing the istioctl tool + +The `istioctl` tool is a configuration command line utility that allows service +operators to debug and diagnose Istio service mesh deployments. + + +### Prerequisites + +Use an `istioctl` version that is the same version as the Istio control plane +for the Service Mesh deployment. See [Istio Releases](https://github.com/istio/istio/releases) for a list of valid +releases, including Beta releases. + + +### Procedure + +1. Confirm if you have `istioctl` installed, and if so which version, by running +the following command at the terminal: + + ```sh + $ istioctl version + ``` + +1. Confirm the version of Istio you are using by running the following command +at the terminal: + + ```sh + $ oc -n istio-system get istio + ``` + +1. Install `istioctl` by running the following command at the terminal: + + ```sh + $ curl -sL https://istio.io/downloadIstioctl | ISTIO_VERSION= sh - + ``` + Replace `` with the version of Istio you are using. + +1. Put the `istioctl` directory on path by running the following command at the terminal: + + ```sh + $ export PATH=$HOME/.istioctl/bin:$PATH + ``` + +1. Confirm that the `istioctl` client version and the Istio control plane +version now match (or are within one version) by running the following command +at the terminal: + + ```sh + $ istioctl version + ``` + + +*Note*: `istioctl install` is not supported. The Sail Operator installs Istio. + +## Installing the Bookinfo Application + +You can use the `bookinfo` example application to explore service mesh features. +Using the `bookinfo` application, you can easily confirm that requests from a +web browser pass through the mesh and reach the application. + +The `bookinfo` application displays information about a book, similar to a +single catalog entry of an online book store. The application displays a page +that describes the book, lists book details (ISBN, number of pages, and other +information), and book reviews. + +The `bookinfo` application is exposed through the mesh, and the mesh configuration +determines how the microservices comprising the application are used to serve +requests. The review information comes from one of three services: `reviews-v1`, +`reviews-v2` or `reviews-v3`. If you deploy the `bookinfo` application without +defining the `reviews` virtual service, then the mesh uses a round-robin rule to +route requests to a service. + +By deploying the `reviews` virtual service, you can specify a different behavior. +For example, you can specify that if a user logs into the `bookinfo` application, +then the mesh routes requests to the `reviews-v2` service, and the application +displays reviews with black stars. If a user does not log into the `bookinfo` +application, then the mesh routes requests to the `reviews-v3` service, and the +application displays reviews with red stars. + +For more information, see [Bookinfo Application](https://istio.io/latest/docs/examples/bookinfo/) in the upstream Istio documentation. + +After following the instructions for [Deploying the application](https://istio.io/latest/docs/examples/bookinfo/#start-the-application-services), **you +will need to create and configure a gateway** for the `bookinfo` application to +be accessible outside the cluster. + + +## Creating and Configuring Gateways + +The Sail Operator does not deploy Ingress or Egress Gateways. Gateways are not +part of the control plane. As a security best-practice, Ingress and Egress +Gateways should be deployed in a different namespace than the namespace that +contains the control plane. + +You can deploy gateways using either the Gateway API or Gateway Injection methods. + + +### Option 1: Istio Gateway Injection + +Gateway Injection uses the same mechanisms as Istio sidecar injection to create +a gateway from a `Deployment` resource that is paired with a `Service` resource +that can be made accessible from outside the cluster. For more information, see +[Installing Gateways](https://preliminary.istio.io/latest/docs/setup/additional-setup/gateway/#deploying-a-gateway). + +To configure gateway injection with the `bookinfo` application, we have provided +a [sample gateway configuration](../chart/samples/ingress-gateway.yaml?raw=1) that should be applied in the namespace +where the application is installed: + +1. Create the `istio-ingressgateway` deployment and service: + + ```sh + $ oc apply -f -n ingress-gateway.yaml + ``` + +2. Configure the `bookinfo` application with the new gateway: + + ```sh + $ oc apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/networking/bookinfo-gateway.yaml + ``` + +3. On OpenShift, you can use a [Route](https://docs.openshift.com/container-platform/4.13/networking/routes/route-configuration.html) to expose the gateway externally: + + ```sh + $ oc expose service istio-ingressgateway + ``` + +4. Finally, obtain the gateway host name and the URL of the product page: + + ```sh + $ HOST=$(oc get route istio-ingressgateway -o jsonpath='{.spec.host}') + $ echo http://$HOST/productpage + ``` + +Verify that the `productpage` is accessible from a web browser. + + +### Option 2: Kubernetes Gateway API + +Istio includes support for Kubernetes [Gateway API](https://gateway-api.sigs.k8s.io/) and intends to make it +the default API for [traffic management in the future](https://istio.io/latest/blog/2022/gateway-api-beta/). For more +information, see Istio's [Kubernetes Gateway API](https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/) page. + +As of Kubernetes 1.28 and OpenShift 4.14, the Kubernetes Gateway API CRDs are +not available by default and must be enabled to be used. This can be done with +the command: + +```sh +$ oc get crd gateways.gateway.networking.k8s.io &> /dev/null || { oc kustomize "github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.0.0" | oc apply -f -; } +``` + +To configure `bookinfo` with a gateway using `Gateway API`: + +1. Create and configure a gateway using a `Gateway` and `HTTPRoute` resource: + + ```sh + $ oc apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/gateway-api/bookinfo-gateway.yaml + ``` + +2. Retrieve the host, port and gateway URL: + + ```sh + $ export INGRESS_HOST=$(oc get gtw bookinfo-gateway -o jsonpath='{.status.addresses[0].value}') + $ export INGRESS_PORT=$(oc get gtw bookinfo-gateway -o jsonpath='{.spec.listeners[?(@.name=="http")].port}') + $ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT + ``` + +3. Obtain the `productpage` URL and check that you can visit it from a browser: + + ```sh + $ echo "http://${GATEWAY_URL}/productpage" + ``` + + +## Istio Addons Integrations + +Istio can be integrated with other software to provide additional functionality +(More information can be found in: https://istio.io/latest/docs/ops/integrations/). +The following addons are for demonstration or development purposes only and +should not be used in production environments: + + +### Prometheus + +`Prometheus` is an open-source systems monitoring and alerting toolkit. You can +use `Prometheus` with the Sail Operator to keep an eye on how healthy Istio and +the apps in the service mesh are, for more information, see [Prometheus](https://istio.io/latest/docs/ops/integrations/prometheus/). + +To install Prometheus, perform the following steps: + +1. Deploy `Prometheus`: + + ```sh + $ oc apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/prometheus.yaml + ``` +2. Access to `Prometheus`console: + + * Expose the `Prometheus` service externally: + + ```sh + $ oc expose service prometheus -n istio-system + ``` + * Get the route of the service and open the URL in the web browser + + ```sh + $ oc get route prometheus -o jsonpath='{.spec.host}' -n istio-system + ``` + + +### Grafana + +`Grafana` is an open-source platform for monitoring and observability. You can +use `Grafana` with the Sail Operator to configure dashboards for istio, see +[Grafana](https://istio.io/latest/docs/ops/integrations/grafana/) for more information. + +To install Grafana, perform the following steps: + +1. Deploy `Grafana`: + + ```sh + $ oc apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/grafana.yaml + ``` + +2. Access to `Grafana`console: + + * Expose the `Grafana` service externally + + ```sh + $ oc expose service grafana -n istio-system + ``` + * Get the route of the service and open the URL in the web browser + + ```sh + $ oc get route grafana -o jsonpath='{.spec.host}' -n istio-system + ``` + + +### Jaeger + +`Jaeger` is an open-source end-to-end distributed tracing system. You can use +`Jaeger` with the Sail Operator to monitor and troubleshoot transactions in +complex distributed systems, see [Jaeger](https://istio.io/latest/docs/ops/integrations/jaeger/) for more information. + +To install Jaeger, perform the following steps: + +1. Deploy `Jaeger`: + + ```sh + $ oc apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/jaeger.yaml + ``` +2. Access to `Jaeger` console: + + * Expose the `Jaeger` service externally: + + ```sh + $ oc expose svc/tracing -n istio-system + ``` + + * Get the route of the service and open the URL in the web browser + + ```sh + $ oc get route tracing -o jsonpath='{.spec.host}' -n istio-system + ``` +*Note*: if you want to see some traces you can refresh several times the product +page of bookinfo app to start generating traces. + + +### Kiali + +`Kiali` is an open-source project that provides a graphical user interface to +visualize the service mesh topology, see [Kiali](https://istio.io/latest/docs/ops/integrations/kiali/) for more information. + +To install Kiali, perform the following steps: + +1. Deploy `Kiali`: + + ```sh + $ oc apply -f https://raw.githubusercontent.com/istio/istio/master/samples/addons/kiali.yaml + ``` + +2. Access to `Kiali` console: + + * Expose the `Kiali` service externally: + + ```sh + $ oc expose service kiali -n istio-system + ``` + + * Get the route of the service and open the URL in the web browser + + ```sh + $ oc get route kiali -o jsonpath='{.spec.host}' -n istio-system + ``` + + +## Undeploying Istio and the Sail Operator + +### Deleting Istio +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. +1. Click **Istio** in the **Provided APIs** column. +1. Click the Options menu, and select **Delete Istio**. +1. At the prompt to confirm the action, click **Delete**. + +### Deleting IstioCNI +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. +1. Click **IstioCNI** in the **Provided APIs** column. +1. Click the Options menu, and select **Delete IstioCNI**. +1. At the prompt to confirm the action, click **Delete**. + +### Deleting the Sail Operator +1. In the OpenShift Container Platform web console, click **Operators** -> **Installed Operators**. +1. Locate the Sail Operator. Click the Options menu, and select **Uninstall Operator**. +1. At the prompt to confirm the action, click **Uninstall**. + +### Deleting the Projects +1. In the OpenShift Container Platform web console, click **Home** -> **Projects**. +1. Locate the name of the project and click the Options menu. +1. Click **Delete Project**. +1. At the prompt to confirm the action, enter the name of the project. +1. Click **Delete**. diff --git a/operators/sailoperator/0.1.0/manifests/extensions.istio.io_wasmplugins.yaml b/operators/sailoperator/0.1.0/manifests/extensions.istio.io_wasmplugins.yaml new file mode 100644 index 00000000000..88e2c95aaf6 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/extensions.istio.io_wasmplugins.yaml @@ -0,0 +1,368 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: wasmplugins.extensions.istio.io +spec: + group: extensions.istio.io + names: + categories: + - istio-io + - extensions-istio-io + kind: WasmPlugin + listKind: WasmPluginList + plural: wasmplugins + singular: wasmplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Extend the functionality provided by the Istio proxy through + WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html' + properties: + failStrategy: + description: |- + Specifies the failure behavior for the plugin due to fatal errors. + + Valid Options: FAIL_CLOSE, FAIL_OPEN + enum: + - FAIL_CLOSE + - FAIL_OPEN + type: string + imagePullPolicy: + description: |- + The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`. + + Valid Options: IfNotPresent, Always + enum: + - UNSPECIFIED_POLICY + - IfNotPresent + - Always + type: string + imagePullSecret: + description: Credentials to use for OCI image pulling. + maxLength: 253 + minLength: 1 + type: string + match: + description: Specifies the criteria to determine which traffic is + passed to WasmPlugin. + items: + properties: + mode: + description: |- + Criteria for selecting traffic by their direction. + + Valid Options: CLIENT, SERVER, CLIENT_AND_SERVER + enum: + - UNDEFINED + - CLIENT + - SERVER + - CLIENT_AND_SERVER + type: string + ports: + description: Criteria for selecting traffic by their destination + port. + items: + properties: + number: + maximum: 65535 + minimum: 1 + type: integer + required: + - number + type: object + type: array + x-kubernetes-list-map-keys: + - number + x-kubernetes-list-type: map + type: object + type: array + phase: + description: |- + Determines where in the filter chain this `WasmPlugin` is to be injected. + + Valid Options: AUTHN, AUTHZ, STATS + enum: + - UNSPECIFIED_PHASE + - AUTHN + - AUTHZ + - STATS + type: string + pluginConfig: + description: The configuration that will be passed on to the plugin. + type: object + x-kubernetes-preserve-unknown-fields: true + pluginName: + description: The plugin name to be used in the Envoy configuration + (used to be called `rootID`). + maxLength: 256 + minLength: 1 + type: string + priority: + description: Determines ordering of `WasmPlugins` in the same `phase`. + format: int32 + nullable: true + type: integer + selector: + description: Criteria used to select the specific set of pods/VMs + on which this plugin configuration should be applied. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + sha256: + description: SHA256 checksum that will be used to verify Wasm module + or OCI container. + pattern: (^$|^[a-f0-9]{64}$) + type: string + targetRef: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + targetRefs: + description: Optional. + items: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + type: array + type: + description: |- + Specifies the type of Wasm Extension to be used. + + Valid Options: HTTP, NETWORK + enum: + - UNSPECIFIED_PLUGIN_TYPE + - HTTP + - NETWORK + type: string + url: + description: URL of a Wasm module or OCI container. + minLength: 1 + type: string + x-kubernetes-validations: + - message: url must have schema one of [http, https, file, oci] + rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', + ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && + url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', + ''oci'', ''file''])' + verificationKey: + type: string + vmConfig: + description: Configuration for a Wasm VM. + properties: + env: + description: Specifies environment variables to be injected to + this VM. + items: + properties: + name: + description: Name of the environment variable. + maxLength: 256 + minLength: 1 + type: string + value: + description: Value for the environment variable. + maxLength: 2048 + type: string + valueFrom: + description: |- + Source for the environment variable's value. + + Valid Options: INLINE, HOST + enum: + - INLINE + - HOST + type: string + required: + - name + type: object + x-kubernetes-validations: + - message: value may only be set when valueFrom is INLINE + rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' + || !has(self.value)' + maxItems: 256 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - url + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/sailoperator/0.1.0/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..2364173d98c --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: sailoperator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: helm + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: sailoperator + name: metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_destinationrules.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_destinationrules.yaml new file mode 100644 index 00000000000..505a1e1be05 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_destinationrules.yaml @@ -0,0 +1,5480 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: destinationrules.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: DestinationRule + listKind: DestinationRuleList + plural: destinationrules + shortNames: + - dr + singular: destinationrule + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The name of a service from the service registry + jsonPath: .spec.host + name: Host + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting load balancing, outlier detection, + etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' + properties: + exportTo: + description: A list of namespaces to which this destination rule is + exported. + items: + type: string + type: array + host: + description: The name of a service from the service registry. + type: string + subsets: + description: One or more named sets that represent individual versions + of a service. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels apply a filter over the endpoints of a service + in the service registry. + type: object + name: + description: Name of the subset. + type: string + trafficPolicy: + description: Traffic policies that apply to this subset. + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will + be queued while waiting for a ready connection + pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to + a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can + be outstanding to all hosts in a cluster at a + given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will + be preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the + socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the + connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query + parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes + to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to + traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic + will fail over to when endpoints in the + 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long + as the associated load balancing pool has at least + min_health_percent hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local + origin failures from external errors. + type: boolean + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that + will be queued while waiting for a ready + connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests + to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream + connection pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent + streams allowed for a peer on one HTTP/2 + connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per + connection to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that + can be outstanding to all hosts in a cluster + at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol + will be preserved while initiating connection + to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and + TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP + connections to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE + on the socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between + keep-alive probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive + probes to send without response before + deciding the connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer + algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP + header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP + query parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev + hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend + hosts. + properties: + minimumRingSize: + description: The minimum number of virtual + nodes to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' + separated, e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities + to traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, + this is DestinationRule-level and will override + mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the + traffic will fail over to when endpoints + in the 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered + list of labels used to sort endpoints to + do priority based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of + Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a + host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally + originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep + analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled + as long as the associated load balancing pool + has at least min_health_percent hosts in healthy + mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish + local origin failures from external errors. + type: boolean + type: object + port: + description: Specifies the number of a port on the + destination service on which this policy is being + applied. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: TLS related settings for connections + to the upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in + verifying a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use + in verifying a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds + the TLS certs for the client including the CA + certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature + and SAN for the server certificate corresponding + to the host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server + during TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify + the subject identity in the certificate. + items: + type: string + type: array + type: object + type: object + maxItems: 4096 + type: array + proxyProtocol: + description: The upstream PROXY protocol settings. + properties: + version: + description: |- + The PROXY protocol version to use. + + Valid Options: V1, V2 + enum: + - V1 + - V2 + type: string + type: object + tls: + description: TLS related settings for connections to the + upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in verifying + a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS + certs for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature and + SAN for the server certificate corresponding to the + host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the + subject identity in the certificate. + items: + type: string + type: array + type: object + tunnel: + description: Configuration of tunneling TCP over other transport + or application layers for the host configured in the DestinationRule. + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream + connection is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream + connection is tunneled. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - targetHost + - targetPort + type: object + type: object + required: + - name + type: object + type: array + trafficPolicy: + description: Traffic policies to apply (load balancing policy, connection + pool sizes, outlier detection). + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be queued + while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be preserved + while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes to + send without response before deciding the connection + is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs + to be idle before keep-alive probes start being + sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query parameter. + type: string + maglev: + description: The Maglev load balancer implements consistent + hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer implements + consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes to + use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to traffic + distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this is DestinationRule-level + and will override mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic will + fail over to when endpoints in the 'from' region + becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list of labels + used to sort endpoints to do priority based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing pool + for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long as + the associated load balancing pool has at least min_health_percent + hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local origin + failures from external errors. + type: boolean + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will + be queued while waiting for a ready connection + pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to + a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can + be outstanding to all hosts in a cluster at a + given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will + be preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the + socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the + connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query + parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes + to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to + traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic + will fail over to when endpoints in the + 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long + as the associated load balancing pool has at least + min_health_percent hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local + origin failures from external errors. + type: boolean + type: object + port: + description: Specifies the number of a port on the destination + service on which this policy is being applied. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: TLS related settings for connections to the + upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in verifying + a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS + certs for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature and + SAN for the server certificate corresponding to the + host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the + subject identity in the certificate. + items: + type: string + type: array + type: object + type: object + maxItems: 4096 + type: array + proxyProtocol: + description: The upstream PROXY protocol settings. + properties: + version: + description: |- + The PROXY protocol version to use. + + Valid Options: V1, V2 + enum: + - V1 + - V2 + type: string + type: object + tls: + description: TLS related settings for connections to the upstream + service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing certificate + authority certificates to use in verifying a presented server + certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing the + certificate revocation list (CRL) to use in verifying a + presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS certs + for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether the proxy + should skip verifying the CA signature and SAN for the server + certificate corresponding to the host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during TLS + handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate. + items: + type: string + type: array + type: object + tunnel: + description: Configuration of tunneling TCP over other transport + or application layers for the host configured in the DestinationRule. + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream connection + is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream connection + is tunneled. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - targetHost + - targetPort + type: object + type: object + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this `DestinationRule` configuration should be applied. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + required: + - host + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The name of a service from the service registry + jsonPath: .spec.host + name: Host + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting load balancing, outlier detection, + etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' + properties: + exportTo: + description: A list of namespaces to which this destination rule is + exported. + items: + type: string + type: array + host: + description: The name of a service from the service registry. + type: string + subsets: + description: One or more named sets that represent individual versions + of a service. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels apply a filter over the endpoints of a service + in the service registry. + type: object + name: + description: Name of the subset. + type: string + trafficPolicy: + description: Traffic policies that apply to this subset. + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will + be queued while waiting for a ready connection + pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to + a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can + be outstanding to all hosts in a cluster at a + given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will + be preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the + socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the + connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query + parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes + to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to + traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic + will fail over to when endpoints in the + 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long + as the associated load balancing pool has at least + min_health_percent hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local + origin failures from external errors. + type: boolean + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that + will be queued while waiting for a ready + connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests + to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream + connection pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent + streams allowed for a peer on one HTTP/2 + connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per + connection to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that + can be outstanding to all hosts in a cluster + at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol + will be preserved while initiating connection + to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and + TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP + connections to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE + on the socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between + keep-alive probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive + probes to send without response before + deciding the connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer + algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP + header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP + query parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev + hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend + hosts. + properties: + minimumRingSize: + description: The minimum number of virtual + nodes to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' + separated, e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities + to traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, + this is DestinationRule-level and will override + mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the + traffic will fail over to when endpoints + in the 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered + list of labels used to sort endpoints to + do priority based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of + Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a + host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally + originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep + analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled + as long as the associated load balancing pool + has at least min_health_percent hosts in healthy + mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish + local origin failures from external errors. + type: boolean + type: object + port: + description: Specifies the number of a port on the + destination service on which this policy is being + applied. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: TLS related settings for connections + to the upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in + verifying a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use + in verifying a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds + the TLS certs for the client including the CA + certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature + and SAN for the server certificate corresponding + to the host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server + during TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify + the subject identity in the certificate. + items: + type: string + type: array + type: object + type: object + maxItems: 4096 + type: array + proxyProtocol: + description: The upstream PROXY protocol settings. + properties: + version: + description: |- + The PROXY protocol version to use. + + Valid Options: V1, V2 + enum: + - V1 + - V2 + type: string + type: object + tls: + description: TLS related settings for connections to the + upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in verifying + a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS + certs for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature and + SAN for the server certificate corresponding to the + host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the + subject identity in the certificate. + items: + type: string + type: array + type: object + tunnel: + description: Configuration of tunneling TCP over other transport + or application layers for the host configured in the DestinationRule. + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream + connection is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream + connection is tunneled. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - targetHost + - targetPort + type: object + type: object + required: + - name + type: object + type: array + trafficPolicy: + description: Traffic policies to apply (load balancing policy, connection + pool sizes, outlier detection). + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be queued + while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be preserved + while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes to + send without response before deciding the connection + is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs + to be idle before keep-alive probes start being + sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query parameter. + type: string + maglev: + description: The Maglev load balancer implements consistent + hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer implements + consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes to + use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to traffic + distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this is DestinationRule-level + and will override mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic will + fail over to when endpoints in the 'from' region + becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list of labels + used to sort endpoints to do priority based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing pool + for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long as + the associated load balancing pool has at least min_health_percent + hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local origin + failures from external errors. + type: boolean + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will + be queued while waiting for a ready connection + pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to + a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can + be outstanding to all hosts in a cluster at a + given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will + be preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the + socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the + connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query + parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes + to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to + traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic + will fail over to when endpoints in the + 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long + as the associated load balancing pool has at least + min_health_percent hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local + origin failures from external errors. + type: boolean + type: object + port: + description: Specifies the number of a port on the destination + service on which this policy is being applied. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: TLS related settings for connections to the + upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in verifying + a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS + certs for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature and + SAN for the server certificate corresponding to the + host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the + subject identity in the certificate. + items: + type: string + type: array + type: object + type: object + maxItems: 4096 + type: array + proxyProtocol: + description: The upstream PROXY protocol settings. + properties: + version: + description: |- + The PROXY protocol version to use. + + Valid Options: V1, V2 + enum: + - V1 + - V2 + type: string + type: object + tls: + description: TLS related settings for connections to the upstream + service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing certificate + authority certificates to use in verifying a presented server + certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing the + certificate revocation list (CRL) to use in verifying a + presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS certs + for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether the proxy + should skip verifying the CA signature and SAN for the server + certificate corresponding to the host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during TLS + handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate. + items: + type: string + type: array + type: object + tunnel: + description: Configuration of tunneling TCP over other transport + or application layers for the host configured in the DestinationRule. + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream connection + is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream connection + is tunneled. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - targetHost + - targetPort + type: object + type: object + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this `DestinationRule` configuration should be applied. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + required: + - host + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The name of a service from the service registry + jsonPath: .spec.host + name: Host + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting load balancing, outlier detection, + etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' + properties: + exportTo: + description: A list of namespaces to which this destination rule is + exported. + items: + type: string + type: array + host: + description: The name of a service from the service registry. + type: string + subsets: + description: One or more named sets that represent individual versions + of a service. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels apply a filter over the endpoints of a service + in the service registry. + type: object + name: + description: Name of the subset. + type: string + trafficPolicy: + description: Traffic policies that apply to this subset. + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will + be queued while waiting for a ready connection + pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to + a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can + be outstanding to all hosts in a cluster at a + given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will + be preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the + socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the + connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query + parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes + to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to + traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic + will fail over to when endpoints in the + 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long + as the associated load balancing pool has at least + min_health_percent hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local + origin failures from external errors. + type: boolean + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that + will be queued while waiting for a ready + connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests + to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream + connection pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent + streams allowed for a peer on one HTTP/2 + connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per + connection to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that + can be outstanding to all hosts in a cluster + at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol + will be preserved while initiating connection + to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and + TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP + connections to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE + on the socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between + keep-alive probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive + probes to send without response before + deciding the connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer + algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP + header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP + query parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev + hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend + hosts. + properties: + minimumRingSize: + description: The minimum number of virtual + nodes to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' + separated, e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities + to traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, + this is DestinationRule-level and will override + mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the + traffic will fail over to when endpoints + in the 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered + list of labels used to sort endpoints to + do priority based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of + Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a + host is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally + originated failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep + analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled + as long as the associated load balancing pool + has at least min_health_percent hosts in healthy + mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish + local origin failures from external errors. + type: boolean + type: object + port: + description: Specifies the number of a port on the + destination service on which this policy is being + applied. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: TLS related settings for connections + to the upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in + verifying a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use + in verifying a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds + the TLS certs for the client including the CA + certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature + and SAN for the server certificate corresponding + to the host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server + during TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify + the subject identity in the certificate. + items: + type: string + type: array + type: object + type: object + maxItems: 4096 + type: array + proxyProtocol: + description: The upstream PROXY protocol settings. + properties: + version: + description: |- + The PROXY protocol version to use. + + Valid Options: V1, V2 + enum: + - V1 + - V2 + type: string + type: object + tls: + description: TLS related settings for connections to the + upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in verifying + a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS + certs for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature and + SAN for the server certificate corresponding to the + host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the + subject identity in the certificate. + items: + type: string + type: array + type: object + tunnel: + description: Configuration of tunneling TCP over other transport + or application layers for the host configured in the DestinationRule. + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream + connection is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream + connection is tunneled. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - targetHost + - targetPort + type: object + type: object + required: + - name + type: object + type: array + trafficPolicy: + description: Traffic policies to apply (load balancing policy, connection + pool sizes, outlier detection). + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be queued + while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be preserved + while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes to + send without response before deciding the connection + is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs + to be idle before keep-alive probes start being + sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query parameter. + type: string + maglev: + description: The Maglev load balancer implements consistent + hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer implements + consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes to + use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to traffic + distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this is DestinationRule-level + and will override mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic will + fail over to when endpoints in the 'from' region + becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list of labels + used to sort endpoints to do priority based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing pool + for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long as + the associated load balancing pool has at least min_health_percent + hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local origin + failures from external errors. + type: boolean + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will + be queued while waiting for a ready connection + pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to + a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can + be outstanding to all hosts in a cluster at a + given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will + be preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the + socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the + connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater + than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query + parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + minimum: 0 + type: integer + type: object + minimumRingSize: + description: Deprecated. + minimum: 0 + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes + to use for the hash ring. + minimum: 0 + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + description: Map of upstream localities to + traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic + will fail over to when endpoints in the + 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long + as the associated load balancing pool has at least + min_health_percent hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local + origin failures from external errors. + type: boolean + type: object + port: + description: Specifies the number of a port on the destination + service on which this policy is being applied. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: TLS related settings for connections to the + upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in verifying + a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS + certs for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature and + SAN for the server certificate corresponding to the + host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the + subject identity in the certificate. + items: + type: string + type: array + type: object + type: object + maxItems: 4096 + type: array + proxyProtocol: + description: The upstream PROXY protocol settings. + properties: + version: + description: |- + The PROXY protocol version to use. + + Valid Options: V1, V2 + enum: + - V1 + - V2 + type: string + type: object + tls: + description: TLS related settings for connections to the upstream + service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing certificate + authority certificates to use in verifying a presented server + certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing the + certificate revocation list (CRL) to use in verifying a + presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS certs + for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether the proxy + should skip verifying the CA signature and SAN for the server + certificate corresponding to the host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during TLS + handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate. + items: + type: string + type: array + type: object + tunnel: + description: Configuration of tunneling TCP over other transport + or application layers for the host configured in the DestinationRule. + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream connection + is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream connection + is tunneled. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - targetHost + - targetPort + type: object + type: object + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this `DestinationRule` configuration should be applied. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + required: + - host + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_envoyfilters.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_envoyfilters.yaml new file mode 100644 index 00000000000..334adad409e --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_envoyfilters.yaml @@ -0,0 +1,401 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: envoyfilters.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: EnvoyFilter + listKind: EnvoyFilterList + plural: envoyfilters + singular: envoyfilter + scope: Namespaced + versions: + - name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Customizing Envoy configuration generated by Istio. See + more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' + properties: + configPatches: + description: One or more patches with match conditions. + items: + properties: + applyTo: + description: |- + Specifies where in the Envoy configuration, the patch should be applied. + + Valid Options: LISTENER, FILTER_CHAIN, NETWORK_FILTER, HTTP_FILTER, ROUTE_CONFIGURATION, VIRTUAL_HOST, HTTP_ROUTE, CLUSTER, EXTENSION_CONFIG, BOOTSTRAP, LISTENER_FILTER + enum: + - INVALID + - LISTENER + - FILTER_CHAIN + - NETWORK_FILTER + - HTTP_FILTER + - ROUTE_CONFIGURATION + - VIRTUAL_HOST + - HTTP_ROUTE + - CLUSTER + - EXTENSION_CONFIG + - BOOTSTRAP + - LISTENER_FILTER + type: string + match: + description: Match on listener/route configuration/cluster. + oneOf: + - not: + anyOf: + - required: + - listener + - required: + - routeConfiguration + - required: + - cluster + - required: + - listener + - required: + - routeConfiguration + - required: + - cluster + properties: + cluster: + description: Match on envoy cluster attributes. + properties: + name: + description: The exact name of the cluster to match. + type: string + portNumber: + description: The service port for which this cluster + was generated. + maximum: 4294967295 + minimum: 0 + type: integer + service: + description: The fully qualified service name for this + cluster. + type: string + subset: + description: The subset associated with the service. + type: string + type: object + context: + description: |- + The specific config generation context to match on. + + Valid Options: ANY, SIDECAR_INBOUND, SIDECAR_OUTBOUND, GATEWAY + enum: + - ANY + - SIDECAR_INBOUND + - SIDECAR_OUTBOUND + - GATEWAY + type: string + listener: + description: Match on envoy listener attributes. + properties: + filterChain: + description: Match a specific filter chain in a listener. + properties: + applicationProtocols: + description: Applies only to sidecars. + type: string + destinationPort: + description: The destination_port value used by + a filter chain's match condition. + maximum: 4294967295 + minimum: 0 + type: integer + filter: + description: The name of a specific filter to apply + the patch to. + properties: + name: + description: The filter name to match on. + type: string + subFilter: + description: The next level filter within this + filter to match upon. + properties: + name: + description: The filter name to match on. + type: string + type: object + type: object + name: + description: The name assigned to the filter chain. + type: string + sni: + description: The SNI value used by a filter chain's + match condition. + type: string + transportProtocol: + description: Applies only to `SIDECAR_INBOUND` context. + type: string + type: object + listenerFilter: + description: Match a specific listener filter. + type: string + name: + description: Match a specific listener by its name. + type: string + portName: + type: string + portNumber: + description: The service port/gateway port to which + traffic is being sent/received. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + proxy: + description: Match on properties associated with a proxy. + properties: + metadata: + additionalProperties: + type: string + description: Match on the node metadata supplied by + a proxy when connecting to Istio Pilot. + type: object + proxyVersion: + description: A regular expression in golang regex format + (RE2) that can be used to select proxies using a specific + version of istio proxy. + type: string + type: object + routeConfiguration: + description: Match on envoy HTTP route configuration attributes. + properties: + gateway: + description: The Istio gateway config's namespace/name + for which this route configuration was generated. + type: string + name: + description: Route configuration name to match on. + type: string + portName: + description: Applicable only for GATEWAY context. + type: string + portNumber: + description: The service port number or gateway server + port number for which this route configuration was + generated. + maximum: 4294967295 + minimum: 0 + type: integer + vhost: + description: Match a specific virtual host in a route + configuration and apply the patch to the virtual host. + properties: + name: + description: The VirtualHosts objects generated + by Istio are named as host:port, where the host + typically corresponds to the VirtualService's + host field or the hostname of a service in the + registry. + type: string + route: + description: Match a specific route within the virtual + host. + properties: + action: + description: |- + Match a route with specific action type. + + Valid Options: ANY, ROUTE, REDIRECT, DIRECT_RESPONSE + enum: + - ANY + - ROUTE + - REDIRECT + - DIRECT_RESPONSE + type: string + name: + description: The Route objects generated by + default are named as default. + type: string + type: object + type: object + type: object + type: object + patch: + description: The patch to apply along with the operation. + properties: + filterClass: + description: |- + Determines the filter insertion order. + + Valid Options: AUTHN, AUTHZ, STATS + enum: + - UNSPECIFIED + - AUTHN + - AUTHZ + - STATS + type: string + operation: + description: |- + Determines how the patch should be applied. + + Valid Options: MERGE, ADD, REMOVE, INSERT_BEFORE, INSERT_AFTER, INSERT_FIRST, REPLACE + enum: + - INVALID + - MERGE + - ADD + - REMOVE + - INSERT_BEFORE + - INSERT_AFTER + - INSERT_FIRST + - REPLACE + type: string + value: + description: The JSON config of the object being patched. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + type: array + priority: + description: Priority defines the order in which patch sets are applied + within a context. + format: int32 + type: integer + targetRefs: + description: Optional. + items: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + type: array + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this patch configuration should be applied. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_gateways.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_gateways.yaml new file mode 100644 index 00000000000..c6307b2ed30 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_gateways.yaml @@ -0,0 +1,719 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: gateways.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Gateway + listKind: GatewayList + plural: gateways + shortNames: + - gw + singular: gateway + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting edge load balancer. See more details + at: https://istio.io/docs/reference/config/networking/gateway.html' + properties: + selector: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of pods/VMs + on which this gateway configuration should be applied. + type: object + servers: + description: A list of server specifications. + items: + properties: + bind: + description: The ip or the Unix domain socket to which the listener + should be bound to. + type: string + defaultEndpoint: + type: string + hosts: + description: One or more hosts exposed by this gateway. + items: + type: string + type: array + name: + description: An optional name of the server, when set must be + unique across all servers. + type: string + port: + description: The Port on which the proxy should listen for incoming + connections. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + required: + - number + - protocol + - name + type: object + tls: + description: Set of TLS related options that govern the server's + behavior. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented client side certificate.' + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + description: For gateways running on Kubernetes, the name + of the secret that holds the TLS certs including the CA + certificates. + type: string + httpsRedirect: + description: If set to true, the load balancer will send + a 301 redirect for all http connections, asking the clients + to use HTTPS. + type: boolean + maxProtocolVersion: + description: |- + Optional: Maximum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: |- + Optional: Minimum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be secured using TLS. + + Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + - OPTIONAL_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate presented by the client. + items: + type: string + type: array + verifyCertificateHash: + description: An optional list of hex-encoded SHA-256 hashes + of the authorized client certificates. + items: + type: string + type: array + verifyCertificateSpki: + description: An optional list of base64-encoded SHA-256 + hashes of the SPKIs of authorized client certificates. + items: + type: string + type: array + type: object + required: + - port + - hosts + type: object + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting edge load balancer. See more details + at: https://istio.io/docs/reference/config/networking/gateway.html' + properties: + selector: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of pods/VMs + on which this gateway configuration should be applied. + type: object + servers: + description: A list of server specifications. + items: + properties: + bind: + description: The ip or the Unix domain socket to which the listener + should be bound to. + type: string + defaultEndpoint: + type: string + hosts: + description: One or more hosts exposed by this gateway. + items: + type: string + type: array + name: + description: An optional name of the server, when set must be + unique across all servers. + type: string + port: + description: The Port on which the proxy should listen for incoming + connections. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + required: + - number + - protocol + - name + type: object + tls: + description: Set of TLS related options that govern the server's + behavior. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented client side certificate.' + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + description: For gateways running on Kubernetes, the name + of the secret that holds the TLS certs including the CA + certificates. + type: string + httpsRedirect: + description: If set to true, the load balancer will send + a 301 redirect for all http connections, asking the clients + to use HTTPS. + type: boolean + maxProtocolVersion: + description: |- + Optional: Maximum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: |- + Optional: Minimum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be secured using TLS. + + Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + - OPTIONAL_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate presented by the client. + items: + type: string + type: array + verifyCertificateHash: + description: An optional list of hex-encoded SHA-256 hashes + of the authorized client certificates. + items: + type: string + type: array + verifyCertificateSpki: + description: An optional list of base64-encoded SHA-256 + hashes of the SPKIs of authorized client certificates. + items: + type: string + type: array + type: object + required: + - port + - hosts + type: object + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting edge load balancer. See more details + at: https://istio.io/docs/reference/config/networking/gateway.html' + properties: + selector: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of pods/VMs + on which this gateway configuration should be applied. + type: object + servers: + description: A list of server specifications. + items: + properties: + bind: + description: The ip or the Unix domain socket to which the listener + should be bound to. + type: string + defaultEndpoint: + type: string + hosts: + description: One or more hosts exposed by this gateway. + items: + type: string + type: array + name: + description: An optional name of the server, when set must be + unique across all servers. + type: string + port: + description: The Port on which the proxy should listen for incoming + connections. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + required: + - number + - protocol + - name + type: object + tls: + description: Set of TLS related options that govern the server's + behavior. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented client side certificate.' + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + description: For gateways running on Kubernetes, the name + of the secret that holds the TLS certs including the CA + certificates. + type: string + httpsRedirect: + description: If set to true, the load balancer will send + a 301 redirect for all http connections, asking the clients + to use HTTPS. + type: boolean + maxProtocolVersion: + description: |- + Optional: Maximum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: |- + Optional: Minimum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be secured using TLS. + + Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + - OPTIONAL_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate presented by the client. + items: + type: string + type: array + verifyCertificateHash: + description: An optional list of hex-encoded SHA-256 hashes + of the authorized client certificates. + items: + type: string + type: array + verifyCertificateSpki: + description: An optional list of base64-encoded SHA-256 + hashes of the SPKIs of authorized client certificates. + items: + type: string + type: array + type: object + required: + - port + - hosts + type: object + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_proxyconfigs.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_proxyconfigs.yaml new file mode 100644 index 00000000000..a9a4ab728f8 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_proxyconfigs.yaml @@ -0,0 +1,154 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: proxyconfigs.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: ProxyConfig + listKind: ProxyConfigList + plural: proxyconfigs + singular: proxyconfig + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Provides configuration for individual workloads. See more + details at: https://istio.io/docs/reference/config/networking/proxy-config.html' + properties: + concurrency: + description: The number of worker threads to run. + format: int32 + minimum: 0 + nullable: true + type: integer + environmentVariables: + additionalProperties: + maxLength: 2048 + type: string + description: Additional environment variables for the proxy. + type: object + image: + description: Specifies the details of the proxy image. + properties: + imageType: + description: The image type of the image. + type: string + type: object + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_serviceentries.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_serviceentries.yaml new file mode 100644 index 00000000000..c9bd004340a --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_serviceentries.yaml @@ -0,0 +1,782 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: serviceentries.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: ServiceEntry + listKind: ServiceEntryList + plural: serviceentries + shortNames: + - se + singular: serviceentry + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The hosts associated with the ServiceEntry + jsonPath: .spec.hosts + name: Hosts + type: string + - description: Whether the service is external to the mesh or part of the mesh + (MESH_EXTERNAL or MESH_INTERNAL) + jsonPath: .spec.location + name: Location + type: string + - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) + jsonPath: .spec.resolution + name: Resolution + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting service registry. See more details + at: https://istio.io/docs/reference/config/networking/service-entry.html' + properties: + addresses: + description: The virtual IP addresses associated with the service. + items: + type: string + type: array + endpoints: + description: One or more endpoints associated with the service. + items: + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident + in the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload + if a sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) + ? !has(self.ports) : true' + maxItems: 4096 + type: array + exportTo: + description: A list of namespaces to which this service is exported. + items: + type: string + type: array + hosts: + description: The hosts associated with the ServiceEntry. + items: + type: string + type: array + location: + description: |- + Specify whether the service should be considered external to the mesh or part of the mesh. + + Valid Options: MESH_EXTERNAL, MESH_INTERNAL + enum: + - MESH_EXTERNAL + - MESH_INTERNAL + type: string + ports: + description: The ports associated with the external service. + items: + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + description: The port number on the endpoint where the traffic + will be received. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - number + - name + type: object + type: array + resolution: + description: |- + Service resolution mode for the hosts. + + Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN + enum: + - NONE + - STATIC + - DNS + - DNS_ROUND_ROBIN + type: string + subjectAltNames: + description: If specified, the proxy will verify that the server certificate's + subject alternate name matches one of the specified values. + items: + type: string + type: array + workloadSelector: + description: Applicable only for MESH_INTERNAL services. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + required: + - hosts + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The hosts associated with the ServiceEntry + jsonPath: .spec.hosts + name: Hosts + type: string + - description: Whether the service is external to the mesh or part of the mesh + (MESH_EXTERNAL or MESH_INTERNAL) + jsonPath: .spec.location + name: Location + type: string + - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) + jsonPath: .spec.resolution + name: Resolution + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting service registry. See more details + at: https://istio.io/docs/reference/config/networking/service-entry.html' + properties: + addresses: + description: The virtual IP addresses associated with the service. + items: + type: string + type: array + endpoints: + description: One or more endpoints associated with the service. + items: + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident + in the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload + if a sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) + ? !has(self.ports) : true' + maxItems: 4096 + type: array + exportTo: + description: A list of namespaces to which this service is exported. + items: + type: string + type: array + hosts: + description: The hosts associated with the ServiceEntry. + items: + type: string + type: array + location: + description: |- + Specify whether the service should be considered external to the mesh or part of the mesh. + + Valid Options: MESH_EXTERNAL, MESH_INTERNAL + enum: + - MESH_EXTERNAL + - MESH_INTERNAL + type: string + ports: + description: The ports associated with the external service. + items: + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + description: The port number on the endpoint where the traffic + will be received. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - number + - name + type: object + type: array + resolution: + description: |- + Service resolution mode for the hosts. + + Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN + enum: + - NONE + - STATIC + - DNS + - DNS_ROUND_ROBIN + type: string + subjectAltNames: + description: If specified, the proxy will verify that the server certificate's + subject alternate name matches one of the specified values. + items: + type: string + type: array + workloadSelector: + description: Applicable only for MESH_INTERNAL services. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + required: + - hosts + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The hosts associated with the ServiceEntry + jsonPath: .spec.hosts + name: Hosts + type: string + - description: Whether the service is external to the mesh or part of the mesh + (MESH_EXTERNAL or MESH_INTERNAL) + jsonPath: .spec.location + name: Location + type: string + - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) + jsonPath: .spec.resolution + name: Resolution + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting service registry. See more details + at: https://istio.io/docs/reference/config/networking/service-entry.html' + properties: + addresses: + description: The virtual IP addresses associated with the service. + items: + type: string + type: array + endpoints: + description: One or more endpoints associated with the service. + items: + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) + == ''/'' || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident + in the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload + if a sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) + ? !has(self.ports) : true' + maxItems: 4096 + type: array + exportTo: + description: A list of namespaces to which this service is exported. + items: + type: string + type: array + hosts: + description: The hosts associated with the ServiceEntry. + items: + type: string + type: array + location: + description: |- + Specify whether the service should be considered external to the mesh or part of the mesh. + + Valid Options: MESH_EXTERNAL, MESH_INTERNAL + enum: + - MESH_EXTERNAL + - MESH_INTERNAL + type: string + ports: + description: The ports associated with the external service. + items: + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + description: The port number on the endpoint where the traffic + will be received. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - number + - name + type: object + type: array + resolution: + description: |- + Service resolution mode for the hosts. + + Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN + enum: + - NONE + - STATIC + - DNS + - DNS_ROUND_ROBIN + type: string + subjectAltNames: + description: If specified, the proxy will verify that the server certificate's + subject alternate name matches one of the specified values. + items: + type: string + type: array + workloadSelector: + description: Applicable only for MESH_INTERNAL services. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + required: + - hosts + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_sidecars.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_sidecars.yaml new file mode 100644 index 00000000000..690339869fe --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_sidecars.yaml @@ -0,0 +1,1629 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: sidecars.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: Sidecar + listKind: SidecarList + plural: sidecars + singular: sidecar + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting network reachability of a sidecar. + See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' + properties: + egress: + description: Egress specifies the configuration of the sidecar for + processing outbound traffic from the attached workload instance + to other services in the mesh. + items: + properties: + bind: + description: The IP(IPv4 or IPv6) or the Unix domain socket + to which the listener should be bound to. + type: string + captureMode: + description: |- + When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). + + Valid Options: DEFAULT, IPTABLES, NONE + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + hosts: + description: One or more service hosts exposed by the listener + in `namespace/dnsName` format. + items: + type: string + type: array + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + required: + - hosts + type: object + type: array + inboundConnectionPool: + description: Settings controlling the volume of connections Envoy + will accept from the network. + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be queued + while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection pool + connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams allowed + for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection to + a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be preserved + while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections to a + destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket to + enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes to send + without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs to be + idle before keep-alive probes start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + ingress: + description: Ingress specifies the configuration of the sidecar for + processing inbound traffic to the attached workload instance. + items: + properties: + bind: + description: The IP(IPv4 or IPv6) to which the listener should + be bound. + type: string + captureMode: + description: |- + The captureMode option dictates how traffic to the listener is expected to be captured (or not). + + Valid Options: DEFAULT, IPTABLES, NONE + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + connectionPool: + description: Settings controlling the volume of connections + Envoy will accept from the network. + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be + queued while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a + destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be + preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the connection + is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs + to be idle before keep-alive probes start being + sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + defaultEndpoint: + description: The IP endpoint or Unix domain socket to which + traffic should be forwarded to. + type: string + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: Set of TLS related options that will enable TLS + termination on the sidecar for requests originating from outside + the mesh. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented client side certificate.' + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + description: For gateways running on Kubernetes, the name + of the secret that holds the TLS certs including the CA + certificates. + type: string + httpsRedirect: + description: If set to true, the load balancer will send + a 301 redirect for all http connections, asking the clients + to use HTTPS. + type: boolean + maxProtocolVersion: + description: |- + Optional: Maximum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: |- + Optional: Minimum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be secured using TLS. + + Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + - OPTIONAL_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate presented by the client. + items: + type: string + type: array + verifyCertificateHash: + description: An optional list of hex-encoded SHA-256 hashes + of the authorized client certificates. + items: + type: string + type: array + verifyCertificateSpki: + description: An optional list of base64-encoded SHA-256 + hashes of the SPKIs of authorized client certificates. + items: + type: string + type: array + type: object + required: + - port + type: object + type: array + outboundTrafficPolicy: + description: Set the default behavior of the sidecar for handling + outbound traffic from the application. + properties: + egressProxy: + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + mode: + description: |2- + + + Valid Options: REGISTRY_ONLY, ALLOW_ANY + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this `Sidecar` configuration should be applied. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting network reachability of a sidecar. + See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' + properties: + egress: + description: Egress specifies the configuration of the sidecar for + processing outbound traffic from the attached workload instance + to other services in the mesh. + items: + properties: + bind: + description: The IP(IPv4 or IPv6) or the Unix domain socket + to which the listener should be bound to. + type: string + captureMode: + description: |- + When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). + + Valid Options: DEFAULT, IPTABLES, NONE + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + hosts: + description: One or more service hosts exposed by the listener + in `namespace/dnsName` format. + items: + type: string + type: array + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + required: + - hosts + type: object + type: array + inboundConnectionPool: + description: Settings controlling the volume of connections Envoy + will accept from the network. + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be queued + while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection pool + connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams allowed + for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection to + a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be preserved + while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections to a + destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket to + enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes to send + without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs to be + idle before keep-alive probes start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + ingress: + description: Ingress specifies the configuration of the sidecar for + processing inbound traffic to the attached workload instance. + items: + properties: + bind: + description: The IP(IPv4 or IPv6) to which the listener should + be bound. + type: string + captureMode: + description: |- + The captureMode option dictates how traffic to the listener is expected to be captured (or not). + + Valid Options: DEFAULT, IPTABLES, NONE + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + connectionPool: + description: Settings controlling the volume of connections + Envoy will accept from the network. + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be + queued while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a + destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be + preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the connection + is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs + to be idle before keep-alive probes start being + sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + defaultEndpoint: + description: The IP endpoint or Unix domain socket to which + traffic should be forwarded to. + type: string + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: Set of TLS related options that will enable TLS + termination on the sidecar for requests originating from outside + the mesh. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented client side certificate.' + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + description: For gateways running on Kubernetes, the name + of the secret that holds the TLS certs including the CA + certificates. + type: string + httpsRedirect: + description: If set to true, the load balancer will send + a 301 redirect for all http connections, asking the clients + to use HTTPS. + type: boolean + maxProtocolVersion: + description: |- + Optional: Maximum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: |- + Optional: Minimum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be secured using TLS. + + Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + - OPTIONAL_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate presented by the client. + items: + type: string + type: array + verifyCertificateHash: + description: An optional list of hex-encoded SHA-256 hashes + of the authorized client certificates. + items: + type: string + type: array + verifyCertificateSpki: + description: An optional list of base64-encoded SHA-256 + hashes of the SPKIs of authorized client certificates. + items: + type: string + type: array + type: object + required: + - port + type: object + type: array + outboundTrafficPolicy: + description: Set the default behavior of the sidecar for handling + outbound traffic from the application. + properties: + egressProxy: + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + mode: + description: |2- + + + Valid Options: REGISTRY_ONLY, ALLOW_ANY + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this `Sidecar` configuration should be applied. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting network reachability of a sidecar. + See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' + properties: + egress: + description: Egress specifies the configuration of the sidecar for + processing outbound traffic from the attached workload instance + to other services in the mesh. + items: + properties: + bind: + description: The IP(IPv4 or IPv6) or the Unix domain socket + to which the listener should be bound to. + type: string + captureMode: + description: |- + When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). + + Valid Options: DEFAULT, IPTABLES, NONE + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + hosts: + description: One or more service hosts exposed by the listener + in `namespace/dnsName` format. + items: + type: string + type: array + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + required: + - hosts + type: object + type: array + inboundConnectionPool: + description: Settings controlling the volume of connections Envoy + will accept from the network. + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be queued + while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection pool + connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams allowed + for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection to + a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be preserved + while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections to a + destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket to + enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes to send + without response before deciding the connection is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs to be + idle before keep-alive probes start being sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + ingress: + description: Ingress specifies the configuration of the sidecar for + processing inbound traffic to the attached workload instance. + items: + properties: + bind: + description: The IP(IPv4 or IPv6) to which the listener should + be bound. + type: string + captureMode: + description: |- + The captureMode option dictates how traffic to the listener is expected to be captured (or not). + + Valid Options: DEFAULT, IPTABLES, NONE + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + connectionPool: + description: Settings controlling the volume of connections + Envoy will accept from the network. + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be + queued while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a + destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be + preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + idleTimeout: + description: The idle timeout for TCP connections. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + probes: + description: Maximum number of keepalive probes + to send without response before deciding the connection + is dead. + maximum: 4294967295 + minimum: 0 + type: integer + time: + description: The time duration a connection needs + to be idle before keep-alive probes start being + sent. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than + 1ms + rule: duration(self) >= duration('1ms') + type: object + type: object + type: object + defaultEndpoint: + description: The IP endpoint or Unix domain socket to which + traffic should be forwarded to. + type: string + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + maximum: 4294967295 + minimum: 0 + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + tls: + description: Set of TLS related options that will enable TLS + termination on the sidecar for requests originating from outside + the mesh. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented client side certificate.' + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + description: For gateways running on Kubernetes, the name + of the secret that holds the TLS certs including the CA + certificates. + type: string + httpsRedirect: + description: If set to true, the load balancer will send + a 301 redirect for all http connections, asking the clients + to use HTTPS. + type: boolean + maxProtocolVersion: + description: |- + Optional: Maximum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: |- + Optional: Minimum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be secured using TLS. + + Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + - OPTIONAL_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate presented by the client. + items: + type: string + type: array + verifyCertificateHash: + description: An optional list of hex-encoded SHA-256 hashes + of the authorized client certificates. + items: + type: string + type: array + verifyCertificateSpki: + description: An optional list of base64-encoded SHA-256 + hashes of the SPKIs of authorized client certificates. + items: + type: string + type: array + type: object + required: + - port + type: object + type: array + outboundTrafficPolicy: + description: Set the default behavior of the sidecar for handling + outbound traffic from the application. + properties: + egressProxy: + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + mode: + description: |2- + + + Valid Options: REGISTRY_ONLY, ALLOW_ANY + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this `Sidecar` configuration should be applied. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_virtualservices.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_virtualservices.yaml new file mode 100644 index 00000000000..b07b71aa1f3 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_virtualservices.yaml @@ -0,0 +1,3140 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: virtualservices.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: VirtualService + listKind: VirtualServiceList + plural: virtualservices + shortNames: + - vs + singular: virtualservice + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The names of gateways and sidecars that should apply these routes + jsonPath: .spec.gateways + name: Gateways + type: string + - description: The destination hosts to which traffic is being sent + jsonPath: .spec.hosts + name: Hosts + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting label/content routing, sni routing, + etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' + properties: + exportTo: + description: A list of namespaces to which this virtual service is + exported. + items: + type: string + type: array + gateways: + description: The names of gateways and sidecars that should apply + these routes. + items: + type: string + type: array + hosts: + description: The destination hosts to which traffic is being sent. + items: + type: string + type: array + http: + description: An ordered list of route rules for HTTP traffic. + items: + properties: + corsPolicy: + description: Cross-Origin Resource Sharing policy (CORS). + properties: + allowCredentials: + description: Indicates whether the caller is allowed to + send the actual request (not the preflight) using credentials. + nullable: true + type: boolean + allowHeaders: + description: List of HTTP headers that can be used when + requesting the resource. + items: + type: string + type: array + allowMethods: + description: List of HTTP methods allowed to access the + resource. + items: + type: string + type: array + allowOrigin: + items: + type: string + type: array + allowOrigins: + description: String patterns that match allowed origins. + items: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + type: array + exposeHeaders: + description: A list of HTTP headers that the browsers are + allowed to access. + items: + type: string + type: array + maxAge: + description: Specifies how long the results of a preflight + request can be cached. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + unmatchedPreflights: + description: |- + Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. + + Valid Options: FORWARD, IGNORE + enum: + - UNSPECIFIED + - FORWARD + - IGNORE + type: string + type: object + delegate: + description: Delegate is used to specify the particular VirtualService + which can be used to define delegate HTTPRoute. + properties: + name: + description: Name specifies the name of the delegate VirtualService. + type: string + namespace: + description: Namespace specifies the namespace where the + delegate VirtualService resides. + type: string + type: object + directResponse: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + properties: + body: + description: Specifies the content of the response body. + oneOf: + - not: + anyOf: + - required: + - string + - required: + - bytes + - required: + - string + - required: + - bytes + properties: + bytes: + description: response body as base64 encoded bytes. + format: binary + type: string + string: + type: string + type: object + status: + description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - status + type: object + fault: + description: Fault injection policy to apply on HTTP traffic + at the client side. + properties: + abort: + description: Abort Http request attempts and return error + codes back to downstream service, giving the impression + that the upstream service is faulty. + oneOf: + - not: + anyOf: + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + properties: + grpcStatus: + description: GRPC status code to use to abort the request. + type: string + http2Error: + type: string + httpStatus: + description: HTTP status code to use to abort the Http + request. + format: int32 + type: integer + percentage: + description: Percentage of requests to be aborted with + the error code provided. + properties: + value: + format: double + type: number + type: object + type: object + delay: + description: Delay requests before forwarding, emulating + various failures such as network issues, overloaded upstream + service, etc. + oneOf: + - not: + anyOf: + - required: + - fixedDelay + - required: + - exponentialDelay + - required: + - fixedDelay + - required: + - exponentialDelay + properties: + exponentialDelay: + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + fixedDelay: + description: Add a fixed delay before forwarding the + request. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + percent: + description: Percentage of requests on which the delay + will be injected (0-100). + format: int32 + type: integer + percentage: + description: Percentage of requests on which the delay + will be injected. + properties: + value: + format: double + type: number + type: object + type: object + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + authority: + description: 'HTTP Authority values are case-sensitive + and formatted as follows: - `exact: "value"` for exact + string match - `prefix: "value"` for prefix-based match + - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + headers: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: The header keys must be lowercase and use + hyphen as the separator, e.g. + type: object + ignoreUriCase: + description: Flag to specify whether the URI matching + should be case-insensitive. + type: boolean + method: + description: 'HTTP Method values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + name: + description: The name assigned to a match. + type: string + port: + description: Specifies the ports on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + queryParams: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: Query parameters for matching. + type: object + scheme: + description: 'URI Scheme values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to source (client) workloads with the given + labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + statPrefix: + description: The human readable prefix to use when emitting + statistics for this route. + type: string + uri: + description: 'URI to match values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + withoutHeaders: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: withoutHeader has the same syntax with the + header, but has opposite meaning. + type: object + type: object + type: array + mirror: + description: Mirror HTTP traffic to a another destination in + addition to forwarding the requests to the intended destination. + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + mirror_percent: + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + mirrorPercent: + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + mirrorPercentage: + description: Percentage of the traffic to be mirrored by the + `mirror` field. + properties: + value: + format: double + type: number + type: object + mirrors: + description: Specifies the destinations to mirror HTTP traffic + in addition to the original destination. + items: + properties: + destination: + description: Destination specifies the target of the mirror + operation. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + percentage: + description: Percentage of the traffic to be mirrored + by the `destination` field. + properties: + value: + format: double + type: number + type: object + required: + - destination + type: object + type: array + name: + description: The name assigned to the route for debugging purposes. + type: string + redirect: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + oneOf: + - not: + anyOf: + - required: + - port + - required: + - derivePort + - required: + - port + - required: + - derivePort + properties: + authority: + description: On a redirect, overwrite the Authority/Host + portion of the URL with this value. + type: string + derivePort: + description: |- + On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. + + Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT + enum: + - FROM_PROTOCOL_DEFAULT + - FROM_REQUEST_PORT + type: string + port: + description: On a redirect, overwrite the port portion of + the URL with this value. + maximum: 4294967295 + minimum: 0 + type: integer + redirectCode: + description: On a redirect, Specifies the HTTP status code + to use in the redirect response. + maximum: 4294967295 + minimum: 0 + type: integer + scheme: + description: On a redirect, overwrite the scheme portion + of the URL with this value. + type: string + uri: + description: On a redirect, overwrite the Path portion of + the URL with this value. + type: string + type: object + retries: + description: Retry policy for HTTP requests. + properties: + attempts: + description: Number of retries to be allowed for a given + request. + format: int32 + type: integer + perTryTimeout: + description: Timeout per attempt for a given request, including + the initial call and any retries. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + retryOn: + description: Specifies the conditions under which retry + takes place. + type: string + retryRemoteLocalities: + description: Flag to specify whether the retries should + retry to other localities. + nullable: true + type: boolean + type: object + rewrite: + description: Rewrite HTTP URIs and Authority headers. + properties: + authority: + description: rewrite the Authority/Host header with this + value. + type: string + uri: + description: rewrite the path (or the prefix) portion of + the URI with this value. + type: string + uriRegexRewrite: + description: rewrite the path portion of the URI with the + specified regex. + properties: + match: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + rewrite: + description: The string that should replace into matching + portions of original URI. + type: string + type: object + type: object + route: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + timeout: + description: Timeout for HTTP requests, default is disabled. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: array + tcp: + description: An ordered list of route rules for opaque TCP traffic. + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination + with optional subnet. + items: + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to workloads with the given labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + sourceSubnet: + type: string + type: object + type: array + route: + description: The destination to which the connection should + be forwarded to. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + type: object + type: array + tls: + description: An ordered list of route rule for non-terminated TLS + & HTTPS traffic. + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination + with optional subnet. + items: + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + sniHosts: + description: SNI (server name indicator) to match on. + items: + type: string + type: array + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to workloads with the given labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + required: + - sniHosts + type: object + type: array + route: + description: The destination to which the connection should + be forwarded to. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + required: + - match + type: object + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The names of gateways and sidecars that should apply these routes + jsonPath: .spec.gateways + name: Gateways + type: string + - description: The destination hosts to which traffic is being sent + jsonPath: .spec.hosts + name: Hosts + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting label/content routing, sni routing, + etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' + properties: + exportTo: + description: A list of namespaces to which this virtual service is + exported. + items: + type: string + type: array + gateways: + description: The names of gateways and sidecars that should apply + these routes. + items: + type: string + type: array + hosts: + description: The destination hosts to which traffic is being sent. + items: + type: string + type: array + http: + description: An ordered list of route rules for HTTP traffic. + items: + properties: + corsPolicy: + description: Cross-Origin Resource Sharing policy (CORS). + properties: + allowCredentials: + description: Indicates whether the caller is allowed to + send the actual request (not the preflight) using credentials. + nullable: true + type: boolean + allowHeaders: + description: List of HTTP headers that can be used when + requesting the resource. + items: + type: string + type: array + allowMethods: + description: List of HTTP methods allowed to access the + resource. + items: + type: string + type: array + allowOrigin: + items: + type: string + type: array + allowOrigins: + description: String patterns that match allowed origins. + items: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + type: array + exposeHeaders: + description: A list of HTTP headers that the browsers are + allowed to access. + items: + type: string + type: array + maxAge: + description: Specifies how long the results of a preflight + request can be cached. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + unmatchedPreflights: + description: |- + Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. + + Valid Options: FORWARD, IGNORE + enum: + - UNSPECIFIED + - FORWARD + - IGNORE + type: string + type: object + delegate: + description: Delegate is used to specify the particular VirtualService + which can be used to define delegate HTTPRoute. + properties: + name: + description: Name specifies the name of the delegate VirtualService. + type: string + namespace: + description: Namespace specifies the namespace where the + delegate VirtualService resides. + type: string + type: object + directResponse: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + properties: + body: + description: Specifies the content of the response body. + oneOf: + - not: + anyOf: + - required: + - string + - required: + - bytes + - required: + - string + - required: + - bytes + properties: + bytes: + description: response body as base64 encoded bytes. + format: binary + type: string + string: + type: string + type: object + status: + description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - status + type: object + fault: + description: Fault injection policy to apply on HTTP traffic + at the client side. + properties: + abort: + description: Abort Http request attempts and return error + codes back to downstream service, giving the impression + that the upstream service is faulty. + oneOf: + - not: + anyOf: + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + properties: + grpcStatus: + description: GRPC status code to use to abort the request. + type: string + http2Error: + type: string + httpStatus: + description: HTTP status code to use to abort the Http + request. + format: int32 + type: integer + percentage: + description: Percentage of requests to be aborted with + the error code provided. + properties: + value: + format: double + type: number + type: object + type: object + delay: + description: Delay requests before forwarding, emulating + various failures such as network issues, overloaded upstream + service, etc. + oneOf: + - not: + anyOf: + - required: + - fixedDelay + - required: + - exponentialDelay + - required: + - fixedDelay + - required: + - exponentialDelay + properties: + exponentialDelay: + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + fixedDelay: + description: Add a fixed delay before forwarding the + request. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + percent: + description: Percentage of requests on which the delay + will be injected (0-100). + format: int32 + type: integer + percentage: + description: Percentage of requests on which the delay + will be injected. + properties: + value: + format: double + type: number + type: object + type: object + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + authority: + description: 'HTTP Authority values are case-sensitive + and formatted as follows: - `exact: "value"` for exact + string match - `prefix: "value"` for prefix-based match + - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + headers: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: The header keys must be lowercase and use + hyphen as the separator, e.g. + type: object + ignoreUriCase: + description: Flag to specify whether the URI matching + should be case-insensitive. + type: boolean + method: + description: 'HTTP Method values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + name: + description: The name assigned to a match. + type: string + port: + description: Specifies the ports on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + queryParams: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: Query parameters for matching. + type: object + scheme: + description: 'URI Scheme values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to source (client) workloads with the given + labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + statPrefix: + description: The human readable prefix to use when emitting + statistics for this route. + type: string + uri: + description: 'URI to match values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + withoutHeaders: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: withoutHeader has the same syntax with the + header, but has opposite meaning. + type: object + type: object + type: array + mirror: + description: Mirror HTTP traffic to a another destination in + addition to forwarding the requests to the intended destination. + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + mirror_percent: + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + mirrorPercent: + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + mirrorPercentage: + description: Percentage of the traffic to be mirrored by the + `mirror` field. + properties: + value: + format: double + type: number + type: object + mirrors: + description: Specifies the destinations to mirror HTTP traffic + in addition to the original destination. + items: + properties: + destination: + description: Destination specifies the target of the mirror + operation. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + percentage: + description: Percentage of the traffic to be mirrored + by the `destination` field. + properties: + value: + format: double + type: number + type: object + required: + - destination + type: object + type: array + name: + description: The name assigned to the route for debugging purposes. + type: string + redirect: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + oneOf: + - not: + anyOf: + - required: + - port + - required: + - derivePort + - required: + - port + - required: + - derivePort + properties: + authority: + description: On a redirect, overwrite the Authority/Host + portion of the URL with this value. + type: string + derivePort: + description: |- + On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. + + Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT + enum: + - FROM_PROTOCOL_DEFAULT + - FROM_REQUEST_PORT + type: string + port: + description: On a redirect, overwrite the port portion of + the URL with this value. + maximum: 4294967295 + minimum: 0 + type: integer + redirectCode: + description: On a redirect, Specifies the HTTP status code + to use in the redirect response. + maximum: 4294967295 + minimum: 0 + type: integer + scheme: + description: On a redirect, overwrite the scheme portion + of the URL with this value. + type: string + uri: + description: On a redirect, overwrite the Path portion of + the URL with this value. + type: string + type: object + retries: + description: Retry policy for HTTP requests. + properties: + attempts: + description: Number of retries to be allowed for a given + request. + format: int32 + type: integer + perTryTimeout: + description: Timeout per attempt for a given request, including + the initial call and any retries. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + retryOn: + description: Specifies the conditions under which retry + takes place. + type: string + retryRemoteLocalities: + description: Flag to specify whether the retries should + retry to other localities. + nullable: true + type: boolean + type: object + rewrite: + description: Rewrite HTTP URIs and Authority headers. + properties: + authority: + description: rewrite the Authority/Host header with this + value. + type: string + uri: + description: rewrite the path (or the prefix) portion of + the URI with this value. + type: string + uriRegexRewrite: + description: rewrite the path portion of the URI with the + specified regex. + properties: + match: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + rewrite: + description: The string that should replace into matching + portions of original URI. + type: string + type: object + type: object + route: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + timeout: + description: Timeout for HTTP requests, default is disabled. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: array + tcp: + description: An ordered list of route rules for opaque TCP traffic. + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination + with optional subnet. + items: + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to workloads with the given labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + sourceSubnet: + type: string + type: object + type: array + route: + description: The destination to which the connection should + be forwarded to. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + type: object + type: array + tls: + description: An ordered list of route rule for non-terminated TLS + & HTTPS traffic. + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination + with optional subnet. + items: + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + sniHosts: + description: SNI (server name indicator) to match on. + items: + type: string + type: array + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to workloads with the given labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + required: + - sniHosts + type: object + type: array + route: + description: The destination to which the connection should + be forwarded to. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + required: + - match + type: object + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The names of gateways and sidecars that should apply these routes + jsonPath: .spec.gateways + name: Gateways + type: string + - description: The destination hosts to which traffic is being sent + jsonPath: .spec.hosts + name: Hosts + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting label/content routing, sni routing, + etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' + properties: + exportTo: + description: A list of namespaces to which this virtual service is + exported. + items: + type: string + type: array + gateways: + description: The names of gateways and sidecars that should apply + these routes. + items: + type: string + type: array + hosts: + description: The destination hosts to which traffic is being sent. + items: + type: string + type: array + http: + description: An ordered list of route rules for HTTP traffic. + items: + properties: + corsPolicy: + description: Cross-Origin Resource Sharing policy (CORS). + properties: + allowCredentials: + description: Indicates whether the caller is allowed to + send the actual request (not the preflight) using credentials. + nullable: true + type: boolean + allowHeaders: + description: List of HTTP headers that can be used when + requesting the resource. + items: + type: string + type: array + allowMethods: + description: List of HTTP methods allowed to access the + resource. + items: + type: string + type: array + allowOrigin: + items: + type: string + type: array + allowOrigins: + description: String patterns that match allowed origins. + items: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + type: array + exposeHeaders: + description: A list of HTTP headers that the browsers are + allowed to access. + items: + type: string + type: array + maxAge: + description: Specifies how long the results of a preflight + request can be cached. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + unmatchedPreflights: + description: |- + Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. + + Valid Options: FORWARD, IGNORE + enum: + - UNSPECIFIED + - FORWARD + - IGNORE + type: string + type: object + delegate: + description: Delegate is used to specify the particular VirtualService + which can be used to define delegate HTTPRoute. + properties: + name: + description: Name specifies the name of the delegate VirtualService. + type: string + namespace: + description: Namespace specifies the namespace where the + delegate VirtualService resides. + type: string + type: object + directResponse: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + properties: + body: + description: Specifies the content of the response body. + oneOf: + - not: + anyOf: + - required: + - string + - required: + - bytes + - required: + - string + - required: + - bytes + properties: + bytes: + description: response body as base64 encoded bytes. + format: binary + type: string + string: + type: string + type: object + status: + description: Specifies the HTTP response status to be returned. + maximum: 4294967295 + minimum: 0 + type: integer + required: + - status + type: object + fault: + description: Fault injection policy to apply on HTTP traffic + at the client side. + properties: + abort: + description: Abort Http request attempts and return error + codes back to downstream service, giving the impression + that the upstream service is faulty. + oneOf: + - not: + anyOf: + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + properties: + grpcStatus: + description: GRPC status code to use to abort the request. + type: string + http2Error: + type: string + httpStatus: + description: HTTP status code to use to abort the Http + request. + format: int32 + type: integer + percentage: + description: Percentage of requests to be aborted with + the error code provided. + properties: + value: + format: double + type: number + type: object + type: object + delay: + description: Delay requests before forwarding, emulating + various failures such as network issues, overloaded upstream + service, etc. + oneOf: + - not: + anyOf: + - required: + - fixedDelay + - required: + - exponentialDelay + - required: + - fixedDelay + - required: + - exponentialDelay + properties: + exponentialDelay: + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + fixedDelay: + description: Add a fixed delay before forwarding the + request. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + percent: + description: Percentage of requests on which the delay + will be injected (0-100). + format: int32 + type: integer + percentage: + description: Percentage of requests on which the delay + will be injected. + properties: + value: + format: double + type: number + type: object + type: object + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + authority: + description: 'HTTP Authority values are case-sensitive + and formatted as follows: - `exact: "value"` for exact + string match - `prefix: "value"` for prefix-based match + - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + headers: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: The header keys must be lowercase and use + hyphen as the separator, e.g. + type: object + ignoreUriCase: + description: Flag to specify whether the URI matching + should be case-insensitive. + type: boolean + method: + description: 'HTTP Method values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + name: + description: The name assigned to a match. + type: string + port: + description: Specifies the ports on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + queryParams: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: Query parameters for matching. + type: object + scheme: + description: 'URI Scheme values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to source (client) workloads with the given + labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + statPrefix: + description: The human readable prefix to use when emitting + statistics for this route. + type: string + uri: + description: 'URI to match values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + withoutHeaders: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + type: object + description: withoutHeader has the same syntax with the + header, but has opposite meaning. + type: object + type: object + type: array + mirror: + description: Mirror HTTP traffic to a another destination in + addition to forwarding the requests to the intended destination. + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + mirror_percent: + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + mirrorPercent: + maximum: 4294967295 + minimum: 0 + nullable: true + type: integer + mirrorPercentage: + description: Percentage of the traffic to be mirrored by the + `mirror` field. + properties: + value: + format: double + type: number + type: object + mirrors: + description: Specifies the destinations to mirror HTTP traffic + in addition to the original destination. + items: + properties: + destination: + description: Destination specifies the target of the mirror + operation. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + percentage: + description: Percentage of the traffic to be mirrored + by the `destination` field. + properties: + value: + format: double + type: number + type: object + required: + - destination + type: object + type: array + name: + description: The name assigned to the route for debugging purposes. + type: string + redirect: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + oneOf: + - not: + anyOf: + - required: + - port + - required: + - derivePort + - required: + - port + - required: + - derivePort + properties: + authority: + description: On a redirect, overwrite the Authority/Host + portion of the URL with this value. + type: string + derivePort: + description: |- + On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. + + Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT + enum: + - FROM_PROTOCOL_DEFAULT + - FROM_REQUEST_PORT + type: string + port: + description: On a redirect, overwrite the port portion of + the URL with this value. + maximum: 4294967295 + minimum: 0 + type: integer + redirectCode: + description: On a redirect, Specifies the HTTP status code + to use in the redirect response. + maximum: 4294967295 + minimum: 0 + type: integer + scheme: + description: On a redirect, overwrite the scheme portion + of the URL with this value. + type: string + uri: + description: On a redirect, overwrite the Path portion of + the URL with this value. + type: string + type: object + retries: + description: Retry policy for HTTP requests. + properties: + attempts: + description: Number of retries to be allowed for a given + request. + format: int32 + type: integer + perTryTimeout: + description: Timeout per attempt for a given request, including + the initial call and any retries. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + retryOn: + description: Specifies the conditions under which retry + takes place. + type: string + retryRemoteLocalities: + description: Flag to specify whether the retries should + retry to other localities. + nullable: true + type: boolean + type: object + rewrite: + description: Rewrite HTTP URIs and Authority headers. + properties: + authority: + description: rewrite the Authority/Host header with this + value. + type: string + uri: + description: rewrite the path (or the prefix) portion of + the URI with this value. + type: string + uriRegexRewrite: + description: rewrite the path portion of the URI with the + specified regex. + properties: + match: + description: '[RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax).' + type: string + rewrite: + description: The string that should replace into matching + portions of original URI. + type: string + type: object + type: object + route: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + timeout: + description: Timeout for HTTP requests, default is disabled. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: array + tcp: + description: An ordered list of route rules for opaque TCP traffic. + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination + with optional subnet. + items: + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to workloads with the given labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + sourceSubnet: + type: string + type: object + type: array + route: + description: The destination to which the connection should + be forwarded to. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + type: object + type: array + tls: + description: An ordered list of route rule for non-terminated TLS + & HTTPS traffic. + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination + with optional subnet. + items: + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + maximum: 4294967295 + minimum: 0 + type: integer + sniHosts: + description: SNI (server name indicator) to match on. + items: + type: string + type: array + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to workloads with the given labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + required: + - sniHosts + type: object + type: array + route: + description: The destination to which the connection should + be forwarded to. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + maximum: 4294967295 + minimum: 0 + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + required: + - match + type: object + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_workloadentries.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_workloadentries.yaml new file mode 100644 index 00000000000..e61d58ac958 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_workloadentries.yaml @@ -0,0 +1,506 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: workloadentries.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: WorkloadEntry + listKind: WorkloadEntryList + plural: workloadentries + shortNames: + - we + singular: workloadentry + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Address associated with the network endpoint. + jsonPath: .spec.address + name: Address + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting VMs onboarded into the mesh. See + more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident in + the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload if a + sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - spec + - spec + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Address associated with the network endpoint. + jsonPath: .spec.address + name: Address + type: string + name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting VMs onboarded into the mesh. See + more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident in + the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload if a + sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - spec + - spec + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Address associated with the network endpoint. + jsonPath: .spec.address + name: Address + type: string + name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting VMs onboarded into the mesh. See + more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == ''/'' + || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident in + the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload if a + sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) ? + !has(self.ports) : true' + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - spec + - spec + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/networking.istio.io_workloadgroups.yaml b/operators/sailoperator/0.1.0/manifests/networking.istio.io_workloadgroups.yaml new file mode 100644 index 00000000000..65e0a1b3fe2 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/networking.istio.io_workloadgroups.yaml @@ -0,0 +1,828 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: workloadgroups.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: WorkloadGroup + listKind: WorkloadGroupList + plural: workloadgroups + shortNames: + - wg + singular: workloadgroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Describes a collection of workload instances. See more details + at: https://istio.io/docs/reference/config/networking/workload-group.html' + properties: + metadata: + description: Metadata that will be used for all corresponding `WorkloadEntries`. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + probe: + description: '`ReadinessProbe` describes the configuration the user + must provide for healthchecking on their workload.' + oneOf: + - not: + anyOf: + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + properties: + exec: + description: Health is determined by how the command that is executed + exited. + properties: + command: + description: Command to run. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be + considered failed after having succeeded. + format: int32 + type: integer + httpGet: + description: '`httpGet` is performed to a given endpoint and the + status/able to connect determines health.' + properties: + host: + description: Host name to connect to, defaults to the pod + IP. + type: string + httpHeaders: + description: Headers the proxy will pass on to make the request. + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 + type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started + before readiness probes are initiated. + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be + considered successful after having failed. + format: int32 + type: integer + tcpSocket: + description: Health is determined by if the proxy is able to connect. + properties: + host: + type: string + port: + maximum: 4294967295 + minimum: 0 + type: integer + required: + - port + type: object + timeoutSeconds: + description: Number of seconds after which the probe times out. + format: int32 + type: integer + type: object + template: + description: Template to be used for the generation of `WorkloadEntry` + resources that belong to this `WorkloadGroup`. + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident + in the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload + if a sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) + ? !has(self.ports) : true' + required: + - template + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Describes a collection of workload instances. See more details + at: https://istio.io/docs/reference/config/networking/workload-group.html' + properties: + metadata: + description: Metadata that will be used for all corresponding `WorkloadEntries`. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + probe: + description: '`ReadinessProbe` describes the configuration the user + must provide for healthchecking on their workload.' + oneOf: + - not: + anyOf: + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + properties: + exec: + description: Health is determined by how the command that is executed + exited. + properties: + command: + description: Command to run. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be + considered failed after having succeeded. + format: int32 + type: integer + httpGet: + description: '`httpGet` is performed to a given endpoint and the + status/able to connect determines health.' + properties: + host: + description: Host name to connect to, defaults to the pod + IP. + type: string + httpHeaders: + description: Headers the proxy will pass on to make the request. + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 + type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started + before readiness probes are initiated. + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be + considered successful after having failed. + format: int32 + type: integer + tcpSocket: + description: Health is determined by if the proxy is able to connect. + properties: + host: + type: string + port: + maximum: 4294967295 + minimum: 0 + type: integer + required: + - port + type: object + timeoutSeconds: + description: Number of seconds after which the probe times out. + format: int32 + type: integer + type: object + template: + description: Template to be used for the generation of `WorkloadEntry` + resources that belong to this `WorkloadGroup`. + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident + in the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload + if a sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) + ? !has(self.ports) : true' + required: + - template + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Describes a collection of workload instances. See more details + at: https://istio.io/docs/reference/config/networking/workload-group.html' + properties: + metadata: + description: Metadata that will be used for all corresponding `WorkloadEntries`. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + probe: + description: '`ReadinessProbe` describes the configuration the user + must provide for healthchecking on their workload.' + oneOf: + - not: + anyOf: + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + properties: + exec: + description: Health is determined by how the command that is executed + exited. + properties: + command: + description: Command to run. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be + considered failed after having succeeded. + format: int32 + type: integer + httpGet: + description: '`httpGet` is performed to a given endpoint and the + status/able to connect determines health.' + properties: + host: + description: Host name to connect to, defaults to the pod + IP. + type: string + httpHeaders: + description: Headers the proxy will pass on to make the request. + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Port on which the endpoint lives. + maximum: 4294967295 + minimum: 0 + type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started + before readiness probes are initiated. + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be + considered successful after having failed. + format: int32 + type: integer + tcpSocket: + description: Health is determined by if the proxy is able to connect. + properties: + host: + type: string + port: + maximum: 4294967295 + minimum: 0 + type: integer + required: + - port + type: object + timeoutSeconds: + description: Number of seconds after which the probe times out. + format: int32 + type: integer + type: object + template: + description: Template to be used for the generation of `WorkloadEntry` + resources that belong to this `WorkloadGroup`. + properties: + address: + description: Address associated with the network endpoint without + the port. + maxLength: 256 + type: string + x-kubernetes-validations: + - message: UDS must be an absolute path or abstract socket + rule: 'self.startsWith(''unix://'') ? (self.substring(7,8) == + ''/'' || self.substring(7,8) == ''@'') : true' + - message: UDS may not be a dir + rule: 'self.startsWith(''unix://'') ? !self.endsWith(''/'') + : true' + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + maxProperties: 256 + type: object + locality: + description: The locality associated with the endpoint. + maxLength: 2048 + type: string + network: + description: Network enables Istio to group endpoints resident + in the same L3 domain/network. + maxLength: 2048 + type: string + ports: + additionalProperties: + maximum: 4294967295 + minimum: 0 + type: integer + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: 0 < self && self <= 65535 + description: Set of ports associated with the endpoint. + maxProperties: 128 + type: object + x-kubernetes-validations: + - message: port name must be valid + rule: self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$')) + serviceAccount: + description: The service account associated with the workload + if a sidecar is present in the workload. + maxLength: 253 + type: string + weight: + description: The load balancing weight associated with the endpoint. + maximum: 4294967295 + minimum: 0 + type: integer + type: object + x-kubernetes-validations: + - message: Address is required + rule: has(self.address) || has(self.network) + - message: UDS may not include ports + rule: '(has(self.address) && self.address.startsWith(''unix://'')) + ? !has(self.ports) : true' + required: + - template + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/sail-operator-metrics-service_v1_service.yaml b/operators/sailoperator/0.1.0/manifests/sail-operator-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..a9c8664cd28 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/sail-operator-metrics-service_v1_service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: sailoperator + app.kubernetes.io/instance: sail-operator-metrics-service + app.kubernetes.io/managed-by: helm + app.kubernetes.io/name: service + app.kubernetes.io/part-of: sailoperator + control-plane: sail-operator + name: sail-operator-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/created-by: sailoperator + app.kubernetes.io/part-of: sailoperator + control-plane: sail-operator +status: + loadBalancer: {} diff --git a/operators/sailoperator/0.1.0/manifests/sailoperator.clusterserviceversion.yaml b/operators/sailoperator/0.1.0/manifests/sailoperator.clusterserviceversion.yaml new file mode 100644 index 00000000000..536b09af26d --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/sailoperator.clusterserviceversion.yaml @@ -0,0 +1,768 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "sailoperator.io/v1alpha1", + "kind": "Istio", + "metadata": { + "name": "default" + }, + "spec": { + "namespace": "istio-system", + "updateStrategy": { + "inactiveRevisionDeletionGracePeriodSeconds": 30, + "type": "InPlace" + }, + "version": "v1.23.0" + } + }, + { + "apiVersion": "sailoperator.io/v1alpha1", + "kind": "IstioCNI", + "metadata": { + "name": "default" + }, + "spec": { + "namespace": "istio-cni", + "version": "v1.23.0" + } + } + ] + capabilities: Seamless Upgrades + categories: OpenShift Optional, Integration & Delivery, Networking, Security + containerImage: quay.io/maistra-dev/sail-operator:0.1-latest + createdAt: "2024-08-20T11:54:30Z" + description: Experimental operator for installing Istio service mesh + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "true" + features.operators.openshift.io/csi: "false" + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operators.operatorframework.io/builder: operator-sdk-v1.36.1 + operators.operatorframework.io/internal-objects: '["wasmplugins.extensions.istio.io","destinationrules.networking.istio.io","envoyfilters.networking.istio.io","gateways.networking.istio.io","proxyconfigs.networking.istio.io","serviceentries.networking.istio.io","sidecars.networking.istio.io","virtualservices.networking.istio.io","workloadentries.networking.istio.io","workloadgroups.networking.istio.io","authorizationpolicies.security.istio.io","peerauthentications.security.istio.io","requestauthentications.security.istio.io","telemetries.telemetry.istio.io"]' + operators.operatorframework.io/project_layout: go.kubebuilder.io/v4 + repository: https://github.com/istio-ecosystem/sail-operator + support: Community based + name: sailoperator.v0.1.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - kind: WasmPlugin + name: wasmplugins.extensions.istio.io + version: v1alpha1 + - kind: DestinationRule + name: destinationrules.networking.istio.io + version: v1 + - kind: DestinationRule + name: destinationrules.networking.istio.io + version: v1alpha3 + - kind: DestinationRule + name: destinationrules.networking.istio.io + version: v1beta1 + - kind: EnvoyFilter + name: envoyfilters.networking.istio.io + version: v1alpha3 + - kind: Gateway + name: gateways.networking.istio.io + version: v1 + - kind: Gateway + name: gateways.networking.istio.io + version: v1alpha3 + - kind: Gateway + name: gateways.networking.istio.io + version: v1beta1 + - kind: ProxyConfig + name: proxyconfigs.networking.istio.io + version: v1beta1 + - kind: ServiceEntry + name: serviceentries.networking.istio.io + version: v1 + - kind: ServiceEntry + name: serviceentries.networking.istio.io + version: v1alpha3 + - kind: ServiceEntry + name: serviceentries.networking.istio.io + version: v1beta1 + - kind: Sidecar + name: sidecars.networking.istio.io + version: v1 + - kind: Sidecar + name: sidecars.networking.istio.io + version: v1alpha3 + - kind: Sidecar + name: sidecars.networking.istio.io + version: v1beta1 + - kind: VirtualService + name: virtualservices.networking.istio.io + version: v1 + - kind: VirtualService + name: virtualservices.networking.istio.io + version: v1alpha3 + - kind: VirtualService + name: virtualservices.networking.istio.io + version: v1beta1 + - kind: WorkloadEntry + name: workloadentries.networking.istio.io + version: v1 + - kind: WorkloadEntry + name: workloadentries.networking.istio.io + version: v1alpha3 + - kind: WorkloadEntry + name: workloadentries.networking.istio.io + version: v1beta1 + - kind: WorkloadGroup + name: workloadgroups.networking.istio.io + version: v1 + - kind: WorkloadGroup + name: workloadgroups.networking.istio.io + version: v1alpha3 + - kind: WorkloadGroup + name: workloadgroups.networking.istio.io + version: v1beta1 + - kind: AuthorizationPolicy + name: authorizationpolicies.security.istio.io + version: v1 + - kind: AuthorizationPolicy + name: authorizationpolicies.security.istio.io + version: v1beta1 + - kind: PeerAuthentication + name: peerauthentications.security.istio.io + version: v1 + - kind: PeerAuthentication + name: peerauthentications.security.istio.io + version: v1beta1 + - kind: RequestAuthentication + name: requestauthentications.security.istio.io + version: v1 + - kind: RequestAuthentication + name: requestauthentications.security.istio.io + version: v1beta1 + - kind: Telemetry + name: telemetries.telemetry.istio.io + version: v1 + - kind: Telemetry + name: telemetries.telemetry.istio.io + version: v1alpha1 + - description: IstioCNI represents a deployment of the Istio CNI component. + displayName: Istio CNI + kind: IstioCNI + name: istiocnis.sailoperator.io + specDescriptors: + - description: |- + Defines the version of Istio to install. + Must be one of: v1.23.0, v1.22.4. + displayName: Istio Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General + - urn:alm:descriptor:com.tectonic.ui:select:v1.23.0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.22.4 + - description: Namespace to which the Istio CNI component should be installed. + displayName: Namespace + path: namespace + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Namespace + - description: |- + The built-in installation configuration profile to use. + The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. + Must be one of: ambient, default, demo, empty, openshift-ambient, openshift, preview, stable. + displayName: Profile + path: profile + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Defines the values to be passed to the Helm charts when installing + Istio CNI. + displayName: Helm Values + path: values + version: v1alpha1 + - description: |- + IstioRevision represents a single revision of an Istio Service Mesh deployment. + Users shouldn't create IstioRevision objects directly. Instead, they should + create an Istio object and allow the operator to create the underlying + IstioRevision object(s). + displayName: Istio Revision + kind: IstioRevision + name: istiorevisions.sailoperator.io + specDescriptors: + - description: |- + Defines the version of Istio to install. + Must be one of: v1.23.0, v1.22.4. + displayName: Istio Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General + - urn:alm:descriptor:com.tectonic.ui:select:v1.23.0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.22.4 + - description: Namespace to which the Istio components should be installed. + displayName: Namespace + path: namespace + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Namespace + - description: Defines the values to be passed to the Helm charts when installing + Istio. + displayName: Helm Values + path: values + version: v1alpha1 + - description: |- + Istio represents an Istio Service Mesh deployment consisting of one or more + control plane instances (represented by one or more IstioRevision objects). + To deploy an Istio Service Mesh, a user creates an Istio object with the + desired Istio version and configuration. The operator then creates + an IstioRevision object, which in turn creates the underlying Deployment + objects for istiod and other control plane components, similar to how a + Deployment object in Kubernetes creates ReplicaSets that create the Pods. + displayName: Istio + kind: Istio + name: istios.sailoperator.io + specDescriptors: + - description: "Type of strategy to use. Can be \"InPlace\" or \"RevisionBased\". + When the \"InPlace\" strategy\nis used, the existing Istio control plane + is updated in-place. The workloads therefore\ndon't need to be moved from + one control plane instance to another. When the \"RevisionBased\"\nstrategy + is used, a new Istio control plane instance is created for every change + to the\nIstio.spec.version field. The old control plane remains in place + until all workloads have\nbeen moved to the new control plane instance.\n\n\nThe + \"InPlace\" strategy is the default.\tTODO: change default to \"RevisionBased\"" + displayName: Type + path: updateStrategy.type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:InPlace + - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased + - description: |- + Defines the version of Istio to install. + Must be one of: v1.23.0, v1.22.4. + displayName: Istio Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General + - urn:alm:descriptor:com.tectonic.ui:select:v1.23.0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.22.4 + - description: |- + Defines how many seconds the operator should wait before removing a non-active revision after all + the workloads have stopped using it. You may want to set this value on the order of minutes. + The minimum and the default value is 30. + displayName: Inactive Revision Deletion Grace Period (seconds) + path: updateStrategy.inactiveRevisionDeletionGracePeriodSeconds + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: |- + Defines whether the workloads should be moved from one control plane instance to another + automatically. If updateWorkloads is true, the operator moves the workloads from the old + control plane instance to the new one after the new control plane is ready. + If updateWorkloads is false, the user must move the workloads manually by updating the + istio.io/rev labels on the namespace and/or the pods. + Defaults to false. + displayName: Update Workloads Automatically + path: updateStrategy.updateWorkloads + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Namespace to which the Istio components should be installed. + displayName: Namespace + path: namespace + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Namespace + - description: |- + The built-in installation configuration profile to use. + The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. + Must be one of: ambient, default, demo, empty, openshift-ambient, openshift, preview, stable. + displayName: Profile + path: profile + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Defines the update strategy to use when the version in the Istio + CR is updated. + displayName: Update Strategy + path: updateStrategy + - description: Defines the values to be passed to the Helm charts when installing + Istio. + displayName: Helm Values + path: values + version: v1alpha1 + - description: |- + RemoteIstio represents a remote Istio Service Mesh deployment consisting of one or more + remote control plane instances (represented by one or more IstioRevision objects). + displayName: Remote Istio + kind: RemoteIstio + name: remoteistios.sailoperator.io + specDescriptors: + - description: "Type of strategy to use. Can be \"InPlace\" or \"RevisionBased\". + When the \"InPlace\" strategy\nis used, the existing Istio control plane + is updated in-place. The workloads therefore\ndon't need to be moved from + one control plane instance to another. When the \"RevisionBased\"\nstrategy + is used, a new Istio control plane instance is created for every change + to the\nIstio.spec.version field. The old control plane remains in place + until all workloads have\nbeen moved to the new control plane instance.\n\n\nThe + \"InPlace\" strategy is the default.\tTODO: change default to \"RevisionBased\"" + displayName: Type + path: updateStrategy.type + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:select:InPlace + - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased + - description: |- + Defines the version of Istio to install. + Must be one of: v1.23.0, v1.22.4. + displayName: Istio Version + path: version + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General + - urn:alm:descriptor:com.tectonic.ui:select:v1.23.0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.22.4 + - description: |- + Defines how many seconds the operator should wait before removing a non-active revision after all + the workloads have stopped using it. You may want to set this value on the order of minutes. + The minimum and the default value is 30. + displayName: Inactive Revision Deletion Grace Period (seconds) + path: updateStrategy.inactiveRevisionDeletionGracePeriodSeconds + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: |- + Defines whether the workloads should be moved from one control plane instance to another + automatically. If updateWorkloads is true, the operator moves the workloads from the old + control plane instance to the new one after the new control plane is ready. + If updateWorkloads is false, the user must move the workloads manually by updating the + istio.io/rev labels on the namespace and/or the pods. + Defaults to false. + displayName: Update Workloads Automatically + path: updateStrategy.updateWorkloads + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Namespace to which the Istio components should be installed. + displayName: Namespace + path: namespace + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Namespace + - description: |- + The built-in installation configuration profile to use. + The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. + Must be one of: ambient, default, demo, empty, openshift-ambient, openshift, preview, stable. + displayName: Profile + path: profile + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Defines the update strategy to use when the version in the RemoteIstio + CR is updated. + displayName: Update Strategy + path: updateStrategy + - description: Defines the values to be passed to the Helm charts when installing + Istio. + displayName: Helm Values + path: values + version: v1alpha1 + description: |- + This is an experimental operator for installing Istio service mesh. + + This version of the operator supports the following Istio versions: + + - v1.23.0 + - v1.22.4 + + [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. + displayName: Sail Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAYAAADDPmHLAAAACXBIWXMAAAFiAAABYgFfJ9BTAAAHL0lEQVR4nO2du24bRxSGz5LL+01kaMuX2HShnmlSi2VUBM4bKG/gdGFnl+rsBwggvUHUsTT9AIGdnoWCIIWNIJZNWKLM5Uww1K4sC6JEQrP7z8yeDyDYCHuG3F/nNmeWnpSSTMXvD3tE9Ey9gp3e0NiFWkzGgqVvEtFLvz/c8/vDNQPW4xQ2CCBim4gO/P7wFzOW4wY2CUDRIKLnfn/4xu8PvzNgPdZjmwAiukT02u8Pn5mxHHuxVQART9kb3AzbBUDsDW6GFgEMRuNHwM8QobzBkCuF1dDlAfYGo/GeAULYDCuFHngd1qAzBKgy7c1gNEa74kbYN+CQsAS6cwD15T8djMZKCOj/QhUS9jkkXE1cSaBKzF4ORuMXg9EYeQMeE9GQq4TFxF0FPAnDAtIbdEMRcF5wCUmUgZ3QGyBjcpQX/Axcg5Ek2QeIcgNkpbDLyeHXJN0I6oYh4aeE7Z5HJYd7QPtGgegEKnf8OzgkbLMITkG2glVI2AdWCXMRpL1MRO8FzMs0pAjCCiG1IjBhM0jlBQeD0RhVq3fTLAJTdgMboSeAigBkG4pJ28FKBK8HozGqVu+mMTE0cR5gFyiC1FUHpg6EsAgSwuSJoN3t7+//ALK9nZbpY6NHwh7drf8qG+VjkPnnadg7MFoA+bxPYn2tBBTBrutbyVYMhc5FUMihzDs9T2DNVLB42D4GiUCVp862jO0ZC/e8knjYnlAGsmTVKHKyMrDrXIDnFWedW/+BRPDYxVkC+w6G5LItca/5L8i6miVAzjJox8qTQbJcaIt2/QPIvMoHTDgIowVrj4bJVrUhq8UjgGmVFO4D7MaC1WcDxd2mR7kswrTaOHqBMKwbuw+Hel5p9m0blRQ+cWHU3P7TwSopvFVHJYXWnzxy4Xg4yUa5DcwHrO4POCEAOs0HMsD+gLWloTMCUE0i8eAbVCiwtlXsjgBUKCjk2rJZnQBMWxsKnBKAQrRrAlQaWhkKnBMAeV5Z3GtxKFgS9wQQhQLMEIkKBVY1iJwUgELcbnigqmDbpgaRswKYVwV31t6CrFvjBdwVgAoF1eK6LBcQpru2TBU7LQCFuLOGSgif2ZAQOi8A8rOcEF6B+wLAJ4RGTxSnQgDzhLBVRU0QGe0F0iEAlRA2KzlQh3DT5LIwNQKYdwhvNbgsvEB6BBCWhcARMiPPGaZKAAqgFzDyTEHqBAD0Ah0TvUDqBEDsBb4ilQJgL/CFVAqA2AuckVoBsBc4JbUCUIhGBdUdNMYLpFoAslnJg/YIOqbMD6ZaAOpomawVUc8fMmJeIN0CmE8R1z+DTBuxR5B6AVA2o46Zo6zDk0EWwOmzBv4Gmd5GP2yCBaAEUMw/AJWEhPYCLIAQYEkITQZZACFyrSxAphvIxhALICKTaaYxGWQBnEM2yqhkcBM1PMoCOIesFB+AOoOEygVYABcAdgYhrWEWwAVEq4YSACQZZAFcJJdtAXsCiXsBFsAlyFrpPcj046Q7gyyASxBrlRnQfKJegAVwGX62nZbWMAtgAcAw0E2yJ8ACWIColxFPHo1IzAuwABaR9+8Dm0KJ5QEsgCsANoU6SYUBFsAVyGoR9XgZSioMsACuQP00DdB8ImGABXAVamoY94OViYQBFsA1yHoJdYRMEfvUMAvgGmSlGADNx54HsACuA1sOduPeG2ABLIEs55HmYw0DLIAlkNXiP0DzsVYDLIAlkKU8Mg9gDwAn53eAS2jEeYaQBbAkoKeOR7AA0MhKAdkPiC0PYAEsSymPOkZOYTkYy6PnWQBLon6HCLyEWMIAC2BZPK8EHBMjFoABADeGiAVgALJc+Au4iljyABbAKhRz6O9LuxdgAayAzPtV8BK0zwewAFYhk2mCV8AeAA24I7ip+4IsgFXJZVGTwnN0j4mxAFZEFnLvwEtgAUBxrBJgAayIzGZQTxOLYA8Axc/eAa+gq/Nivs6LOUMwe0tCBt7RSUBSFr1PJ+vqo3lHJ+oNWgZQmAgGO703Wq6l4yLWoW6wlBPv+LMf3ugOCUneZEok5h5+3fCPpMIAC2AhQrynmfjofQ4yNJ0J72R6m6azkjcNiKbzh3+YfoOvQ9uouJ0CkPKYgtk7byYyNJkKL5jVaTJt0kyQdzJVf9EMX66irRIwWQCv3n+ctLzDT/WzOPzlBpfU2Tn8EmE44QH+JKLDMJadvW9t1IbRH/z42x+9DNFL4BpNRZv44xSA2js/OPc6u9FbG7XDGO2mAjUqHuz0hjf9rLoEsBe+5jd8a6N2oOm6zGK0DIdoEcDWRm1Px3WYlVCl4P5NvzLuBNqLFg/AArAXLXsC3Ao2m0srJfUe7PS0JNIsACwXK6WzV7DTSySRZgHEy4fL/nuTvMHXwQK4Oa/CKwzP32hdu3VxwwK4notxeN580dGEMQEWwJc4HFuiZTJpEEAUh2GJlsm4IIBFiZY1cRiJLQI4n2iRa3EYBhH9D18eNW58bi76AAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - "" + resources: + - '*' + verbs: + - '*' + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - '*' + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + verbs: + - '*' + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - '*' + - apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - '*' + - apiGroups: + - networking.istio.io + resources: + - envoyfilters + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - '*' + - apiGroups: + - sailoperator.io + resources: + - istiorevisions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - sailoperator.io + resources: + - istiorevisions/finalizers + verbs: + - update + - apiGroups: + - sailoperator.io + resources: + - istiorevisions/status + verbs: + - get + - patch + - update + - apiGroups: + - sailoperator.io + resources: + - istiocnis + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - sailoperator.io + resources: + - istiocnis/finalizers + verbs: + - update + - apiGroups: + - sailoperator.io + resources: + - istiocnis/status + verbs: + - get + - patch + - update + - apiGroups: + - sailoperator.io + resources: + - istios + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - sailoperator.io + resources: + - istios/finalizers + verbs: + - update + - apiGroups: + - sailoperator.io + resources: + - istios/status + verbs: + - get + - patch + - update + - apiGroups: + - sailoperator.io + resources: + - remoteistios + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - sailoperator.io + resources: + - remoteistios/finalizers + verbs: + - update + - apiGroups: + - sailoperator.io + resources: + - remoteistios/status + verbs: + - get + - patch + - update + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - '*' + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + serviceAccountName: sail-operator + deployments: + - label: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: sailoperator + app.kubernetes.io/instance: sail-operator + app.kubernetes.io/managed-by: helm + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: sailoperator + control-plane: sail-operator + name: sail-operator + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: sailoperator + app.kubernetes.io/part-of: sailoperator + control-plane: sail-operator + strategy: {} + template: + metadata: + annotations: + images.v1_22_4.cni: docker.io/istio/install-cni:1.22.4 + images.v1_22_4.istiod: docker.io/istio/pilot:1.22.4 + images.v1_22_4.proxy: docker.io/istio/proxyv2:1.22.4 + images.v1_22_4.ztunnel: docker.io/istio/ztunnel:1.22.4 + images.v1_23_0.cni: docker.io/istio/install-cni:1.23.0 + images.v1_23_0.istiod: docker.io/istio/pilot:1.23.0 + images.v1_23_0.proxy: docker.io/istio/proxyv2:1.23.0 + images.v1_23_0.ztunnel: docker.io/istio/ztunnel:1.23.0 + kubectl.kubernetes.io/default-container: manager + labels: + app.kubernetes.io/created-by: sailoperator + app.kubernetes.io/part-of: sailoperator + control-plane: sail-operator + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --default-profile=openshift + command: + - /manager + image: quay.io/maistra-dev/sail-operator:0.1-latest + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /etc/sail-operator + name: operator-config + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: sail-operator + terminationGracePeriodSeconds: 10 + volumes: + - downwardAPI: + defaultMode: 420 + items: + - fieldRef: + fieldPath: metadata.annotations + path: config.properties + name: operator-config + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: sail-operator + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - istio + - servicemesh + - envoy + links: + - name: Istio Project + url: https://istio.io + maintainers: + - email: istio-feedback@redhat.com + name: OpenShift Service Mesh Team + maturity: alpha + provider: + name: Red Hat, Inc. + relatedImages: + - image: docker.io/istio/install-cni:1.22.4 + name: v1_22_4.cni + - image: docker.io/istio/pilot:1.22.4 + name: v1_22_4.istiod + - image: docker.io/istio/proxyv2:1.22.4 + name: v1_22_4.proxy + - image: docker.io/istio/ztunnel:1.22.4 + name: v1_22_4.ztunnel + - image: docker.io/istio/install-cni:1.23.0 + name: v1_23_0.cni + - image: docker.io/istio/pilot:1.23.0 + name: v1_23_0.istiod + - image: docker.io/istio/proxyv2:1.23.0 + name: v1_23_0.proxy + - image: docker.io/istio/ztunnel:1.23.0 + name: v1_23_0.ztunnel + version: 0.1.0 diff --git a/operators/sailoperator/0.1.0/manifests/sailoperator.io_istiocnis.yaml b/operators/sailoperator/0.1.0/manifests/sailoperator.io_istiocnis.yaml new file mode 100644 index 00000000000..7441b056f09 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/sailoperator.io_istiocnis.yaml @@ -0,0 +1,1463 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.0 + creationTimestamp: null + name: istiocnis.sailoperator.io +spec: + group: sailoperator.io + names: + categories: + - istio-io + kind: IstioCNI + listKind: IstioCNIList + plural: istiocnis + singular: istiocni + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Whether the Istio CNI installation is ready to handle requests. + jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - description: The current state of this object. + jsonPath: .status.state + name: Status + type: string + - description: The version of the Istio CNI installation. + jsonPath: .spec.version + name: Version + type: string + - description: The age of the object + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IstioCNI represents a deployment of the Istio CNI component. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: + namespace: istio-cni + version: v1.23.0 + description: IstioCNISpec defines the desired state of IstioCNI + properties: + namespace: + default: istio-cni + description: Namespace to which the Istio CNI component should be + installed. + type: string + profile: + description: |- + The built-in installation configuration profile to use. + The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. + Must be one of: ambient, default, demo, empty, openshift-ambient, openshift, preview, stable. + enum: + - ambient + - default + - demo + - empty + - openshift-ambient + - openshift + - preview + - stable + type: string + values: + description: Defines the values to be passed to the Helm charts when + installing Istio CNI. + properties: + cni: + description: Configuration for the Istio CNI plugin. + properties: + affinity: + description: K8s affinity to set on the istio-cni Pods. Can + be used to exclude istio-cni from being scheduled on specified + nodes. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + chained: + description: |- + Configure the plugin as a chained CNI plugin. When true, the configuration is added to the CNI chain; when false, + the configuration is added as a standalone file in the CNI configuration directory. + type: boolean + cniBinDir: + description: The directory path within the cluster node's + filesystem where the CNI binaries are to be installed. Typically + /var/lib/cni/bin. + type: string + cniConfDir: + description: The directory path within the cluster node's + filesystem where the CNI configuration files are to be installed. + Typically /etc/cni/net.d. + type: string + cniConfFileName: + description: The name of the CNI plugin configuration file. + Defaults to istio-cni.conf. + type: string + cniNetnsDir: + description: |- + The directory path within the cluster node's filesystem where network namespaces are located. + Defaults to '/var/run/netns', in minikube/docker/others can be '/var/run/docker/netns'. + type: string + excludeNamespaces: + description: List of namespaces that should be ignored by + the CNI plugin. + items: + type: string + type: array + hub: + description: Hub to pull the container image from. Image will + be `Hub/Image:Tag-Variant`. + type: string + image: + description: |- + Image name to pull from. Image will be `Hub/Image:Tag-Variant`. + If Image contains a "/", it will replace the entire `image` in the pod. + type: string + logging: + description: Same as `global.logging.level`, but will override + it if set + properties: + level: + description: |- + Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + The control plane has different scopes depending on component, but can configure default log level across all components + If empty, default scope and level will be used as configured in code + type: string + type: object + podAnnotations: + additionalProperties: + type: string + description: |- + Additional annotations to apply to the istio-cni Pods. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + privileged: + description: |- + No longer used for CNI. See: https://github.com/istio/istio/issues/49004 + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: boolean + provider: + description: |- + Specifies the CNI provider. Can be either "default" or "multus". When set to "multus", an additional + NetworkAttachmentDefinition resource is deployed to the cluster to allow the istio-cni plugin to be + invoked in a cluster using the Multus CNI plugin. + type: string + psp_cluster_role: + description: PodSecurityPolicy cluster role. No longer used + anywhere. + type: string + pullPolicy: + description: |- + Specifies the image pull policy. one of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. + + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + enum: + - Always + - Never + - IfNotPresent + type: string + repair: + description: Configuration for the CNI Repair controller. + properties: + brokenPodLabelKey: + description: The label key to apply to a broken pod when + the controller is in labelPods mode. + type: string + brokenPodLabelValue: + description: The label value to apply to a broken pod + when the controller is in labelPods mode. + type: string + createEvents: + description: |- + No longer used. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: string + deletePods: + description: |- + The Repair controller has 3 modes (labelPods, deletePods, and repairPods). Pick which one meets your use cases. Note only one may be used. + The mode defines the action the controller will take when a pod is detected as broken. + If deletePods is true, the controller will delete the broken pod. The pod will then be rescheduled, hopefully onto a node that is fully ready. + Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. + type: boolean + enabled: + description: Controls whether repair behavior is enabled. + type: boolean + hub: + description: Hub to pull the container image from. Image + will be `Hub/Image:Tag-Variant`. + type: string + image: + description: |- + Image name to pull from. Image will be `Hub/Image:Tag-Variant`. + If Image contains a "/", it will replace the entire `image` in the pod. + type: string + initContainerName: + description: The name of the init container to use for + the repairPods mode. + type: string + labelPods: + description: |- + The Repair controller has 3 modes (labelPods, deletePods, and repairPods). Pick which one meets your use cases. Note only one may be used. + The mode defines the action the controller will take when a pod is detected as broken. + If labelPods is true, the controller will label all broken pods with =. + This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). + Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. + type: boolean + repairPods: + description: |- + The Repair controller has 3 modes (labelPods, deletePods, and repairPods). Pick which one meets your use cases. Note only one may be used. + The mode defines the action the controller will take when a pod is detected as broken. + If repairPods is true, the controller will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. + Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. + This requires no RBAC privilege, but will require the CNI agent to run as a privileged pod. + type: boolean + tag: + description: The container image tag to pull. Image will + be `Hub/Image:Tag-Variant`. + type: string + type: object + resource_quotas: + description: The resource quotas configration for the CNI + DaemonSet. + properties: + enabled: + description: Controls whether to create resource quotas + or not for the CNI DaemonSet. + type: boolean + pods: + description: The hard limit on the number of pods in the + namespace where the CNI DaemonSet is deployed. + format: int64 + type: integer + type: object + resources: + description: The k8s resource requests and limits for the + istio-cni Pods. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + rollingMaxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The number of pods that can be unavailable during a rolling update of the CNI DaemonSet (see + `updateStrategy.rollingUpdate.maxUnavailable` here: + https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + May be specified as a number of pods or as a percent of the total number + of pods at the start of the update. + x-kubernetes-int-or-string: true + seccompProfile: + description: |- + The Container seccompProfile + + See: https://kubernetes.io/docs/tutorials/security/seccomp/ + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + tag: + description: The container image tag to pull. Image will be + `Hub/Image:Tag-Variant`. + type: string + variant: + description: The container image variant to pull. Options + are "debug" or "distroless". Unset will use the default + for the given version. + type: string + type: object + global: + description: Part of the global configuration applicable to the + Istio CNI component. + properties: + defaultResources: + description: |- + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + hub: + description: Specifies the docker hub for Istio images. + type: string + imagePullPolicy: + description: |- + Specifies the image pull policy for the Istio images. one of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. + + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: |- + ImagePullSecrets for the control plane ServiceAccount, list of secrets in the same namespace + to use for pulling any images in pods that reference this ServiceAccount. + Must be set for any cluster configured with private docker registry. + items: + type: string + type: array + logAsJson: + description: Specifies whether istio components should output + logs in json format by adding --log_as_json argument to + each container. + type: boolean + logging: + description: Specifies the global logging level settings for + the Istio control plane components. + properties: + level: + description: |- + Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + The control plane has different scopes depending on component, but can configure default log level across all components + If empty, default scope and level will be used as configured in code + type: string + type: object + tag: + description: Specifies the tag for the Istio docker images. + type: string + variant: + description: The variant of the Istio container images to + use. Options are "debug" or "distroless". Unset will use + the default for the given version. + type: string + type: object + type: object + version: + default: v1.23.0 + description: |- + Defines the version of Istio to install. + Must be one of: v1.23.0, v1.22.4. + enum: + - v1.23.0 + - v1.22.4 + type: string + required: + - namespace + - version + type: object + status: + description: IstioCNIStatus defines the observed state of IstioCNI + properties: + conditions: + description: Represents the latest available observations of the object's + current state. + items: + description: IstioCNICondition represents a specific observation + of the IstioCNI object's state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + the last transition. + type: string + reason: + description: Unique, single-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: The status of this condition. Can be True, False + or Unknown. + type: string + type: + description: The type of this condition. + type: string + type: object + type: array + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this + IstioCNI object. It corresponds to the object's generation, which is + updated on mutation by the API Server. The information in the status + pertains to this particular generation of the object. + format: int64 + type: integer + state: + description: Reports the current state of the object. + type: string + type: object + type: object + x-kubernetes-validations: + - message: metadata.name must be 'default' + rule: self.metadata.name == 'default' + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/sailoperator.io_istiorevisions.yaml b/operators/sailoperator/0.1.0/manifests/sailoperator.io_istiorevisions.yaml new file mode 100644 index 00000000000..1f934d0e557 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/sailoperator.io_istiorevisions.yaml @@ -0,0 +1,8002 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.0 + creationTimestamp: null + name: istiorevisions.sailoperator.io +spec: + group: sailoperator.io + names: + categories: + - istio-io + kind: IstioRevision + listKind: IstioRevisionList + plural: istiorevisions + shortNames: + - istiorev + singular: istiorevision + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Whether the control plane is installed locally or in a remote cluster. + jsonPath: .spec.type + name: Type + type: string + - description: Whether the control plane installation is ready to handle requests. + jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - description: The current state of this object. + jsonPath: .status.state + name: Status + type: string + - description: Whether the revision is being used by workloads. + jsonPath: .status.conditions[?(@.type=="InUse")].status + name: In use + type: string + - description: The version of the control plane installation. + jsonPath: .spec.version + name: Version + type: string + - description: The age of the object + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + IstioRevision represents a single revision of an Istio Service Mesh deployment. + Users shouldn't create IstioRevision objects directly. Instead, they should + create an Istio object and allow the operator to create the underlying + IstioRevision object(s). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IstioRevisionSpec defines the desired state of IstioRevision + properties: + namespace: + description: Namespace to which the Istio components should be installed. + type: string + type: + default: Local + description: Type indicates whether this revision represents a local + or a remote control plane installation. + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + values: + description: Defines the values to be passed to the Helm charts when + installing Istio. + properties: + base: + description: Configuration for the base component. + properties: + validationCABundle: + description: validation webhook CA bundle + type: string + validationURL: + description: URL to use for validating webhook. + type: string + type: object + compatibilityVersion: + description: |- + Specifies the compatibility version to use. When this is set, the control plane will + be configured with the same defaults as the specified version. + type: string + defaultRevision: + description: The name of the default revision in the cluster. + type: string + experimental: + description: Specifies experimental helm fields that could be + removed or changed in the future + x-kubernetes-preserve-unknown-fields: true + global: + description: Global configuration for Istio components. + properties: + arch: + description: "Specifies pod scheduling arch(amd64, ppc64le, + s390x, arm64) and weight as follows:\n\n\t0 - Never scheduled\n\t1 + - Least preferred\n\t2 - No preference\n\t3 - Most preferred\n\nDeprecated: + replaced by the affinity k8s settings which allows architecture + nodeAffinity configuration of this behavior.\n\nDeprecated: + Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto." + properties: + amd64: + description: Sets pod scheduling weight for amd64 arch + format: int32 + type: integer + arm64: + description: Sets pod scheduling weight for arm64 arch. + format: int32 + type: integer + ppc64le: + description: Sets pod scheduling weight for ppc64le arch. + format: int32 + type: integer + s390x: + description: Sets pod scheduling weight for s390x arch. + format: int32 + type: integer + type: object + caAddress: + description: The address of the CA for CSR. + type: string + caName: + description: |- + The name of the CA for workloads. + For example, when caName=GkeWorkloadCertificate, GKE workload certificates + will be used as the certificates for workloads. + The default value is "" and when caName="", the CA will be configured by other + mechanisms (e.g., environmental variable CA_PROVIDER). + type: string + certSigners: + description: List of certSigners to allow "approve" action + in the ClusterRole + items: + type: string + type: array + configCluster: + description: Controls whether a remote cluster is the config + cluster for an external istiod + type: boolean + configValidation: + description: Controls whether the server-side validation is + enabled. + type: boolean + defaultNodeSelector: + additionalProperties: + type: string + description: |- + Default k8s node selector for all the Istio control plane components + + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + defaultPodDisruptionBudget: + description: |- + Specifies the default pod disruption budget configuration. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + enabled: + description: Controls whether a PodDisruptionBudget with + a default minAvailable value of 1 is created for each + deployment. + type: boolean + type: object + defaultResources: + description: |- + Default k8s resources settings for all Istio control plane components. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + defaultTolerations: + description: |- + Default node tolerations to be applied to all deployments so that all pods can be + scheduled to nodes with matching taints. Each component can overwrite + these default values by adding its tolerations block in the relevant section below + and setting the desired values. + Configure this field in case that all pods of Istio control plane are expected to + be scheduled to particular nodes with specified taints. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + externalIstiod: + description: Controls whether one external istiod is enabled. + type: boolean + hub: + description: Specifies the docker hub for Istio images. + type: string + imagePullPolicy: + description: |- + Specifies the image pull policy for the Istio images. one of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. + + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: |- + ImagePullSecrets for the control plane ServiceAccount, list of secrets in the same namespace + to use for pulling any images in pods that reference this ServiceAccount. + Must be set for any cluster configured with private docker registry. + items: + type: string + type: array + ipFamilies: + description: |- + Defines which IP family to use for single stack or the order of IP families for dual-stack. + Valid list items are "IPv4", "IPv6". + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + items: + type: string + type: array + ipFamilyPolicy: + description: |- + Controls whether Services are configured to use IPv4, IPv6, or both. Valid options + are PreferDualStack, RequireDualStack, and SingleStack. + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + type: string + istioNamespace: + description: Specifies the default namespace for the Istio + control plane components. + type: string + istiod: + description: Specifies the configution of istiod + properties: + enableAnalysis: + description: If enabled, istiod will perform config analysis + type: boolean + type: object + jwtPolicy: + description: |- + Configure the policy for validating JWT. + This is deprecated and has no effect. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: string + logAsJson: + description: Specifies whether istio components should output + logs in json format by adding --log_as_json argument to + each container. + type: boolean + logging: + description: Specifies the global logging level settings for + the Istio control plane components. + properties: + level: + description: |- + Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + The control plane has different scopes depending on component, but can configure default log level across all components + If empty, default scope and level will be used as configured in code + type: string + type: object + meshID: + description: |- + The Mesh Identifier. It should be unique within the scope where + meshes will interact with each other, but it is not required to be + globally/universally unique. For example, if any of the following are true, + then two meshes must have different Mesh IDs: + - Meshes will have their telemetry aggregated in one place + - Meshes will be federated together + - Policy will be written referencing one mesh from the other + + If an administrator expects that any of these conditions may become true in + the future, they should ensure their meshes have different Mesh IDs + assigned. + + Within a multicluster mesh, each cluster must be (manually or auto) + configured to have the same Mesh ID value. If an existing cluster 'joins' a + multicluster mesh, it will need to be migrated to the new mesh ID. Details + of migration TBD, and it may be a disruptive operation to change the Mesh + ID post-install. + + If the mesh admin does not specify a value, Istio will use the value of the + mesh's Trust Domain. The best practice is to select a proper Trust Domain + value. + type: string + meshNetworks: + additionalProperties: + description: |- + Network provides information about the endpoints in a routable L3 + network. A single routable L3 network can have one or more service + registries. Note that the network has no relation to the locality of the + endpoint. The endpoint locality will be obtained from the service + registry. + properties: + endpoints: + description: |- + The list of endpoints in the network (obtained through the + constituent service registries or from CIDR ranges). All endpoints in + the network are directly accessible to one another. + items: + description: "NetworkEndpoints describes how the network + associated with an endpoint\nshould be inferred. + An endpoint will be assigned to a network based + on\nthe following rules:\n\n1. Implicitly: If the + registry explicitly provides information about\nthe + network to which the endpoint belongs to. In some + cases, its\npossible to indicate the network associated + with the endpoint by\nadding the `ISTIO_META_NETWORK` + environment variable to the sidecar.\n\n2. Explicitly:\n\n\ta. + By matching the registry name with one of the \"fromRegistry\"\n\tin + the mesh config. A \"from_registry\" can only be + assigned to a\n\tsingle network.\n\n\tb. By matching + the IP against one of the CIDR ranges in a mesh\n\tconfig + network. The CIDR ranges must not overlap and be + assigned to\n\ta single network.\n\n(2) will override + (1) if both are present." + properties: + fromCidr: + description: |- + A CIDR range for the set of endpoints in this network. The CIDR + ranges for endpoints from different networks must not overlap. + type: string + fromRegistry: + description: |- + Add all endpoints from the specified registry into this network. + The names of the registries should correspond to the kubeconfig file name + inside the secret that was used to configure the registry (Kubernetes + multicluster) or supplied by MCP server. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [fromCidr fromRegistry] + should be set + rule: (has(self.fromCidr)?1:0) + (has(self.fromRegistry)?1:0) + <= 1 + type: array + gateways: + description: Set of gateways associated with the network. + items: + description: |- + The gateway associated with this network. Traffic from remote networks + will arrive at the specified gateway:port. All incoming traffic must + use mTLS. + properties: + address: + description: IP address or externally resolvable + DNS address associated with the gateway. + type: string + locality: + description: The locality associated with an explicitly + specified gateway (i.e. ip) + type: string + port: + format: int32 + type: integer + registryServiceName: + description: |- + A fully qualified domain name of the gateway service. Pilot will + lookup the service from the service registries in the network and + obtain the endpoint IPs of the gateway from the service + registry. Note that while the service name is a fully qualified + domain name, it need not be resolvable outside the orchestration + platform for the registry. e.g., this could be + istio-ingressgateway.istio-system.svc.cluster.local. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [registryServiceName address] + should be set + rule: (has(self.registryServiceName)?1:0) + (has(self.address)?1:0) + <= 1 + type: array + type: object + description: "Configure the mesh networks to be used by the + Split Horizon EDS.\n\nThe following example defines two + networks with different endpoints association methods.\nFor + `network1` all endpoints that their IP belongs to the provided + CIDR range will be\nmapped to network1. The gateway for + this network example is specified by its public IP\naddress + and port.\nThe second network, `network2`, in this example + is defined differently with all endpoints\nretrieved through + the specified Multi-Cluster registry being mapped to network2. + The\ngateway is also defined differently with the name of + the gateway service on the remote\ncluster. The public IP + for the gateway will be determined from that remote service + (only\nLoadBalancer gateway service type is currently supported, + for a NodePort type gateway service,\nit still need to be + configured manually).\n\nmeshNetworks:\n\n\tnetwork1:\n\t + \ endpoints:\n\t - fromCidr: \"192.168.0.1/24\"\n\t gateways:\n\t + \ - address: 1.1.1.1\n\t port: 80\n\tnetwork2:\n\t endpoints:\n\t + \ - fromRegistry: reg1\n\t gateways:\n\t - registryServiceName: + istio-ingressgateway.istio-system.svc.cluster.local\n\t + \ port: 443" + type: object + mountMtlsCerts: + description: Controls whether the in-cluster MTLS key and + certs are loaded from the secret volume mounts. + type: boolean + multiCluster: + description: Specifies the Configuration for Istio mesh across + multiple clusters through Istio gateways. + properties: + clusterName: + description: |- + The name of the cluster this installation will run in. This is required for sidecar injection + to properly label proxies + type: string + enabled: + description: |- + Enables the connection between two kubernetes clusters via their respective ingressgateway services. + Use if the pods in each cluster cannot directly talk to one another. + type: boolean + globalDomainSuffix: + description: The suffix for global service names. + type: string + includeEnvoyFilter: + description: Enable envoy filter to translate `globalDomainSuffix` + to cluster local suffix for cross cluster communication. + type: boolean + type: object + network: + description: |- + Network defines the network this cluster belong to. This name + corresponds to the networks in the map of mesh networks. + type: string + omitSidecarInjectorConfigMap: + description: |- + Controls whether the creation of the sidecar injector ConfigMap should be skipped. + Defaults to false. When set to true, the sidecar injector ConfigMap will not be created. + type: boolean + operatorManageWebhooks: + description: |- + Controls whether the WebhookConfiguration resource(s) should be created. The current behavior + of Istiod is to manage its own webhook configurations. + When this option is set to true, Istio Operator, instead of webhooks, manages the + webhook configurations. When this option is set as false, webhooks manage their + own webhook configurations. + type: boolean + pilotCertProvider: + description: |- + Configure the Pilot certificate provider. + Currently, four providers are supported: "kubernetes", "istiod", "custom" and "none". + type: string + platform: + description: |- + Platform in which Istio is deployed. Possible values are: "openshift" and "gcp" + An empty value means it is a vanilla Kubernetes distribution, therefore no special + treatment will be considered. + type: string + podDNSSearchNamespaces: + description: |- + Custom DNS config for the pod to resolve names of services in other + clusters. Use this to add additional search domains, and other settings. + see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + This does not apply to gateway pods as they typically need a different + set of DNS settings than the normal application pods (e.g. in multicluster scenarios). + items: + type: string + type: array + priorityClassName: + description: |- + Specifies the k8s priorityClassName for the istio control plane components. + + See https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: string + proxy: + description: Specifies how proxies are configured within Istio. + properties: + autoInject: + description: Controls the 'policy' in the sidecar injector. + type: string + clusterDomain: + description: |- + Domain for the cluster, default: "cluster.local". + + K8s allows this to be customized, see https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/ + type: string + componentLogLevel: + description: |- + Per Component log level for proxy, applies to gateways and sidecars. + + If a component level is not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. + type: string + enableCoreDump: + description: |- + Enables core dumps for newly injected sidecars. + + If set, newly injected sidecars will have core dumps enabled. + type: boolean + excludeIPRanges: + description: Lists the excluded IP ranges of Istio egress + traffic that the sidecar captures. + type: string + excludeInboundPorts: + description: Specifies the Istio ingress ports not to + capture. + type: string + excludeOutboundPorts: + description: A comma separated list of outbound ports + to be excluded from redirection to Envoy. + type: string + holdApplicationUntilProxyStarts: + description: |- + Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready + + Deprecated: replaced by ProxyConfig setting which allows per-pod configuration of this behavior. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: boolean + image: + description: |- + Image name or path for the proxy, default: "proxyv2". + + If registry or tag are not specified, global.hub and global.tag are used. + + Examples: my-proxy (uses global.hub/tag), docker.io/myrepo/my-proxy:v1.0.0 + type: string + includeIPRanges: + description: |- + Lists the IP ranges of Istio egress traffic that the sidecar captures. + + Example: "172.30.0.0/16,172.20.0.0/16" + This would only capture egress traffic on those two IP Ranges, all other outbound traffic would # be allowed by the sidecar." + type: string + includeInboundPorts: + description: |- + A comma separated list of inbound ports for which traffic is to be redirected to Envoy. + The wildcard character '*' can be used to configure redirection for all ports. + type: string + includeOutboundPorts: + description: A comma separated list of outbound ports + for which traffic is to be redirected to Envoy, regardless + of the destination IP. + type: string + lifecycle: + description: |- + The k8s lifecycle hooks definition (pod.spec.containers.lifecycle) for the proxy container. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + logLevel: + description: 'Log level for proxy, applies to gateways + and sidecars. If left empty, "warning" is used. Expected + values are: trace\|debug\|info\|warning\|error\|critical\|off' + type: string + outlierLogPath: + description: |- + Path to the file to which the proxy will write outlier detection logs. + + Example: "/dev/stdout" + This would write the logs to standard output. + type: string + privileged: + description: |- + Enables privileged securityContext for the istio-proxy container. + + See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: boolean + readinessFailureThreshold: + description: Sets the number of successive failed probes + before indicating readiness failure. + format: int32 + type: integer + readinessInitialDelaySeconds: + description: Sets the initial delay for readiness probes + in seconds. + format: int32 + type: integer + readinessPeriodSeconds: + description: Sets the interval between readiness probes + in seconds. + format: int32 + type: integer + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: Configures the startup probe for the istio-proxy + container. + properties: + enabled: + description: |- + Enables or disables a startup probe. + For optimal startup times, changing this should be tied to the readiness probe values. + + If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + and doesn't spam the readiness endpoint too much + + If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + type: boolean + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + format: int32 + type: integer + type: object + statusPort: + description: Default port used for the Pilot agent's health + checks. + format: int32 + type: integer + tracer: + description: |- + Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. + If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + enum: + - zipkin + - lightstep + - datadog + - stackdriver + - openCensusAgent + - none + type: string + type: object + proxy_init: + description: Specifies the Configuration for proxy_init container + which sets the pods' networking to intercept the inbound/outbound + traffic. + properties: + image: + description: Specifies the image for the proxy_init container. + type: string + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + remotePilotAddress: + description: Specifies the Istio control plane’s pilot Pod + IP address or remote cluster DNS resolvable hostname. + type: string + revision: + description: Configures the revision this control plane is + a part of + type: string + sds: + description: Specifies the Configuration for the SecretDiscoveryService + instead of using K8S secrets to mount the certificates. + properties: + token: + description: 'Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto.' + properties: + aud: + type: string + type: object + type: object + sts: + description: Specifies the configuration for Security Token + Service. + properties: + servicePort: + format: int32 + type: integer + type: object + tag: + description: Specifies the tag for the Istio docker images. + type: string + tracer: + description: Specifies the Configuration for each of the supported + tracers. + properties: + datadog: + description: Configuration for the datadog tracing service. + properties: + address: + description: Address in host:port format for reporting + trace data to the Datadog agent. + type: string + type: object + lightstep: + description: Configuration for the lightstep tracing service. + properties: + accessToken: + description: Sets the lightstep access token. + type: string + address: + description: Sets the lightstep satellite pool address + in host:port format for reporting trace data. + type: string + type: object + stackdriver: + description: Configuration for the stackdriver tracing + service. + properties: + debug: + description: enables trace output to stdout. + type: boolean + maxNumberOfAnnotations: + description: The global default max number of annotation + events per span. + format: int32 + type: integer + maxNumberOfAttributes: + description: The global default max number of attributes + per span. + format: int32 + type: integer + maxNumberOfMessageEvents: + description: The global default max number of message + events per span. + format: int32 + type: integer + type: object + zipkin: + description: Configuration for the zipkin tracing service. + properties: + address: + description: |- + Address of zipkin instance in host:port format for reporting trace data. + + Example: .:941 + type: string + type: object + type: object + variant: + description: The variant of the Istio container images to + use. Options are "debug" or "distroless". Unset will use + the default for the given version. + type: string + waypoint: + description: Specifies how waypoints are configured within + Istio. + properties: + resources: + description: |- + K8s resource settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + type: object + istiodRemote: + description: Configuration for istiod-remote. + properties: + injectionCABundle: + description: injector ca bundle + type: string + injectionPath: + description: Path to use for the sidecar injector webhook + service. + type: string + injectionURL: + description: URL to use for sidecar injector webhook. + type: string + type: object + meshConfig: + description: |- + Defines runtime configuration of components, including Istiod and istio-agent behavior. + See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options. + properties: + accessLogEncoding: + description: |- + Encoding for the proxy access log (`TEXT` or `JSON`). + Default value is `TEXT`. + enum: + - TEXT + - JSON + type: string + accessLogFile: + description: |- + File address for the proxy access log (e.g. /dev/stdout). + Empty value disables access logging. + type: string + accessLogFormat: + description: |- + Format for the proxy access log + Empty value results in proxy's default access log format + type: string + ca: + description: |- + If specified, Istiod will authorize and forward the CSRs from the workloads to the specified external CA + using the Istio CA gRPC API. + properties: + address: + description: |- + REQUIRED. Address of the CA server implementing the Istio CA gRPC API. + Can be IP address or a fully qualified DNS name with port + Eg: custom-ca.default.svc.cluster.local:8932, 192.168.23.2:9000 + type: string + istiodSide: + description: |- + Use istiod_side to specify CA Server integrate to Istiod side or Agent side + Default: true + type: boolean + requestTimeout: + description: |- + timeout for forward CSR requests from Istiod to External CA + Default: 10s + type: string + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. + Regarding tls_settings: + - DISABLE MODE is legitimate for the case Istiod is making the request via an Envoy sidecar. + DISABLE MODE can also be used for testing + - TLS MUTUAL MODE be on by default. If the CA certificates + (cert bundle to verify the CA server's certificate) is omitted, Istiod will + use the system root certs to verify the CA server's certificate. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + required: + - address + type: object + caCertificates: + description: |- + The extra root certificates for workload-to-workload communication. + The plugin certificates (the 'cacerts' secret) or self-signed certificates (the 'istio-ca-secret' secret) + are automatically added by Istiod. + The CA certificate that signs the workload certificates is automatically added by Istio Agent. + items: + properties: + certSigners: + description: |- + when Istiod is acting as RA(registration authority) + If set, they are used for these signers. Otherwise, this trustAnchor is used for all signers. + items: + type: string + type: array + pem: + description: The PEM data of the certificate. + type: string + spiffeBundleUrl: + description: |- + The SPIFFE bundle endpoint URL that complies to: + https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle + The endpoint should support authentication based on Web PKI: + https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki + The certificate is retrieved from the endpoint. + type: string + trustDomains: + description: |- + Optional. Specify the list of trust domains to which this trustAnchor data belongs. + If set, they are used for these trust domains. Otherwise, this trustAnchor is used for default trust domain + and its aliases. + Note that we can have multiple trustAnchor data for a same trust_domain. + In that case, trustAnchors with a same trust domain will be merged and used together to verify peer certificates. + If neither cert_signers nor trust_domains is set, this trustAnchor is used for all trust domains and all signers. + If only trust_domains is set, this trustAnchor is used for these trust_domains and all signers. + If only cert_signers is set, this trustAnchor is used for these cert_signers and all trust domains. + If both cert_signers and trust_domains is set, this trustAnchor is only used for these signers and trust domains. + items: + type: string + type: array + type: object + x-kubernetes-validations: + - message: At most one of [pem spiffeBundleUrl] should be + set + rule: (has(self.pem)?1:0) + (has(self.spiffeBundleUrl)?1:0) + <= 1 + type: array + certificates: + description: |- + Configure the provision of certificates. + + Note: Deprecated, please refer to Cert-Manager or other cert provisioning solutions to sign DNS certificates. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + items: + description: "Certificate configures the provision of a + certificate and its key.\nExample 1: key and cert stored + in a secret\n```\n{ secretName: galley-cert\n\n\t secretNamespace: + istio-system\n\t dnsNames:\n\t - galley.istio-system.svc\n\t + \ - galley.mydomain.com\n\t}\n\n```\nExample 2: key + and cert stored in a directory\n```\n{ dnsNames:\n - + pilot.istio-system\n - pilot.istio-system.svc\n - pilot.mydomain.com\n + \ }\n\n```" + properties: + dnsNames: + description: |- + The DNS names for the certificate. A certificate may contain + multiple DNS names. + items: + type: string + type: array + secretName: + description: |- + Name of the secret the certificate and its key will be stored into. + If it is empty, it will not be stored into a secret. + Instead, the certificate and its key will be stored into a hard-coded directory. + type: string + type: object + type: array + configSources: + description: |- + ConfigSource describes a source of configuration data for networking + rules, and other Istio configuration artifacts. Multiple data sources + can be configured for a single control plane. + items: + description: |- + ConfigSource describes information about a configuration store inside a + mesh. A single control plane instance can interact with one or more data + sources. + properties: + address: + description: |- + Address of the server implementing the Istio Mesh Configuration + protocol (MCP). Can be IP address or a fully qualified DNS name. + Use xds:// to specify a grpc-based xds backend, k8s:// to specify a k8s controller or + fs:/// to specify a file-based backend with absolute path to the directory. + type: string + subscribedResources: + description: Describes the source of configuration, + if nothing is specified default is MCP + items: + description: Resource describes the source of configuration + enum: + - SERVICE_REGISTRY + type: string + type: array + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. If the MCP server + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + type: array + connectTimeout: + description: |- + Connection timeout used by Envoy. (MUST BE >=1ms) + Default timeout is 10s. + type: string + defaultConfig: + description: |- + Default proxy config used by gateway and sidecars. + In case of Kubernetes, the proxy config is applied once during the injection process, + and remain constant for the duration of the pod. The rest of the mesh config can be changed + at runtime and config gets distributed dynamically. + On Kubernetes, this can be overridden on individual pods with the `proxy.istio.io/config` annotation. + properties: + availabilityZone: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + binaryPath: + description: Path to the proxy binary + type: string + caCertificatesPem: + description: |- + The PEM data of the extra root certificates for workload-to-workload communication. + This includes the certificates defined in MeshConfig and any other certificates that Istiod uses as CA. + The plugin certificates (the 'cacerts' secret), self-signed certificates (the 'istio-ca-secret' secret) + are added automatically by Istiod. + items: + type: string + type: array + concurrency: + description: |- + The number of worker threads to run. + If unset, which is recommended, this will be automatically determined based on CPU requests/limits. + If set to 0, all cores on the machine will be used, ignoring CPU requests or limits. This can lead to major performance + issues if CPU limits are also set. + format: int32 + type: integer + configPath: + description: |- + Path to the generated configuration file directory. + Proxy agent generates the actual configuration and stores it in this directory. + type: string + controlPlaneAuthPolicy: + description: |- + AuthenticationPolicy defines how the proxy is authenticated when it connects to the control plane. + Default is set to `MUTUAL_TLS`. + enum: + - NONE + - MUTUAL_TLS + - INHERIT + type: string + customConfigFile: + description: |- + File path of custom proxy configuration, currently used by proxies + in front of Mixer and Pilot. + type: string + discoveryAddress: + description: |- + Address of the discovery service exposing xDS with mTLS connection. + The inject configuration may override this value. + type: string + discoveryRefreshDelay: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + drainDuration: + description: |- + restart. MUST be >=1s (e.g., _1s/1m/1h_) + Default drain duration is `45s`. + type: string + envoyAccessLogService: + description: |- + Address of the service to which access logs from Envoys should be + sent. (e.g. `accesslog-service:15000`). See [Access Log + Service](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/accesslog/v2/als.proto) + for details about Envoy's gRPC Access Log Service API. + properties: + address: + description: |- + Address of a remove service used for various purposes (access log + receiver, metrics receiver, etc.). Can be IP address or a fully + qualified DNS name. + type: string + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the + socket to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsSettings: + description: |- + Use the `tls_settings` to specify the tls mode to use. If the remote service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + envoyMetricsService: + description: |- + Address of the Envoy Metrics Service implementation (e.g. `metrics-service:15000`). + See [Metric Service](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto) + for details about Envoy's Metrics Service API. + properties: + address: + description: |- + Address of a remove service used for various purposes (access log + receiver, metrics receiver, etc.). Can be IP address or a fully + qualified DNS name. + type: string + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the + socket to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsSettings: + description: |- + Use the `tls_settings` to specify the tls mode to use. If the remote service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + envoyMetricsServiceAddress: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + extraStatTags: + description: |- + An additional list of tags to extract from the in-proxy Istio telemetry. These extra tags can be + added by configuring the telemetry extension. Each additional tag needs to be present in this list. + Extra tags emitted by the telemetry extensions must be listed here so that they can be processed + and exposed as Prometheus metrics. + Deprecated: `istio.stats` is a native filter now, this field is no longer needed. + items: + type: string + type: array + gatewayTopology: + description: |- + Topology encapsulates the configuration which describes where the proxy is + located i.e. behind a (or N) trusted proxy (proxies) or directly exposed + to the internet. This configuration only effects gateways and is applied + to all the gateways in the cluster unless overridden via annotations of the + gateway workloads. + properties: + forwardClientCertDetails: + description: |- + Configures how the gateway proxy handles x-forwarded-client-cert (XFCC) + header in the incoming request. + enum: + - UNDEFINED + - SANITIZE + - FORWARD_ONLY + - APPEND_FORWARD + - SANITIZE_SET + - ALWAYS_FORWARD_ONLY + type: string + numTrustedProxies: + description: |- + Number of trusted proxies deployed in front of the Istio gateway proxy. + When this option is set to value N greater than zero, the trusted client + address is assumed to be the Nth address from the right end of the + X-Forwarded-For (XFF) header from the incoming request. If the + X-Forwarded-For (XFF) header is missing or has fewer than N addresses, the + gateway proxy falls back to using the immediate downstream connection's + source address as the trusted client address. + Note that the gateway proxy will append the downstream connection's source + address to the X-Forwarded-For (XFF) address and set the + X-Envoy-External-Address header to the trusted client address before + forwarding it to the upstream services in the cluster. + The default value of num_trusted_proxies is 0. + See [Envoy XFF](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#config-http-conn-man-headers-x-forwarded-for) + header handling for more details. + format: int32 + type: integer + proxyProtocol: + description: |- + Enables [PROXY protocol](http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt) for + downstream connections on a gateway. + type: object + type: object + holdApplicationUntilProxyStarts: + description: |- + Boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. + This feature adds hooks to delay application startup until the pod proxy + is ready to accept traffic, mitigating some startup race conditions. + Default value is 'false'. + type: boolean + image: + description: Specifies the details of the proxy image. + properties: + imageType: + description: |- + The image type of the image. + Istio publishes default, debug, and distroless images. + Other values are allowed if those image types (example: centos) are published to the specified hub. + supported values: default, debug, distroless. + type: string + type: object + interceptionMode: + description: The mode used to redirect inbound traffic + to Envoy. + enum: + - REDIRECT + - TPROXY + - NONE + type: string + meshId: + description: |- + The unique identifier for the [service mesh](https://istio.io/docs/reference/glossary/#service-mesh) + All control planes running in the same service mesh should specify the same mesh ID. + Mesh ID is used to label telemetry reports for cases where telemetry from multiple meshes is mixed together. + type: string + privateKeyProvider: + description: Specifies the details of the Private Key + Provider configuration for gateway and sidecar proxies. + properties: + cryptomb: + description: Use CryptoMb private key provider + properties: + fallback: + description: |- + If the private key provider isn’t available (eg. the required hardware capability doesn’t existed) + Envoy will fallback to the BoringSSL default implementation when the fallback is true. + The default value is false. + type: boolean + pollDelay: + description: |- + How long to wait until the per-thread processing queue should be processed. If the processing queue + gets full (eight sign or decrypt requests are received) it is processed immediately. + However, if the queue is not filled before the delay has expired, the requests already in the queue + are processed, even if the queue is not full. + In effect, this value controls the balance between latency and throughput. + The duration needs to be set to a value greater than or equal to 1 millisecond. + type: string + type: object + qat: + description: Use QAT private key provider + properties: + fallback: + description: |- + If the private key provider isn’t available (eg. the required hardware capability doesn’t existed) + Envoy will fallback to the BoringSSL default implementation when the fallback is true. + The default value is false. + type: boolean + pollDelay: + description: |- + How long to wait before polling the hardware accelerator after a request has been submitted there. + Having a small value leads to quicker answers from the hardware but causes more polling loop spins, + leading to potentially larger CPU usage. + The duration needs to be set to a value greater than or equal to 1 millisecond. + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [cryptomb qat] should be set + rule: (has(self.cryptomb)?1:0) + (has(self.qat)?1:0) + <= 1 + proxyAdminPort: + description: |- + Port on which Envoy should listen for administrative commands. + Default port is `15000`. + format: int32 + type: integer + proxyBootstrapTemplatePath: + description: Path to the proxy bootstrap template file + type: string + proxyHeaders: + description: "Define the set of headers to add/modify + for HTTP request/responses.\n\nTo enable an optional + header, simply set the field. If no specific configuration + is required, an empty object (`{}`) will enable it.\nNote: + currently all headers are enabled by default.\n\nBelow + shows an example of customizing the `server` header + and disabling the `X-Envoy-Attempt-Count` header:\n\n```yaml\nproxyHeaders:\n\n\tserver:\n\t + \ value: \"my-custom-server\"\n\trequestId: {} // Explicitly + enable Request IDs. As this is the default, this has + no effect.\n\tattemptCount:\n\t disabled: true\n\n```\n\nSome + headers are enabled by default, and require explicitly + disabling. See below for an example of disabling all + default-enabled headers:\n\n```yaml\nproxyHeaders:\n\n\tforwardedClientCert: + SANITIZE\n\tserver:\n\t disabled: true\n\trequestId:\n\t + \ disabled: true\n\tattemptCount:\n\t disabled: true\n\tenvoyDebugHeaders:\n\t + \ disabled: true\n\tmetadataExchangeHeaders:\n\t mode: + IN_MESH\n\n```" + properties: + attemptCount: + description: |- + Controls the `X-Envoy-Attempt-Count` header. + If enabled, this header will be added on outbound request headers (including gateways) that have retries configured. + If disabled, this header will not be set. If it is already present, it will be preserved. + This header is enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + envoyDebugHeaders: + description: |- + Controls various `X-Envoy-*` headers, such as `X-Envoy-Overloaded` and `X-Envoy-Upstream-Service-Time`. If enabled, + these headers will be included. + If disabled, these headers will not be set. If they are already present, they will be preserved. + See the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/router/v3/router.proto#envoy-v3-api-field-extensions-filters-http-router-v3-router-suppress-envoy-headers) for more details. + These headers are enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + forwardedClientCert: + description: |- + Controls the `X-Forwarded-Client-Cert` header for inbound sidecar requests. To set this on gateways, use the `Topology` setting. + To disable the header, configure either `SANITIZE` (to always remove the header, if present) or `FORWARD_ONLY` (to leave the header as-is). + By default, `APPEND_FORWARD` will be used. + enum: + - UNDEFINED + - SANITIZE + - FORWARD_ONLY + - APPEND_FORWARD + - SANITIZE_SET + - ALWAYS_FORWARD_ONLY + type: string + metadataExchangeHeaders: + description: |- + Controls Istio metadata exchange headers `X-Envoy-Peer-Metadata` and `X-Envoy-Peer-Metadata-Id`. + By default, the behavior is unspecified. + If IN_MESH, these headers will not be appended to outbound requests from sidecars to services not in-mesh. + properties: + mode: + enum: + - UNDEFINED + - IN_MESH + type: string + type: object + requestId: + description: |- + Controls the `X-Request-Id` header. If enabled, a request ID is generated for each request if one is not already set. + This applies to all types of traffic (inbound, outbound, and gateways). + If disabled, no request ID will be generate for the request. If it is already present, it will be preserved. + Warning: request IDs are a critical component to mesh tracing and logging, so disabling this is not recommended. + This header is enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + server: + description: |- + Controls the `server` header. If enabled, the `Server: istio-envoy` header is set in response headers for inbound traffic (including gateways). + If disabled, the `Server` header is not modified. If it is already present, it will be preserved. + properties: + disabled: + type: boolean + value: + description: If set, and the server header is + enabled, this value will be set as the server + header. By default, `istio-envoy` will be used. + type: string + type: object + type: object + proxyMetadata: + additionalProperties: + type: string + description: |- + Additional environment variables for the proxy. + Names starting with `ISTIO_META_` will be included in the generated bootstrap and sent to the XDS server. + type: object + proxyStatsMatcher: + description: "Proxy stats matcher defines configuration + for reporting custom Envoy stats.\nTo reduce memory + and CPU overhead from Envoy stats system, Istio proxies + by\ndefault create and expose only a subset of Envoy + stats. This option is to\ncontrol creation of additional + Envoy stats with prefix, suffix, and regex\nexpressions + match on the name of the stats. This replaces the stats\ninclusion + annotations\n(`sidecar.istio.io/statsInclusionPrefixes`,\n`sidecar.istio.io/statsInclusionRegexps`, + and\n`sidecar.istio.io/statsInclusionSuffixes`). For + example, to enable stats\nfor circuit breakers, request + retries, upstream connections, and request timeouts,\nyou + can specify stats matcher as follows:\n```yaml\nproxyStatsMatcher:\n\n\tinclusionRegexps:\n\t + \ - .*outlier_detection.*\n\t - .*upstream_rq_retry.*\n\t + \ - .*upstream_cx_.*\n\tinclusionSuffixes:\n\t - upstream_rq_timeout\n\n```\nNote + including more Envoy stats might increase number of + time series\ncollected by prometheus significantly. + Care needs to be taken on Prometheus\nresource provision + and configuration to reduce cardinality." + properties: + inclusionPrefixes: + description: Proxy stats name prefix matcher for inclusion. + items: + type: string + type: array + inclusionRegexps: + description: Proxy stats name regexps matcher for + inclusion. + items: + type: string + type: array + inclusionSuffixes: + description: Proxy stats name suffix matcher for inclusion. + items: + type: string + type: array + type: object + readinessProbe: + description: |- + VM Health Checking readiness probe. This health check config exactly mirrors the + kubernetes readiness probe configuration both in schema and logic. + Only one health check method of 3 can be set at a time. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + runtimeValues: + additionalProperties: + type: string + description: |- + Envoy [runtime configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/runtime) to set during bootstrapping. + This enables setting experimental, unsafe, unsupported, and deprecated features that should be used with extreme caution. + type: object + sds: + description: |- + Secret Discovery Service(SDS) configuration to be used by the proxy. + + Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto. + properties: + enabled: + description: True if SDS is enabled. + type: boolean + k8sSaJwtPath: + description: Path of k8s service account JWT path. + type: string + type: object + serviceCluster: + description: |- + Service cluster defines the name for the `service_cluster` that is + shared by all Envoy instances. This setting corresponds to + `--service-cluster` flag in Envoy. In a typical Envoy deployment, the + `service-cluster` flag is used to identify the caller, for + source-based routing scenarios. + + Since Istio does not assign a local `service/service` version to each + Envoy instance, the name is same for all of them. However, the + source/caller's identity (e.g., IP address) is encoded in the + `--service-node` flag when launching Envoy. When the RDS service + receives API calls from Envoy, it uses the value of the `service-node` + flag to compute routes that are relative to the service instances + located at that IP address. + type: string + statNameLength: + description: |- + Maximum length of name field in Envoy's metrics. The length of the name field + is determined by the length of a name field in a service and the set of labels that + comprise a particular version of the service. The default value is set to 189 characters. + Envoy's internal metrics take up 67 characters, for a total of 256 character name per metric. + Increase the value of this field if you find that the metrics from Envoys are truncated. + format: int32 + type: integer + statsdUdpAddress: + description: IP Address and Port of a statsd UDP listener + (e.g. `10.75.241.127:9125`). + type: string + statusPort: + description: |- + Port on which the agent should listen for administrative commands such as readiness probe. + Default is set to port `15020`. + format: int32 + type: integer + terminationDrainDuration: + description: |- + The amount of time allowed for connections to complete on proxy shutdown. + On receiving `SIGTERM` or `SIGINT`, `istio-agent` tells the active Envoy to start gracefully draining, + discouraging any new connections and allowing existing connections to complete. It then + sleeps for the `termination_drain_duration` and then kills any remaining active Envoy processes. + If not set, a default of `5s` will be applied. + type: string + tracing: + description: Tracing configuration to be used by the proxy. + properties: + customTags: + additionalProperties: + description: |- + Configure custom tags that will be added to any active span. + Tags can be generated via literals, environment variables or an incoming request header. + properties: + environment: + description: |- + The custom tag's value should be populated from an environmental + variable + properties: + defaultValue: + description: |- + When the environment variable is not found, + the tag's value will be populated with this default value if specified, + otherwise the tag will not be populated. + type: string + name: + description: Name of the environment variable + used to populate the tag's value + type: string + type: object + header: + description: |- + The custom tag's value is populated by an http header from + an incoming request. + properties: + defaultValue: + description: |- + Default value to be used for the tag when the named HTTP header does not exist. + The tag will be skipped if no default value is provided. + type: string + name: + description: HTTP header name used to obtain + the value from to populate the tag value. + type: string + type: object + literal: + description: The custom tag's value is the specified + literal. + properties: + value: + description: Static literal value used to + populate the tag value. + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [literal environment header] + should be set + rule: (has(self.literal)?1:0) + (has(self.environment)?1:0) + + (has(self.header)?1:0) <= 1 + description: "and gateways).\nThe key represents the + name of the tag.\nEx:\n```yaml\ncustom_tags:\n\n\tnew_tag_name:\n\t + \ header:\n\t name: custom-http-header-name\n\t + \ default_value: defaulted-value-from-custom-header\n\n```" + type: object + datadog: + description: Use a Datadog tracer. + properties: + address: + description: Address of the Datadog Agent. + type: string + type: object + lightstep: + description: |- + Use a Lightstep tracer. + NOTE: For Istio 1.15+, this configuration option will result + in using OpenTelemetry-based Lightstep integration. + properties: + accessToken: + description: The Lightstep access token. + type: string + address: + description: Address of the Lightstep Satellite + pool. + type: string + type: object + maxPathTagLength: + description: |- + Configures the maximum length of the request path to extract and include in the + HttpUrl tag. Used to truncate length request paths to meet the needs of tracing + backend. If not set, then a length of 256 will be used. + format: int32 + type: integer + openCensusAgent: + description: Use an OpenCensus tracer exporting to + an OpenCensus agent. + properties: + address: + description: |- + gRPC address for the OpenCensus agent (e.g. dns://authority/host:port or + unix:path). See [gRPC naming + docs](https://github.com/grpc/grpc/blob/master/doc/naming.md) for + details. + type: string + context: + description: |- + Specifies the set of context propagation headers used for distributed + tracing. Default is `["W3C_TRACE_CONTEXT"]`. If multiple values are specified, + the proxy will attempt to read each header for each request and will + write all headers. + items: + description: |- + TraceContext selects the context propagation headers used for + distributed tracing. + enum: + - UNSPECIFIED + - W3C_TRACE_CONTEXT + - GRPC_BIN + - CLOUD_TRACE_CONTEXT + - B3 + type: string + type: array + type: object + sampling: + description: |- + The percentage of requests (0.0 - 100.0) that will be randomly selected for trace generation, + if not requested by the client or not forced. Default is 1.0. + type: number + stackdriver: + description: Use a Stackdriver tracer. + properties: + debug: + description: debug enables trace output to stdout. + type: boolean + maxNumberOfAnnotations: + description: |- + The global default max number of annotation events per span. + default is 200. + format: int64 + type: integer + maxNumberOfAttributes: + description: |- + The global default max number of attributes per span. + default is 200. + format: int64 + type: integer + maxNumberOfMessageEvents: + description: |- + The global default max number of message events per span. + default is 200. + format: int64 + type: integer + type: object + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. If the remote tracing service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + zipkin: + description: Use a Zipkin tracer. + properties: + address: + description: Address of the Zipkin service (e.g. + _zipkin:9411_). + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [zipkin lightstep datadog stackdriver + openCensusAgent] should be set + rule: (has(self.zipkin)?1:0) + (has(self.lightstep)?1:0) + + (has(self.datadog)?1:0) + (has(self.stackdriver)?1:0) + + (has(self.openCensusAgent)?1:0) <= 1 + tracingServiceName: + description: |- + Used by Envoy proxies to assign the values for the service names in trace + spans. + enum: + - APP_LABEL_AND_NAMESPACE + - CANONICAL_NAME_ONLY + - CANONICAL_NAME_AND_NAMESPACE + type: string + zipkinAddress: + description: |- + Address of the Zipkin service (e.g. _zipkin:9411_). + DEPRECATED: Use [tracing][istio.mesh.v1alpha1.ProxyConfig.tracing] instead. + + Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [serviceCluster tracingServiceName] + should be set + rule: (has(self.serviceCluster)?1:0) + (has(self.tracingServiceName)?1:0) + <= 1 + defaultDestinationRuleExportTo: + description: |- + The default value for the `DestinationRule.export_to` field. Has the same + syntax as `default_service_export_to`. + + If not set the system will use "*" as the default value which implies that + destination rules are exported to all namespaces + items: + type: string + type: array + defaultHttpRetryPolicy: + description: "Configure the default HTTP retry policy.\nThe + default number of retry attempts is set at 2 for these errors:\n\n\t\"connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes\".\n\nSetting + the number of attempts to 0 disables retry policy globally.\nThis + setting can be overridden on a per-host basis using the + Virtual Service\nAPI.\nAll settings in the retry policy + except `perTryTimeout` can currently be\nconfigured globally + via this field." + properties: + attempts: + description: |- + Number of retries to be allowed for a given request. The interval + between retries will be determined automatically (25ms+). When request + `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) + or `per_try_timeout` is configured, the actual number of retries attempted also depends on + the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. + The maximum possible number of requests made will be 1 + `attempts`. + format: int32 + type: integer + perTryTimeout: + description: |- + Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. + Default is same value as request + `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), + which means no timeout. + type: string + retryOn: + description: |- + Specifies the conditions under which retry takes place. + One or more policies can be specified using a ‘,’ delimited list. + See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) + and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + + In addition to the policies specified above, a list of HTTP status codes can be passed, such as `retryOn: "503,reset"`. + Note these status codes refer to the actual responses received from the destination. + For example, if a connection is reset, Istio will translate this to 503 for it's response. + However, the destination did not return a 503 error, so this would not match `"503"` (it would, however, match `"reset"`). + + If not specified, this defaults to `connect-failure,refused-stream,unavailable,cancelled,503`. + type: string + retryRemoteLocalities: + description: |- + Flag to specify whether the retries should retry to other localities. + See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. + type: boolean + type: object + defaultProviders: + description: Specifies extension providers to use by default + in Istio configuration resources. + properties: + accessLogging: + description: Name of the default provider(s) for access + logging. + items: + type: string + type: array + metrics: + description: Name of the default provider(s) for metrics. + items: + type: string + type: array + tracing: + description: Name of the default provider(s) for tracing. + items: + type: string + type: array + type: object + defaultServiceExportTo: + description: |- + The default value for the ServiceEntry.export_to field and services + imported through container registry integrations, e.g. this applies to + Kubernetes Service resources. The value is a list of namespace names and + reserved namespace aliases. The allowed namespace aliases are: + ``` + * - All Namespaces + . - Current Namespace + ~ - No Namespace + ``` + If not set the system will use "*" as the default value which implies that + services are exported to all namespaces. + + `All namespaces` is a reasonable default for implementations that don't + need to restrict access or visibility of services across namespace + boundaries. If that requirement is present it is generally good practice to + make the default `Current namespace` so that services are only visible + within their own namespaces by default. Operators can then expand the + visibility of services to other namespaces as needed. Use of `No Namespace` + is expected to be rare but can have utility for deployments where + dependency management needs to be precise even within the scope of a single + namespace. + + For further discussion see the reference documentation for `ServiceEntry`, + `Sidecar`, and `Gateway`. + items: + type: string + type: array + defaultVirtualServiceExportTo: + description: |- + The default value for the VirtualService.export_to field. Has the same + syntax as `default_service_export_to`. + + If not set the system will use "*" as the default value which implies that + virtual services are exported to all namespaces + items: + type: string + type: array + disableEnvoyListenerLog: + description: |- + This flag disables Envoy Listener logs. + See [Listener Access Log](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log) + Istio Enables Envoy's listener access logs on "NoRoute" response flag. + Default value is `false`. + type: boolean + discoverySelectors: + description: |- + A list of Kubernetes selectors that specify the set of namespaces that Istio considers when + computing configuration updates for sidecars. This can be used to reduce Istio's computational load + by limiting the number of entities (including services, pods, and endpoints) that are watched and processed. + If omitted, Istio will use the default behavior of processing all namespaces in the cluster. + Elements in the list are disjunctive (OR semantics), i.e. a namespace will be included if it matches any selector. + The following example selects any namespace that matches either below: + 1. The namespace has both of these labels: `env: prod` and `region: us-east1` + 2. The namespace has label `app` equal to `cassandra` or `spark`. + ```yaml + discoverySelectors: + - matchLabels: + env: prod + region: us-east1 + - matchExpressions: + - key: app + operator: In + values: + - cassandra + - spark + + ``` + Refer to the [Kubernetes selector docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) + for additional detail on selector semantics. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + dnsRefreshRate: + description: |- + Configures DNS refresh rate for Envoy clusters of type `STRICT_DNS` + Default refresh rate is `60s`. + type: string + enableAutoMtls: + description: |- + This flag is used to enable mutual `TLS` automatically for service to service communication + within the mesh, default true. + If set to true, and a given service does not have a corresponding `DestinationRule` configured, + or its `DestinationRule` does not have ClientTLSSettings specified, Istio configures client side + TLS configuration appropriately. More specifically, + If the upstream authentication policy is in `STRICT` mode, use Istio provisioned certificate + for mutual `TLS` to connect to upstream. + If upstream service is in plain text mode, use plain text. + If the upstream authentication policy is in PERMISSIVE mode, Istio configures clients to use + mutual `TLS` when server sides are capable of accepting mutual `TLS` traffic. + If service `DestinationRule` exists and has `ClientTLSSettings` specified, that is always used instead. + type: boolean + enableEnvoyAccessLogService: + description: |- + This flag enables Envoy's gRPC Access Log Service. + See [Access Log Service](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/grpc/v3/als.proto) + for details about Envoy's gRPC Access Log Service API. + Default value is `false`. + type: boolean + enablePrometheusMerge: + description: |- + If enabled, Istio agent will merge metrics exposed by the application with metrics from Envoy + and Istio agent. The sidecar injection will replace `prometheus.io` annotations present on the pod + and redirect them towards Istio agent, which will then merge metrics of from the application with Istio metrics. + This relies on the annotations `prometheus.io/scrape`, `prometheus.io/port`, and + `prometheus.io/path` annotations. + If you are running a separately managed Envoy with an Istio sidecar, this may cause issues, as the metrics will collide. + In this case, it is recommended to disable aggregation on that deployment with the + `prometheus.istio.io/merge-metrics: "false"` annotation. + If not specified, this will be enabled by default. + type: boolean + enableTracing: + description: |- + Flag to control generation of trace spans and request IDs. + Requires a trace span collector defined in the proxy configuration. + type: boolean + extensionProviders: + description: |- + Defines a list of extension providers that extend Istio's functionality. For example, the AuthorizationPolicy + can be used with an extension provider to delegate the authorization decision to a custom authorization system. + items: + properties: + datadog: + description: Configures a Datadog tracing provider. + properties: + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the Datadog agent. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "datadog.default.svc.cluster.local" or "bar/datadog.example.com". + type: string + required: + - port + - service + type: object + envoyExtAuthzGrpc: + description: Configures an external authorizer that + implements the Envoy ext_authz filter authorization + check service using the gRPC API. + properties: + failOpen: + description: |- + If true, the HTTP request or TCP connection will be allowed even if the communication with the authorization service has failed, + or if the authorization service has returned a HTTP 5xx error. + Default is false. For HTTP request, it will be rejected with 403 (HTTP Forbidden). For TCP connection, it will be closed immediately. + type: boolean + includeRequestBodyInCheck: + description: If set, the client request body will + be included in the authorization request sent + to the authorization service. + properties: + allowPartialMessage: + description: |- + When this field is true, ext-authz filter will buffer the message until max_request_bytes is reached. + The authorization request will be dispatched and no 413 HTTP error will be returned by the filter. + A "x-envoy-auth-partial-body: false|true" metadata header will be added to the authorization request message + indicating if the body data is partial. + type: boolean + maxRequestBytes: + description: |- + Sets the maximum size of a message body that the ext-authz filter will hold in memory. + If max_request_bytes is reached, and allow_partial_message is false, Envoy will return a 413 (Payload Too Large). + Otherwise the request will be sent to the provider with a partial message. + Note that this setting will have precedence over the fail_open field, the 413 will be returned even when the + fail_open is set to true. + format: int32 + type: integer + packAsBytes: + description: |- + If true, the body sent to the external authorization service in the gRPC authorization request is set with raw bytes + in the [raw_body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L153). + Otherwise, it will be filled with UTF-8 string in the [body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L147). + This field only works with the envoy_ext_authz_grpc provider and has no effect for the envoy_ext_authz_http provider. + type: boolean + type: object + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ext_authz gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "my-ext-authz.foo.svc.cluster.local" or "bar/my-ext-authz.example.com". + type: string + statusOnError: + description: |- + Sets the HTTP status that is returned to the client when there is a network error to the authorization service. + The default status is "403" (HTTP Forbidden). + type: string + timeout: + description: |- + The maximum duration that the proxy will wait for a response from the provider, this is the timeout for a specific request (default timeout: 600s). + When this timeout condition is met, the proxy marks the communication to the authorization service as failure. + In this situation, the response sent back to the client will depend on the configured `fail_open` field. + type: string + required: + - port + - service + type: object + envoyExtAuthzHttp: + description: Configures an external authorizer that + implements the Envoy ext_authz filter authorization + check service using the HTTP API. + properties: + failOpen: + description: |- + If true, the user request will be allowed even if the communication with the authorization service has failed, + or if the authorization service has returned a HTTP 5xx error. + Default is false and the request will be rejected with "Forbidden" response. + type: boolean + headersToDownstreamOnAllow: + description: |- + List of headers from the authorization service that should be forwarded to downstream when the authorization + check result is allowed (HTTP code 200). + If not specified, the original response will not be modified and forwarded to downstream as-is. + Note, any existing headers will be overridden. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + headersToDownstreamOnDeny: + description: |- + List of headers from the authorization service that should be forwarded to downstream when the authorization + check result is not allowed (HTTP code other than 200). + If not specified, all the authorization response headers, except *Authority (Host)* will be in the response to + the downstream. + When a header is included in this list, *Path*, *Status*, *Content-Length*, *WWWAuthenticate* and *Location* are + automatically added. + Note, the body from the authorization service is always included in the response to downstream. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + headersToUpstreamOnAllow: + description: |- + List of headers from the authorization service that should be added or overridden in the original request and + forwarded to the upstream when the authorization check result is allowed (HTTP code 200). + If not specified, the original request will not be modified and forwarded to backend as-is. + Note, any existing headers will be overridden. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + includeAdditionalHeadersInCheck: + additionalProperties: + type: string + description: |- + Set of additional fixed headers that should be included in the authorization request sent to the authorization service. + Key is the header name and value is the header value. + Note that client request of the same key or headers specified in include_request_headers_in_check will be overridden. + type: object + includeHeadersInCheck: + description: |- + DEPRECATED. Use include_request_headers_in_check instead. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + items: + type: string + type: array + includeRequestBodyInCheck: + description: If set, the client request body will + be included in the authorization request sent + to the authorization service. + properties: + allowPartialMessage: + description: |- + When this field is true, ext-authz filter will buffer the message until max_request_bytes is reached. + The authorization request will be dispatched and no 413 HTTP error will be returned by the filter. + A "x-envoy-auth-partial-body: false|true" metadata header will be added to the authorization request message + indicating if the body data is partial. + type: boolean + maxRequestBytes: + description: |- + Sets the maximum size of a message body that the ext-authz filter will hold in memory. + If max_request_bytes is reached, and allow_partial_message is false, Envoy will return a 413 (Payload Too Large). + Otherwise the request will be sent to the provider with a partial message. + Note that this setting will have precedence over the fail_open field, the 413 will be returned even when the + fail_open is set to true. + format: int32 + type: integer + packAsBytes: + description: |- + If true, the body sent to the external authorization service in the gRPC authorization request is set with raw bytes + in the [raw_body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L153). + Otherwise, it will be filled with UTF-8 string in the [body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L147). + This field only works with the envoy_ext_authz_grpc provider and has no effect for the envoy_ext_authz_http provider. + type: boolean + type: object + includeRequestHeadersInCheck: + description: |- + List of client request headers that should be included in the authorization request sent to the authorization service. + Note that in addition to the headers specified here following headers are included by default: + 1. *Host*, *Method*, *Path* and *Content-Length* are automatically sent. + 2. *Content-Length* will be set to 0 and the request will not have a message body. However, the authorization + request can include the buffered client request body (controlled by include_request_body_in_check setting), + consequently the value of Content-Length of the authorization request reflects the size of its payload size. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + pathPrefix: + description: |- + Sets a prefix to the value of authorization request header *Path*. + For example, setting this to "/check" for an original user request at path "/admin" will cause the + authorization check request to be sent to the authorization service at the path "/check/admin" instead of "/admin". + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ext_authz HTTP authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "my-ext-authz.foo.svc.cluster.local" or "bar/my-ext-authz.example.com". + type: string + statusOnError: + description: |- + Sets the HTTP status that is returned to the client when there is a network error to the authorization service. + The default status is "403" (HTTP Forbidden). + type: string + timeout: + description: |- + The maximum duration that the proxy will wait for a response from the provider (default timeout: 600s). + When this timeout condition is met, the proxy marks the communication to the authorization service as failure. + In this situation, the response sent back to the client will depend on the configured `fail_open` field. + type: string + required: + - port + - service + type: object + envoyFileAccessLog: + description: Configures an Envoy File Access Log provider. + properties: + logFormat: + description: Optional. Allows overriding of the + default access log format. + properties: + labels: + additionalProperties: + type: string + description: "JSON structured format for the + envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)\ncan + be used as values for fields within the Struct. + Values are rendered\nas strings, numbers, + or boolean values, as appropriate\n(see: [format + dictionaries](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-dictionaries)). + Nested JSON is\nsupported for some command + operators (e.g. `FILTER_STATE` or `DYNAMIC_METADATA`).\nUse + `labels: {}` for default envoy JSON log format.\n\nExample:\n```\nlabels:\n\n\tstatus: + \"%RESPONSE_CODE%\"\n\tmessage: \"%LOCAL_REPLY_BODY%\"\n\n```" + type: object + text: + description: |- + Textual format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be + used in the format. The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) + provides more information. + + NOTE: Istio will insert a newline ('\n') on all formats (if missing). + + Example: `text: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%"` + type: string + type: object + x-kubernetes-validations: + - message: At most one of [text labels] should be + set + rule: (has(self.text)?1:0) + (has(self.labels)?1:0) + <= 1 + path: + description: |- + Path to a local file to write the access log entries. + This may be used to write to streams, via `/dev/stderr` and `/dev/stdout` + If unspecified, defaults to `/dev/stdout`. + type: string + type: object + envoyHttpAls: + description: Configures an Envoy Access Logging Service + provider for HTTP traffic. + properties: + additionalRequestHeadersToLog: + description: Optional. Additional request headers + to log. + items: + type: string + type: array + additionalResponseHeadersToLog: + description: Optional. Additional response headers + to log. + items: + type: string + type: array + additionalResponseTrailersToLog: + description: Optional. Additional response trailers + to log. + items: + type: string + type: array + filterStateObjectsToLog: + description: Optional. Additional filter state objects + to log. + items: + type: string + type: array + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "http_envoy_accesslog" + - "listener_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + envoyOtelAls: + description: Configures an Envoy Open Telemetry Access + Logging Service provider. + properties: + logFormat: + description: |- + Optional. Format for the proxy access log + Empty value results in proxy's default access log format, following Envoy access logging formatting. + properties: + labels: + additionalProperties: + type: string + description: "Optional. Additional attributes + that describe the specific event occurrence.\nStructured + format for the envoy access logs. Envoy [command + operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)\ncan + be used as values for fields within the Struct. + Values are rendered\nas strings, numbers, + or boolean values, as appropriate\n(see: [format + dictionaries](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-dictionaries)). + Nested JSON is\nsupported for some command + operators (e.g. FILTER_STATE or DYNAMIC_METADATA).\nAlias + to `attributes` filed in [Open Telemetry](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto)\n\nExample:\n```\nlabels:\n\n\tstatus: + \"%RESPONSE_CODE%\"\n\tmessage: \"%LOCAL_REPLY_BODY%\"\n\n```" + type: object + text: + description: |- + Textual format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be + used in the format. The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) + provides more information. + Alias to `body` filed in [Open Telemetry](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto) + Example: `text: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%"` + type: string + type: object + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "otel_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + envoyTcpAls: + description: Configures an Envoy Access Logging Service + provider for TCP traffic. + properties: + filterStateObjectsToLog: + description: Optional. Additional filter state objects + to log. + items: + type: string + type: array + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "tcp_envoy_accesslog" + - "listener_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + lightstep: + description: |- + Configures a Lightstep tracing provider. + Deprecated: For Istio 1.15+, please use an OpenTelemetryTracingProvider instead, more details can be found at https://github.com/istio/istio/issues/40027 + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + properties: + accessToken: + description: The Lightstep access token. + type: string + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the Lightstep collector. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "lightstep.default.svc.cluster.local" or "bar/lightstep.example.com". + type: string + required: + - port + - service + type: object + name: + description: REQUIRED. A unique name identifying the + extension provider. + type: string + opencensus: + description: |- + Configures an OpenCensusAgent tracing provider. + Deprecated: OpenCensus is deprecated, more details can be found at https://opentelemetry.io/blog/2023/sunsetting-opencensus/ + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + properties: + context: + description: |- + Specifies the set of context propagation headers used for distributed + tracing. Default is `["W3C_TRACE_CONTEXT"]`. If multiple values are specified, + the proxy will attempt to read each header for each request and will + write all headers. + items: + description: |- + TraceContext selects the context propagation headers used for + distributed tracing. + enum: + - UNSPECIFIED + - W3C_TRACE_CONTEXT + - GRPC_BIN + - CLOUD_TRACE_CONTEXT + - B3 + type: string + type: array + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the OpenCensusAgent. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "ocagent.default.svc.cluster.local" or "bar/ocagent.example.com". + type: string + required: + - port + - service + type: object + opentelemetry: + description: Configures an OpenTelemetry tracing provider. + properties: + dynatraceSampler: + description: |- + The Dynatrace adaptive traffic management (ATM) sampler. + + Example configuration: + + ```yaml + - name: otel-tracing + opentelemetry: + port: 443 + service: "{your-environment-id}.live.dynatrace.com" + http: + path: "/api/v2/otlp/v1/traces" + timeout: 10s + headers: + - name: "Authorization" + value: "Api-Token dt0c01." + resource_detectors: + dynatrace: {} + dynatrace_sampler: + tenant: "{your-environment-id}" + cluster_id: 1234 + properties: + clusterId: + description: |- + REQUIRED. The identifier of the cluster in the Dynatrace platform. + The cluster here is Dynatrace-specific concept and not related to the cluster concept in Istio/Envoy. + + The value can be obtained from the Istio deployment page in Dynatrace. + format: int32 + type: integer + httpService: + description: |- + Optional. Dynatrace HTTP API to obtain sampling configuration. + + When not provided, the Dynatrace Sampler will re-use the configuration from the OpenTelemetryTracingProvider HTTP Exporter + (`service`, `port` and `http`), including the access token. + properties: + http: + description: REQUIRED. Specifies sampling + configuration URI. + properties: + headers: + description: |- + Optional. Allows specifying custom HTTP headers that will be added + to each HTTP request sent. + items: + properties: + name: + description: REQUIRED. The HTTP + header name. + type: string + value: + description: REQUIRED. The HTTP + header value. + type: string + required: + - name + - value + type: object + type: array + path: + description: REQUIRED. Specifies the + path on the service. + type: string + timeout: + description: |- + Optional. Specifies the timeout for the HTTP request. + If not specified, the default is 3s. + type: string + required: + - path + type: object + port: + description: REQUIRED. Specifies the port + of the service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the Dynatrace environment to obtain the sampling configuration. + The format is ``, where `` is the fully qualified Dynatrace environment + host name defined in the ServiceEntry. + + Example: "{your-environment-id}.live.dynatrace.com". + type: string + required: + - http + - port + - service + type: object + rootSpansPerMinute: + description: |- + Optional. Number of sampled spans per minute to be used + when the adaptive value cannot be obtained from the Dynatrace API. + + A default value of `1000` is used when: + + - `root_spans_per_minute` is unset + - `root_spans_per_minute` is set to 0 + format: int32 + type: integer + tenant: + description: |- + REQUIRED. The Dynatrace customer's tenant identifier. + + The value can be obtained from the Istio deployment page in Dynatrace. + type: string + required: + - clusterId + - tenant + type: object + http: + description: "Optional. Specifies the configuration + for exporting OTLP traces via HTTP.\nWhen empty, + traces will be exported via gRPC.\n\nThe following + example shows how to configure the OpenTelemetry + ExtensionProvider to export via HTTP:\n\n1. Add/change + the OpenTelemetry extension provider in `MeshConfig`\n```yaml\n + \ - name: otel-tracing\n opentelemetry:\n port: + 443\n service: my.olly-backend.com\n http:\n + \ path: \"/api/otlp/traces\"\n timeout: 10s\n + \ headers:\n - name: \"my-custom-header\"\n + \ value: \"some value\"\n\n```\n\n2. Deploy + a `ServiceEntry` for the observability back-end\n```yaml\napiVersion: + networking.istio.io/v1alpha3\nkind: ServiceEntry\nmetadata:\n\n\tname: + my-olly-backend\n\nspec:\n\n\thosts:\n\t- my.olly-backend.com\n\tports:\n\t- + number: 443\n\t name: https-port\n\t protocol: + HTTPS\n\tresolution: DNS\n\tlocation: MESH_EXTERNAL\n\n---\napiVersion: + networking.istio.io/v1alpha3\nkind: DestinationRule\nmetadata:\n\n\tname: + my-olly-backend\n\nspec:\n\n\thost: my.olly-backend.com\n\ttrafficPolicy:\n\t + \ portLevelSettings:\n\t - port:\n\t number: + 443\n\t tls:\n\t mode: SIMPLE\n\n```" + properties: + headers: + description: |- + Optional. Allows specifying custom HTTP headers that will be added + to each HTTP request sent. + items: + properties: + name: + description: REQUIRED. The HTTP header + name. + type: string + value: + description: REQUIRED. The HTTP header + value. + type: string + required: + - name + - value + type: object + type: array + path: + description: REQUIRED. Specifies the path on + the service. + type: string + timeout: + description: |- + Optional. Specifies the timeout for the HTTP request. + If not specified, the default is 3s. + type: string + required: + - path + type: object + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + resourceDetectors: + description: |- + Optional. Specifies [Resource Detectors](https://opentelemetry.io/docs/specs/otel/resource/sdk/) + to be used by the OpenTelemetry Tracer. When multiple resources are provided, they are merged + according to the OpenTelemetry [Resource specification](https://opentelemetry.io/docs/specs/otel/resource/sdk/#merge). + + The following example shows how to configure the Environment Resource Detector, that will + read the attributes from the environment variable `OTEL_RESOURCE_ATTRIBUTES`: + + ```yaml + - name: otel-tracing + opentelemetry: + port: 443 + service: my.olly-backend.com + resource_detectors: + environment: {} + + ``` + properties: + dynatrace: + description: |- + Dynatrace Resource Detector. + The resource detector reads from the Dynatrace enrichment files + and adds host/process related attributes to the OpenTelemetry resource. + + See: [Enrich ingested data with Dynatrace-specific dimensions](https://docs.dynatrace.com/docs/shortlink/enrichment-files) + type: object + environment: + description: |- + OpenTelemetry Environment Resource Detector. + The resource detector reads attributes from the environment variable `OTEL_RESOURCE_ATTRIBUTES` + and adds them to the OpenTelemetry resource. + + See: [Resource specification](https://opentelemetry.io/docs/specs/otel/resource/sdk/#specifying-resource-information-via-an-environment-variable) + type: object + type: object + service: + description: |- + REQUIRED. Specifies the OpenTelemetry endpoint that will receive OTLP traces. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "otlp.default.svc.cluster.local" or "bar/otlp.example.com". + type: string + required: + - port + - service + type: object + x-kubernetes-validations: + - message: At most one of [dynatraceSampler] should + be set + rule: (has(self.dynatraceSampler)?1:0) <= 1 + prometheus: + description: Configures a Prometheus metrics provider. + type: object + skywalking: + description: Configures a Apache SkyWalking provider. + properties: + accessToken: + description: Optional. The SkyWalking OAP access + token. + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the SkyWalking receiver. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "skywalking.default.svc.cluster.local" or "bar/skywalking.example.com". + type: string + required: + - port + - service + type: object + stackdriver: + description: Configures a Stackdriver provider. + properties: + debug: + description: |- + debug enables trace output to stdout. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + type: boolean + logging: + description: Optional. Controls Stackdriver logging + behavior. + properties: + labels: + additionalProperties: + type: string + description: "Collection of tag names and tag + expressions to include in the log\nentry. + Conflicts are resolved by the tag name by + overriding previously\nsupplied values.\n\nExample:\n\n\tlabels:\n\t + \ path: request.url_path\n\t foo: request.headers['x-foo']" + type: object + type: object + maxNumberOfAnnotations: + description: |- + The global default max number of annotation events per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxNumberOfAttributes: + description: |- + The global default max number of attributes per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxNumberOfMessageEvents: + description: |- + The global default max number of message events per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + type: object + zipkin: + description: Configures a tracing provider that uses + the Zipkin API. + properties: + enable64bitTraceId: + description: |- + Optional. A 128 bit trace id will be used in Istio. + If true, will result in a 64 bit trace id being used. + type: boolean + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that the Zipkin API. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "zipkin.default.svc.cluster.local" or "bar/zipkin.example.com". + type: string + required: + - port + - service + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: At most one of [envoyExtAuthzHttp envoyExtAuthzGrpc + zipkin lightstep datadog stackdriver opencensus skywalking + opentelemetry prometheus envoyFileAccessLog envoyHttpAls + envoyTcpAls envoyOtelAls] should be set + rule: (has(self.envoyExtAuthzHttp)?1:0) + (has(self.envoyExtAuthzGrpc)?1:0) + + (has(self.zipkin)?1:0) + (has(self.lightstep)?1:0) + + (has(self.datadog)?1:0) + (has(self.stackdriver)?1:0) + + (has(self.opencensus)?1:0) + (has(self.skywalking)?1:0) + + (has(self.opentelemetry)?1:0) + (has(self.prometheus)?1:0) + + (has(self.envoyFileAccessLog)?1:0) + (has(self.envoyHttpAls)?1:0) + + (has(self.envoyTcpAls)?1:0) + (has(self.envoyOtelAls)?1:0) + <= 1 + maxItems: 1000 + type: array + h2UpgradePolicy: + description: |- + Specify if http1.1 connections should be upgraded to http2 by default. + if sidecar is installed on all pods in the mesh, then this should be set to `UPGRADE`. + If one or more services or namespaces do not have sidecar(s), then this should be set to `DO_NOT_UPGRADE`. + It can be enabled by destination using the `destinationRule.trafficPolicy.connectionPool.http.h2UpgradePolicy` override. + enum: + - DO_NOT_UPGRADE + - UPGRADE + type: string + inboundClusterStatName: + description: |- + Name to be used while emitting statistics for inbound clusters. The same pattern is used while computing stat prefix for + network filters like TCP and Redis. + By default, Istio emits statistics with the pattern `inbound|||`. + For example `inbound|7443|grpc-reviews|reviews.prod.svc.cluster.local`. This can be used to override that pattern. + + A Pattern can be composed of various pre-defined variables. The following variables are supported. + + - `%SERVICE%` - Will be substituted with short hostname of the service. + - `%SERVICE_NAME%` - Will be substituted with name of the service. + - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. + - `%SERVICE_PORT%` - Will be substituted with port of the service. + - `%TARGET_PORT%` - Will be substituted with the target port of the service. + - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. + + Following are some examples of supported patterns for reviews: + + - `%SERVICE_FQDN%_%SERVICE_PORT%` will use reviews.prod.svc.cluster.local_7443 as the stats name. + - `%SERVICE%` will use reviews.prod as the stats name. + type: string + inboundTrafficPolicy: + description: |- + Set the default behavior of the sidecar for handling inbound + traffic to the application. If your application listens on + localhost, you will need to set this to `LOCALHOST`. + properties: + mode: + enum: + - PASSTHROUGH + - LOCALHOST + type: string + type: object + ingressClass: + description: |- + Class of ingress resources to be processed by Istio ingress + controller. This corresponds to the value of + `kubernetes.io/ingress.class` annotation. + type: string + ingressControllerMode: + description: |- + Defines whether to use Istio ingress controller for annotated or all ingress resources. + Default mode is `STRICT`. + enum: + - UNSPECIFIED + - "OFF" + - DEFAULT + - STRICT + type: string + ingressSelector: + description: |- + Defines which gateway deployment to use as the Ingress controller. This field corresponds to + the Gateway.selector field, and will be set as `istio: INGRESS_SELECTOR`. + By default, `ingressgateway` is used, which will select the default IngressGateway as it has the + `istio: ingressgateway` labels. + It is recommended that this is the same value as ingress_service. + type: string + ingressService: + description: |- + Name of the Kubernetes service used for the istio ingress controller. + If no ingress controller is specified, the default value `istio-ingressgateway` is used. + type: string + localityLbSetting: + description: |- + Locality based load balancing distribution or failover settings. + If unspecified, locality based load balancing will be enabled by default. + However, this requires outlierDetection to actually take effect for a particular + service, see https://istio.io/latest/docs/tasks/traffic-management/locality-load-balancing/failover/ + properties: + distribute: + description: |- + Optional: only one of distribute, failover or failoverPriority can be set. + Explicitly specify loadbalancing weight across different zones and geographical locations. + Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) + If empty, the locality weight is set according to the endpoints number within it. + items: + description: |- + Describes how traffic originating in the 'from' zone or sub-zone is + distributed over a set of 'to' zones. Syntax for specifying a zone is + {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any + segment of the specification. Examples: + + `*` - matches all localities + + `us-west/*` - all zones and sub-zones within the us-west region + + `us-west/zone-1/*` - all sub-zones within us-west/zone-1 + properties: + from: + description: Originating locality, '/' separated, + e.g. 'region/zone/sub_zone'. + type: string + to: + additionalProperties: + format: int32 + type: integer + description: |- + Map of upstream localities to traffic distribution weights. The sum of + all weights should be 100. Any locality not present will + receive no traffic. + type: object + type: object + type: array + enabled: + description: |- + enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. + e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. + type: boolean + failover: + description: |- + Optional: only one of distribute, failover or failoverPriority can be set. + Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. + Should be used together with OutlierDetection to detect unhealthy endpoints. + Note: if no OutlierDetection specified, this will not take effect. + items: + description: |- + Specify the traffic failover policy across regions. Since zone and sub-zone + failover is supported by default this only needs to be specified for + regions when the operator needs to constrain traffic failover so that + the default behavior of failing over to any endpoint globally does not + apply. This is useful when failing over traffic across regions would not + improve service health or may need to be restricted for other reasons + like regulatory controls. + properties: + from: + description: Originating region. + type: string + to: + description: |- + Destination region the traffic will fail over to when endpoints in + the 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: |- + failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. + This is to support traffic failover across different groups of endpoints. + Two kinds of labels can be specified: + + - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. + Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: + + 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. + 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. + 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. + 4. All the other endpoints have priority P(N) i.e. lowest priority. + + - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. + Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: + + 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. + 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. + 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. + 4. All the other endpoints have priority P(N) i.e. lowest priority. + + Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. + + It can be any label specified on both client and server workloads. + The following labels which have special semantic meaning are also supported: + + - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. + - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. + - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. + - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. + - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. + + The below topology config indicates the following priority levels: + + ```yaml + failoverPriority: + - "topology.istio.io/network" + - "topology.kubernetes.io/region" + - "topology.kubernetes.io/zone" + - "topology.istio.io/subzone" + ``` + + 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. + 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. + 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. + 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. + 5. all the other endpoints have the same lowest priority. + + Suppose a service associated endpoints reside in multi clusters, the below example represents: + 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. + 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. + 2. all the other endpoints have P(2) priority. + + ```yaml + failoverPriority: + - "version=v1" + - "topology.istio.io/cluster=clusterA" + ``` + + Optional: only one of distribute, failover or failoverPriority can be set. + And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. + items: + type: string + type: array + type: object + meshMTLS: + description: "The below configuration parameters can be used + to specify TLSConfig for mesh traffic.\nFor example, a user + could enable min TLS version for ISTIO_MUTUAL traffic and + specify a curve for non ISTIO_MUTUAL traffic like below:\n```yaml\nmeshConfig:\n\n\tmeshMTLS:\n\t + \ minProtocolVersion: TLSV1_3\n\ttlsDefaults:\n\t Note: + applicable only for non ISTIO_MUTUAL scenarios\n\t ecdhCurves:\n\t + \ - P-256\n\t - P-512\n\n```\nConfiguration of mTLS + for traffic between workloads with ISTIO_MUTUAL TLS traffic.\n\nNote: + Mesh mTLS does not respect ECDH curves." + properties: + cipherSuites: + description: |- + Optional: If specified, the TLS connection will only support the specified cipher list when negotiating TLS 1.0-1.2. + If not specified, the following cipher suites will be used: + ``` + ECDHE-ECDSA-AES256-GCM-SHA384 + ECDHE-RSA-AES256-GCM-SHA384 + ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-RSA-AES128-GCM-SHA256 + AES256-GCM-SHA384 + AES128-GCM-SHA256 + ``` + items: + type: string + type: array + ecdhCurves: + description: |- + Optional: If specified, the TLS connection will only support the specified ECDH curves for the DH key exchange. + If not specified, the default curves enforced by Envoy will be used. For details about the default curves, refer to + [Ecdh Curves](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + items: + type: string + type: array + minProtocolVersion: + description: |- + Optional: the minimum TLS protocol version. The default minimum + TLS version will be TLS 1.2. As servers may not be Envoy and be + set to TLS 1.2 (e.g., workloads using mTLS without sidecars), the + minimum TLS version for clients may also be TLS 1.2. + In the current Istio implementation, the maximum TLS protocol version + is TLS 1.3. + enum: + - TLS_AUTO + - TLSV1_2 + - TLSV1_3 + type: string + type: object + outboundClusterStatName: + description: |- + Name to be used while emitting statistics for outbound clusters. The same pattern is used while computing stat prefix for + network filters like TCP and Redis. + By default, Istio emits statistics with the pattern `outbound|||`. + For example `outbound|8080|v2|reviews.prod.svc.cluster.local`. This can be used to override that pattern. + + A Pattern can be composed of various pre-defined variables. The following variables are supported. + + - `%SERVICE%` - Will be substituted with short hostname of the service. + - `%SERVICE_NAME%` - Will be substituted with name of the service. + - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. + - `%SERVICE_PORT%` - Will be substituted with port of the service. + - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. + - `%SUBSET_NAME%` - Will be substituted with subset. + + Following are some examples of supported patterns for reviews: + + - `%SERVICE_FQDN%_%SERVICE_PORT%` will use `reviews.prod.svc.cluster.local_7443` as the stats name. + - `%SERVICE%` will use reviews.prod as the stats name. + type: string + outboundTrafficPolicy: + description: |- + Set the default behavior of the sidecar for handling outbound + traffic from the application. + + Can be overridden at a Sidecar level by setting the `OutboundTrafficPolicy` in the + [Sidecar API](https://istio.io/docs/reference/config/networking/sidecar/#OutboundTrafficPolicy). + + Default mode is `ALLOW_ANY`, which means outbound traffic to unknown destinations will be allowed. + properties: + mode: + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + pathNormalization: + description: |- + ProxyPathNormalization configures how URL paths in incoming and outgoing HTTP requests are + normalized by the sidecars and gateways. + The normalized paths will be used in all aspects through the requests' lifetime on the + sidecars and gateways, which includes routing decisions in outbound direction (client proxy), + authorization policy match and enforcement in inbound direction (server proxy), and the URL + path proxied to the upstream service. + If not set, the NormalizationType.DEFAULT configuration will be used. + properties: + normalization: + enum: + - DEFAULT + - NONE + - BASE + - MERGE_SLASHES + - DECODE_AND_MERGE_SLASHES + type: string + type: object + protocolDetectionTimeout: + description: |- + Automatic protocol detection uses a set of heuristics to + determine whether the connection is using TLS or not (on the + server side), as well as the application protocol being used + (e.g., http vs tcp). These heuristics rely on the client sending + the first bits of data. For server first protocols like MySQL, + MongoDB, etc. Envoy will timeout on the protocol detection after + the specified period, defaulting to non mTLS plain TCP + traffic. Set this field to tweak the period that Envoy will wait + for the client to send the first bits of data. (MUST BE >=1ms or + 0s to disable). Default detection timeout is 0s (no timeout). + + Setting a timeout is not recommended nor safe. Even high timeouts (>5s) will be hit + occasionally, and when they occur the result is typically broken traffic that may not + recover on its own. Exceptionally high values might solve this, but injecting 60s delays + onto new connections is generally not tenable anyways. + type: string + proxyHttpPort: + description: Port on which Envoy should listen for HTTP PROXY + requests if set. + format: int32 + type: integer + proxyInboundListenPort: + description: |- + Port on which Envoy should listen for all inbound traffic to the pod/vm will be captured to. + Default port is 15006. + format: int32 + type: integer + proxyListenPort: + description: |- + Port on which Envoy should listen for all outbound traffic to other services. + Default port is 15001. + format: int32 + type: integer + rootNamespace: + description: |- + The namespace to treat as the administrative root namespace for + Istio configuration. When processing a leaf namespace Istio will search for + declarations in that namespace first and if none are found it will + search in the root namespace. Any matching declaration found in the root + namespace is processed as if it were declared in the leaf namespace. + + The precise semantics of this processing are documented on each resource + type. + type: string + serviceSettings: + description: Settings to be applied to select services. + items: + description: |- + Settings to be applied to select services. + + For example, the following configures all services in namespace "foo" as well as the + "bar" service in namespace "baz" to be considered cluster-local: + + ```yaml + serviceSettings: + - settings: + cluster_local: true + hosts: + - "*.foo.svc.cluster.local" + - "bar.baz.svc.cluster.local" + + ``` + properties: + hosts: + description: |- + The services to which the Settings should be applied. Services are selected using the hostname + matching rules used by DestinationRule. + + For example: foo.bar.svc.cluster.local, *.baz.svc.cluster.local + items: + type: string + type: array + settings: + description: The settings to apply to the selected services. + properties: + clusterLocal: + description: |- + If true, specifies that the client and service endpoints must reside in the same cluster. + By default, in multi-cluster deployments, the Istio control plane assumes all service + endpoints to be reachable from any client in any of the clusters which are part of the + mesh. This configuration option limits the set of service endpoints visible to a client + to be cluster scoped. + + There are some common scenarios when this can be useful: + + - A service (or group of services) is inherently local to the cluster and has local storage + for that cluster. For example, the kube-system namespace (e.g. the Kube API Server). + - A mesh administrator wants to slowly migrate services to Istio. They might start by first + having services cluster-local and then slowly transition them to mesh-wide. They could do + this service-by-service (e.g. mysvc.myns.svc.cluster.local) or as a group + (e.g. *.myns.svc.cluster.local). + + By default Istio will consider kubernetes.default.svc (i.e. the API Server) as well as all + services in the kube-system namespace to be cluster-local, unless explicitly overridden here. + type: boolean + type: object + type: object + type: array + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the socket + to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsDefaults: + description: |- + Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. + Currently, this supports configuration of ecdh_curves and cipher_suites only. + For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. + properties: + cipherSuites: + description: |- + Optional: If specified, the TLS connection will only support the specified cipher list when negotiating TLS 1.0-1.2. + If not specified, the following cipher suites will be used: + ``` + ECDHE-ECDSA-AES256-GCM-SHA384 + ECDHE-RSA-AES256-GCM-SHA384 + ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-RSA-AES128-GCM-SHA256 + AES256-GCM-SHA384 + AES128-GCM-SHA256 + ``` + items: + type: string + type: array + ecdhCurves: + description: |- + Optional: If specified, the TLS connection will only support the specified ECDH curves for the DH key exchange. + If not specified, the default curves enforced by Envoy will be used. For details about the default curves, refer to + [Ecdh Curves](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + items: + type: string + type: array + minProtocolVersion: + description: |- + Optional: the minimum TLS protocol version. The default minimum + TLS version will be TLS 1.2. As servers may not be Envoy and be + set to TLS 1.2 (e.g., workloads using mTLS without sidecars), the + minimum TLS version for clients may also be TLS 1.2. + In the current Istio implementation, the maximum TLS protocol version + is TLS 1.3. + enum: + - TLS_AUTO + - TLSV1_2 + - TLSV1_3 + type: string + type: object + trustDomain: + description: |- + The trust domain corresponds to the trust root of a system. + Refer to [SPIFFE-ID](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain) + type: string + trustDomainAliases: + description: |- + The trust domain aliases represent the aliases of `trust_domain`. + For example, if we have + ```yaml + trustDomain: td1 + trustDomainAliases: ["td2", "td3"] + ``` + Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`, + or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh. + items: + type: string + type: array + verifyCertificateAtClient: + description: |- + `VerifyCertificateAtClient` sets the mesh global default for peer certificate validation + at the client-side proxy when `SIMPLE` TLS or `MUTUAL` TLS (non `ISTIO_MUTUAL`) origination + modes are used. This setting can be overridden at the host level via DestinationRule API. + By default, `VerifyCertificateAtClient` is `true`. + + `CaCertificates`: If set, proxy verifies CA signature based on given CaCertificates. If unset, + and VerifyCertificateAtClient is true, proxy uses default System CA bundle. If unset and + `VerifyCertificateAtClient` is false, proxy will not verify the CA. + + `SubjectAltNames`: If set, proxy verifies subject alt names are present in the SAN. If unset, + and `VerifyCertificateAtClient` is true, proxy uses host in destination rule to verify the SANs. + If unset, and `VerifyCertificateAtClient` is false, proxy does not verify SANs. + + For SAN, client-side proxy will exact match host in `DestinationRule` as well as one level + wildcard if the specified host in DestinationRule doesn't contain a wildcard. + For example, if the host in `DestinationRule` is `x.y.com`, client-side proxy will + match either `x.y.com` or `*.y.com` for the SAN in the presented server certificate. + For wildcard host name in DestinationRule, client-side proxy will do a suffix match. For example, + if host is `*.x.y.com`, client-side proxy will verify the presented server certificate SAN matches + “.x.y.com` suffix. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + type: boolean + type: object + pilot: + description: Configuration for the Pilot component. + properties: + affinity: + description: K8s affinity to set on the Pilot Pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + autoscaleBehavior: + description: See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configurable-scaling-behavior + properties: + scaleDown: + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + scaleUp: + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + type: object + autoscaleEnabled: + description: Controls whether a HorizontalPodAutoscaler is + installed for Pilot. + type: boolean + autoscaleMax: + description: Maximum number of replicas in the HorizontalPodAutoscaler + for Pilot. + format: int32 + type: integer + autoscaleMin: + description: Minimum number of replicas in the HorizontalPodAutoscaler + for Pilot. + format: int32 + type: integer + cni: + description: Configures whether to use an existing CNI installation + for workloads + properties: + enabled: + description: Controls whether CNI should be used. + type: boolean + provider: + description: |- + Specifies the CNI provider. Can be either "default" or "multus". When set to "multus", an annotation + `k8s.v1.cni.cncf.io/networks` is set on injected pods to point to a NetworkAttachmentDefinition + type: string + type: object + configMap: + description: |- + Configuration settings passed to Pilot as a ConfigMap. + + This controls whether the mesh config map, generated from values.yaml is generated. + If false, pilot wil use default values or user-supplied values, in that order of preference. + type: boolean + cpu: + description: |- + Target CPU utilization used in HorizontalPodAutoscaler. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + targetAverageUtilization: + description: |- + K8s utilization setting for HorizontalPodAutoscaler target. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + format: int32 + type: integer + type: object + deploymentLabels: + additionalProperties: + type: string + description: |- + Labels that are added to Pilot deployment. + + See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + enabled: + description: Controls whether Pilot is enabled. + type: boolean + env: + additionalProperties: + type: string + description: "Environment variables passed to the Pilot container.\n\nExamples:\nenv:\n\n\tENV_VAR_1: + value1\n\tENV_VAR_2: value2" + type: object + extraContainerArgs: + description: Additional container arguments for the Pilot + container. + items: + type: string + type: array + hub: + description: Hub to pull the container image from. Image will + be `Hub/Image:Tag-Variant`. + type: string + image: + description: |- + Image name used for Pilot. + + This can be set either to image name if hub is also set, or can be set to the full hub:name string. + + Examples: custom-pilot, docker.io/someuser:custom-pilot + type: string + ipFamilies: + description: |- + Defines which IP family to use for single stack or the order of IP families for dual-stack. + Valid list items are "IPv4", "IPv6". + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + items: + type: string + type: array + ipFamilyPolicy: + description: |- + Controls whether Services are configured to use IPv4, IPv6, or both. Valid options + are PreferDualStack, RequireDualStack, and SingleStack. + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + type: string + jwksResolverExtraRootCA: + description: |- + Specifies an extra root certificate in PEM format. This certificate will be trusted + by pilot when resolving JWKS URIs. + type: string + keepaliveMaxServerConnectionAge: + description: |- + Maximum duration that a sidecar can be connected to a pilot. + + This setting balances out load across pilot instances, but adds some resource overhead. + + Examples: 300s, 30m, 1h + type: string + memory: + description: |- + Target memory utilization used in HorizontalPodAutoscaler. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + targetAverageUtilization: + description: |- + K8s utilization setting for HorizontalPodAutoscaler target. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + K8s node selector. + + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + podAnnotations: + additionalProperties: + type: string + description: |- + K8s annotations for pods. + + See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + podLabels: + additionalProperties: + type: string + description: |- + Labels that are added to Pilot pods. + + See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + replicaCount: + description: |- + Number of replicas in the Pilot Deployment. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + format: int32 + type: integer + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + rollingMaxSurge: + anyOf: + - type: integer + - type: string + description: |- + K8s rolling update strategy + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + x-kubernetes-int-or-string: true + rollingMaxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The number of pods that can be unavailable during a rolling update (see + `strategy.rollingUpdate.maxUnavailable` here: + https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec). + May be specified as a number of pods or as a percent of the total number + of pods at the start of the update. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + x-kubernetes-int-or-string: true + seccompProfile: + description: |- + The seccompProfile for the Pilot container. + + See: https://kubernetes.io/docs/tutorials/security/seccomp/ + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + description: K8s annotations for the service account + type: object + serviceAnnotations: + additionalProperties: + type: string + description: |- + K8s annotations for the Service. + + See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + tag: + description: The container image tag to pull. Image will be + `Hub/Image:Tag-Variant`. + type: string + taint: + properties: + enabled: + description: |- + Enable the untaint controller for new nodes. This aims to solve a race for CNI installation on + new nodes. For this to work, the newly added nodes need to have the istio CNI taint as they are + added to the cluster. This is usually done by configuring the cluster infra provider. + type: boolean + namespace: + description: The namespace of the CNI daemonset, incase + it's not the same as istiod. + type: string + type: object + tolerations: + description: |- + The node tolerations to be applied to the Pilot deployment so that it can be + scheduled to particular nodes with matching taints. + More info: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: The k8s topologySpreadConstraints for the Pilot + pods. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + traceSampling: + description: |- + Trace sampling fraction. + + Used to set the fraction of time that traces are sampled. Higher values are more accurate but add CPU overhead. + + Allowed values: 0.0 to 1.0 + type: number + trustedZtunnelNamespace: + description: |- + If set, `istiod` will allow connections from trusted node proxy ztunnels + in the provided namespace. + type: string + variant: + description: The container image variant to pull. Options + are "debug" or "distroless". Unset will use the default + for the given version. + type: string + volumeMounts: + description: Additional volumeMounts to add to the Pilot container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Additional volumes to add to the Pilot Pod. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + profile: + description: Specifies which installation configuration profile + to apply. + type: string + revision: + description: Identifies the revision this installation is associated + with. + type: string + revisionTags: + description: |- + Specifies the aliases for the Istio control plane revision. A MutatingWebhookConfiguration + is created for each alias. + items: + type: string + type: array + sidecarInjectorWebhook: + description: Configuration for the sidecar injector webhook. + properties: + alwaysInjectSelector: + description: See NeverInjectSelector. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + defaultTemplates: + description: 'defaultTemplates: ["sidecar", "hello"]' + items: + type: string + type: array + enableNamespacesByDefault: + description: Enables sidecar auto-injection in namespaces + by default. + type: boolean + injectedAnnotations: + additionalProperties: + type: string + description: |- + injectedAnnotations are additional annotations that will be added to the pod spec after injection + This is primarily to support PSP annotations. + type: object + injectionURL: + description: Configure the injection url for sidecar injector + webhook + type: string + neverInjectSelector: + description: |- + Instructs Istio to not inject the sidecar on those pods, based on labels that are present in those pods. + + Annotations in the pods have higher precedence than the label selectors. + Order of evaluation: Pod Annotations → NeverInjectSelector → AlwaysInjectSelector → Default Policy. + See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + reinvocationPolicy: + description: 'Setting this to `IfNeeded` will result in the + sidecar injector being run again if additional mutations + occur. Default: Never' + type: string + rewriteAppHTTPProbe: + description: If true, webhook or istioctl injector will rewrite + PodSpec for liveness health check to redirect request to + sidecar. This makes liveness check work even when mTLS is + enabled. + type: boolean + templates: + additionalProperties: + type: string + description: "Templates defines a set of custom injection + templates that can be used. For example, defining:\n\ntemplates:\n\n\thello: + |\n\t metadata:\n\t labels:\n\t hello: world\n\nThen + starting a pod with the `inject.istio.io/templates: hello` + annotation, will result in the pod\nbeing injected with + the hello=world labels.\nThis is intended for advanced configuration + only; most users should use the built in template" + type: object + type: object + telemetry: + description: Controls whether telemetry is exported for Pilot. + properties: + enabled: + description: Controls whether telemetry is exported for Pilot. + type: boolean + v2: + description: Configuration for Telemetry v2. + properties: + enabled: + description: Controls whether pilot will configure telemetry + v2. + type: boolean + prometheus: + description: Telemetry v2 settings for prometheus. + properties: + enabled: + description: Controls whether stats envoyfilter would + be enabled or not. + type: boolean + type: object + stackdriver: + description: Telemetry v2 settings for stackdriver. + properties: + enabled: + type: boolean + type: object + type: object + type: object + type: object + version: + description: |- + Defines the version of Istio to install. + Must be one of: v1.23.0, v1.22.4. + enum: + - v1.23.0 + - v1.22.4 + type: string + required: + - namespace + - type + - version + type: object + x-kubernetes-validations: + - message: spec.values.global.istioNamespace must match spec.namespace + rule: self.values.global.istioNamespace == self.__namespace__ + status: + description: IstioRevisionStatus defines the observed state of IstioRevision + properties: + conditions: + description: Represents the latest available observations of the object's + current state. + items: + description: IstioRevisionCondition represents a specific observation + of the IstioRevision object's state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + the last transition. + type: string + reason: + description: Unique, single-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: The status of this condition. Can be True, False + or Unknown. + type: string + type: + description: The type of this condition. + type: string + type: object + type: array + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this + IstioRevision object. It corresponds to the object's generation, which is + updated on mutation by the API Server. The information in the status + pertains to this particular generation of the object. + format: int64 + type: integer + state: + description: Reports the current state of the object. + type: string + type: object + type: object + x-kubernetes-validations: + - message: spec.values.revision must match metadata.name + rule: 'self.metadata.name == ''default'' ? (!has(self.spec.values.revision) + || size(self.spec.values.revision) == 0) : self.spec.values.revision == + self.metadata.name' + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/sailoperator.io_istios.yaml b/operators/sailoperator/0.1.0/manifests/sailoperator.io_istios.yaml new file mode 100644 index 00000000000..76a80db35dc --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/sailoperator.io_istios.yaml @@ -0,0 +1,8073 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.0 + creationTimestamp: null + name: istios.sailoperator.io +spec: + group: sailoperator.io + names: + categories: + - istio-io + kind: Istio + listKind: IstioList + plural: istios + singular: istio + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Total number of IstioRevision objects currently associated with + this object. + jsonPath: .status.revisions.total + name: Revisions + type: string + - description: Number of revisions that are ready. + jsonPath: .status.revisions.ready + name: Ready + type: string + - description: Number of revisions that are currently being used by workloads. + jsonPath: .status.revisions.inUse + name: In use + type: string + - description: The current state of the active revision. + jsonPath: .status.state + name: Active Revision + type: string + - description: The version of the control plane installation. + jsonPath: .spec.version + name: Version + type: string + - description: The age of the object + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + Istio represents an Istio Service Mesh deployment consisting of one or more + control plane instances (represented by one or more IstioRevision objects). + To deploy an Istio Service Mesh, a user creates an Istio object with the + desired Istio version and configuration. The operator then creates + an IstioRevision object, which in turn creates the underlying Deployment + objects for istiod and other control plane components, similar to how a + Deployment object in Kubernetes creates ReplicaSets that create the Pods. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: + namespace: istio-system + updateStrategy: + type: InPlace + version: v1.23.0 + description: IstioSpec defines the desired state of Istio + properties: + namespace: + default: istio-system + description: Namespace to which the Istio components should be installed. + type: string + profile: + description: |- + The built-in installation configuration profile to use. + The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. + Must be one of: ambient, default, demo, empty, openshift-ambient, openshift, preview, stable. + enum: + - ambient + - default + - demo + - empty + - openshift-ambient + - openshift + - preview + - stable + type: string + updateStrategy: + default: + type: InPlace + description: Defines the update strategy to use when the version in + the Istio CR is updated. + properties: + inactiveRevisionDeletionGracePeriodSeconds: + description: |- + Defines how many seconds the operator should wait before removing a non-active revision after all + the workloads have stopped using it. You may want to set this value on the order of minutes. + The minimum and the default value is 30. + format: int64 + minimum: 30 + type: integer + type: + default: InPlace + description: "Type of strategy to use. Can be \"InPlace\" or \"RevisionBased\". + When the \"InPlace\" strategy\nis used, the existing Istio control + plane is updated in-place. The workloads therefore\ndon't need + to be moved from one control plane instance to another. When + the \"RevisionBased\"\nstrategy is used, a new Istio control + plane instance is created for every change to the\nIstio.spec.version + field. The old control plane remains in place until all workloads + have\nbeen moved to the new control plane instance.\n\nThe \"InPlace\" + strategy is the default.\tTODO: change default to \"RevisionBased\"" + enum: + - InPlace + - RevisionBased + type: string + updateWorkloads: + description: |- + Defines whether the workloads should be moved from one control plane instance to another + automatically. If updateWorkloads is true, the operator moves the workloads from the old + control plane instance to the new one after the new control plane is ready. + If updateWorkloads is false, the user must move the workloads manually by updating the + istio.io/rev labels on the namespace and/or the pods. + Defaults to false. + type: boolean + type: object + values: + description: Defines the values to be passed to the Helm charts when + installing Istio. + properties: + base: + description: Configuration for the base component. + properties: + validationCABundle: + description: validation webhook CA bundle + type: string + validationURL: + description: URL to use for validating webhook. + type: string + type: object + compatibilityVersion: + description: |- + Specifies the compatibility version to use. When this is set, the control plane will + be configured with the same defaults as the specified version. + type: string + defaultRevision: + description: The name of the default revision in the cluster. + type: string + experimental: + description: Specifies experimental helm fields that could be + removed or changed in the future + x-kubernetes-preserve-unknown-fields: true + global: + description: Global configuration for Istio components. + properties: + arch: + description: "Specifies pod scheduling arch(amd64, ppc64le, + s390x, arm64) and weight as follows:\n\n\t0 - Never scheduled\n\t1 + - Least preferred\n\t2 - No preference\n\t3 - Most preferred\n\nDeprecated: + replaced by the affinity k8s settings which allows architecture + nodeAffinity configuration of this behavior.\n\nDeprecated: + Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto." + properties: + amd64: + description: Sets pod scheduling weight for amd64 arch + format: int32 + type: integer + arm64: + description: Sets pod scheduling weight for arm64 arch. + format: int32 + type: integer + ppc64le: + description: Sets pod scheduling weight for ppc64le arch. + format: int32 + type: integer + s390x: + description: Sets pod scheduling weight for s390x arch. + format: int32 + type: integer + type: object + caAddress: + description: The address of the CA for CSR. + type: string + caName: + description: |- + The name of the CA for workloads. + For example, when caName=GkeWorkloadCertificate, GKE workload certificates + will be used as the certificates for workloads. + The default value is "" and when caName="", the CA will be configured by other + mechanisms (e.g., environmental variable CA_PROVIDER). + type: string + certSigners: + description: List of certSigners to allow "approve" action + in the ClusterRole + items: + type: string + type: array + configCluster: + description: Controls whether a remote cluster is the config + cluster for an external istiod + type: boolean + configValidation: + description: Controls whether the server-side validation is + enabled. + type: boolean + defaultNodeSelector: + additionalProperties: + type: string + description: |- + Default k8s node selector for all the Istio control plane components + + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + defaultPodDisruptionBudget: + description: |- + Specifies the default pod disruption budget configuration. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + enabled: + description: Controls whether a PodDisruptionBudget with + a default minAvailable value of 1 is created for each + deployment. + type: boolean + type: object + defaultResources: + description: |- + Default k8s resources settings for all Istio control plane components. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + defaultTolerations: + description: |- + Default node tolerations to be applied to all deployments so that all pods can be + scheduled to nodes with matching taints. Each component can overwrite + these default values by adding its tolerations block in the relevant section below + and setting the desired values. + Configure this field in case that all pods of Istio control plane are expected to + be scheduled to particular nodes with specified taints. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + externalIstiod: + description: Controls whether one external istiod is enabled. + type: boolean + hub: + description: Specifies the docker hub for Istio images. + type: string + imagePullPolicy: + description: |- + Specifies the image pull policy for the Istio images. one of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. + + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: |- + ImagePullSecrets for the control plane ServiceAccount, list of secrets in the same namespace + to use for pulling any images in pods that reference this ServiceAccount. + Must be set for any cluster configured with private docker registry. + items: + type: string + type: array + ipFamilies: + description: |- + Defines which IP family to use for single stack or the order of IP families for dual-stack. + Valid list items are "IPv4", "IPv6". + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + items: + type: string + type: array + ipFamilyPolicy: + description: |- + Controls whether Services are configured to use IPv4, IPv6, or both. Valid options + are PreferDualStack, RequireDualStack, and SingleStack. + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + type: string + istioNamespace: + description: Specifies the default namespace for the Istio + control plane components. + type: string + istiod: + description: Specifies the configution of istiod + properties: + enableAnalysis: + description: If enabled, istiod will perform config analysis + type: boolean + type: object + jwtPolicy: + description: |- + Configure the policy for validating JWT. + This is deprecated and has no effect. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: string + logAsJson: + description: Specifies whether istio components should output + logs in json format by adding --log_as_json argument to + each container. + type: boolean + logging: + description: Specifies the global logging level settings for + the Istio control plane components. + properties: + level: + description: |- + Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + The control plane has different scopes depending on component, but can configure default log level across all components + If empty, default scope and level will be used as configured in code + type: string + type: object + meshID: + description: |- + The Mesh Identifier. It should be unique within the scope where + meshes will interact with each other, but it is not required to be + globally/universally unique. For example, if any of the following are true, + then two meshes must have different Mesh IDs: + - Meshes will have their telemetry aggregated in one place + - Meshes will be federated together + - Policy will be written referencing one mesh from the other + + If an administrator expects that any of these conditions may become true in + the future, they should ensure their meshes have different Mesh IDs + assigned. + + Within a multicluster mesh, each cluster must be (manually or auto) + configured to have the same Mesh ID value. If an existing cluster 'joins' a + multicluster mesh, it will need to be migrated to the new mesh ID. Details + of migration TBD, and it may be a disruptive operation to change the Mesh + ID post-install. + + If the mesh admin does not specify a value, Istio will use the value of the + mesh's Trust Domain. The best practice is to select a proper Trust Domain + value. + type: string + meshNetworks: + additionalProperties: + description: |- + Network provides information about the endpoints in a routable L3 + network. A single routable L3 network can have one or more service + registries. Note that the network has no relation to the locality of the + endpoint. The endpoint locality will be obtained from the service + registry. + properties: + endpoints: + description: |- + The list of endpoints in the network (obtained through the + constituent service registries or from CIDR ranges). All endpoints in + the network are directly accessible to one another. + items: + description: "NetworkEndpoints describes how the network + associated with an endpoint\nshould be inferred. + An endpoint will be assigned to a network based + on\nthe following rules:\n\n1. Implicitly: If the + registry explicitly provides information about\nthe + network to which the endpoint belongs to. In some + cases, its\npossible to indicate the network associated + with the endpoint by\nadding the `ISTIO_META_NETWORK` + environment variable to the sidecar.\n\n2. Explicitly:\n\n\ta. + By matching the registry name with one of the \"fromRegistry\"\n\tin + the mesh config. A \"from_registry\" can only be + assigned to a\n\tsingle network.\n\n\tb. By matching + the IP against one of the CIDR ranges in a mesh\n\tconfig + network. The CIDR ranges must not overlap and be + assigned to\n\ta single network.\n\n(2) will override + (1) if both are present." + properties: + fromCidr: + description: |- + A CIDR range for the set of endpoints in this network. The CIDR + ranges for endpoints from different networks must not overlap. + type: string + fromRegistry: + description: |- + Add all endpoints from the specified registry into this network. + The names of the registries should correspond to the kubeconfig file name + inside the secret that was used to configure the registry (Kubernetes + multicluster) or supplied by MCP server. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [fromCidr fromRegistry] + should be set + rule: (has(self.fromCidr)?1:0) + (has(self.fromRegistry)?1:0) + <= 1 + type: array + gateways: + description: Set of gateways associated with the network. + items: + description: |- + The gateway associated with this network. Traffic from remote networks + will arrive at the specified gateway:port. All incoming traffic must + use mTLS. + properties: + address: + description: IP address or externally resolvable + DNS address associated with the gateway. + type: string + locality: + description: The locality associated with an explicitly + specified gateway (i.e. ip) + type: string + port: + format: int32 + type: integer + registryServiceName: + description: |- + A fully qualified domain name of the gateway service. Pilot will + lookup the service from the service registries in the network and + obtain the endpoint IPs of the gateway from the service + registry. Note that while the service name is a fully qualified + domain name, it need not be resolvable outside the orchestration + platform for the registry. e.g., this could be + istio-ingressgateway.istio-system.svc.cluster.local. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [registryServiceName address] + should be set + rule: (has(self.registryServiceName)?1:0) + (has(self.address)?1:0) + <= 1 + type: array + type: object + description: "Configure the mesh networks to be used by the + Split Horizon EDS.\n\nThe following example defines two + networks with different endpoints association methods.\nFor + `network1` all endpoints that their IP belongs to the provided + CIDR range will be\nmapped to network1. The gateway for + this network example is specified by its public IP\naddress + and port.\nThe second network, `network2`, in this example + is defined differently with all endpoints\nretrieved through + the specified Multi-Cluster registry being mapped to network2. + The\ngateway is also defined differently with the name of + the gateway service on the remote\ncluster. The public IP + for the gateway will be determined from that remote service + (only\nLoadBalancer gateway service type is currently supported, + for a NodePort type gateway service,\nit still need to be + configured manually).\n\nmeshNetworks:\n\n\tnetwork1:\n\t + \ endpoints:\n\t - fromCidr: \"192.168.0.1/24\"\n\t gateways:\n\t + \ - address: 1.1.1.1\n\t port: 80\n\tnetwork2:\n\t endpoints:\n\t + \ - fromRegistry: reg1\n\t gateways:\n\t - registryServiceName: + istio-ingressgateway.istio-system.svc.cluster.local\n\t + \ port: 443" + type: object + mountMtlsCerts: + description: Controls whether the in-cluster MTLS key and + certs are loaded from the secret volume mounts. + type: boolean + multiCluster: + description: Specifies the Configuration for Istio mesh across + multiple clusters through Istio gateways. + properties: + clusterName: + description: |- + The name of the cluster this installation will run in. This is required for sidecar injection + to properly label proxies + type: string + enabled: + description: |- + Enables the connection between two kubernetes clusters via their respective ingressgateway services. + Use if the pods in each cluster cannot directly talk to one another. + type: boolean + globalDomainSuffix: + description: The suffix for global service names. + type: string + includeEnvoyFilter: + description: Enable envoy filter to translate `globalDomainSuffix` + to cluster local suffix for cross cluster communication. + type: boolean + type: object + network: + description: |- + Network defines the network this cluster belong to. This name + corresponds to the networks in the map of mesh networks. + type: string + omitSidecarInjectorConfigMap: + description: |- + Controls whether the creation of the sidecar injector ConfigMap should be skipped. + Defaults to false. When set to true, the sidecar injector ConfigMap will not be created. + type: boolean + operatorManageWebhooks: + description: |- + Controls whether the WebhookConfiguration resource(s) should be created. The current behavior + of Istiod is to manage its own webhook configurations. + When this option is set to true, Istio Operator, instead of webhooks, manages the + webhook configurations. When this option is set as false, webhooks manage their + own webhook configurations. + type: boolean + pilotCertProvider: + description: |- + Configure the Pilot certificate provider. + Currently, four providers are supported: "kubernetes", "istiod", "custom" and "none". + type: string + platform: + description: |- + Platform in which Istio is deployed. Possible values are: "openshift" and "gcp" + An empty value means it is a vanilla Kubernetes distribution, therefore no special + treatment will be considered. + type: string + podDNSSearchNamespaces: + description: |- + Custom DNS config for the pod to resolve names of services in other + clusters. Use this to add additional search domains, and other settings. + see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + This does not apply to gateway pods as they typically need a different + set of DNS settings than the normal application pods (e.g. in multicluster scenarios). + items: + type: string + type: array + priorityClassName: + description: |- + Specifies the k8s priorityClassName for the istio control plane components. + + See https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: string + proxy: + description: Specifies how proxies are configured within Istio. + properties: + autoInject: + description: Controls the 'policy' in the sidecar injector. + type: string + clusterDomain: + description: |- + Domain for the cluster, default: "cluster.local". + + K8s allows this to be customized, see https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/ + type: string + componentLogLevel: + description: |- + Per Component log level for proxy, applies to gateways and sidecars. + + If a component level is not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. + type: string + enableCoreDump: + description: |- + Enables core dumps for newly injected sidecars. + + If set, newly injected sidecars will have core dumps enabled. + type: boolean + excludeIPRanges: + description: Lists the excluded IP ranges of Istio egress + traffic that the sidecar captures. + type: string + excludeInboundPorts: + description: Specifies the Istio ingress ports not to + capture. + type: string + excludeOutboundPorts: + description: A comma separated list of outbound ports + to be excluded from redirection to Envoy. + type: string + holdApplicationUntilProxyStarts: + description: |- + Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready + + Deprecated: replaced by ProxyConfig setting which allows per-pod configuration of this behavior. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: boolean + image: + description: |- + Image name or path for the proxy, default: "proxyv2". + + If registry or tag are not specified, global.hub and global.tag are used. + + Examples: my-proxy (uses global.hub/tag), docker.io/myrepo/my-proxy:v1.0.0 + type: string + includeIPRanges: + description: |- + Lists the IP ranges of Istio egress traffic that the sidecar captures. + + Example: "172.30.0.0/16,172.20.0.0/16" + This would only capture egress traffic on those two IP Ranges, all other outbound traffic would # be allowed by the sidecar." + type: string + includeInboundPorts: + description: |- + A comma separated list of inbound ports for which traffic is to be redirected to Envoy. + The wildcard character '*' can be used to configure redirection for all ports. + type: string + includeOutboundPorts: + description: A comma separated list of outbound ports + for which traffic is to be redirected to Envoy, regardless + of the destination IP. + type: string + lifecycle: + description: |- + The k8s lifecycle hooks definition (pod.spec.containers.lifecycle) for the proxy container. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + logLevel: + description: 'Log level for proxy, applies to gateways + and sidecars. If left empty, "warning" is used. Expected + values are: trace\|debug\|info\|warning\|error\|critical\|off' + type: string + outlierLogPath: + description: |- + Path to the file to which the proxy will write outlier detection logs. + + Example: "/dev/stdout" + This would write the logs to standard output. + type: string + privileged: + description: |- + Enables privileged securityContext for the istio-proxy container. + + See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: boolean + readinessFailureThreshold: + description: Sets the number of successive failed probes + before indicating readiness failure. + format: int32 + type: integer + readinessInitialDelaySeconds: + description: Sets the initial delay for readiness probes + in seconds. + format: int32 + type: integer + readinessPeriodSeconds: + description: Sets the interval between readiness probes + in seconds. + format: int32 + type: integer + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: Configures the startup probe for the istio-proxy + container. + properties: + enabled: + description: |- + Enables or disables a startup probe. + For optimal startup times, changing this should be tied to the readiness probe values. + + If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + and doesn't spam the readiness endpoint too much + + If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + type: boolean + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + format: int32 + type: integer + type: object + statusPort: + description: Default port used for the Pilot agent's health + checks. + format: int32 + type: integer + tracer: + description: |- + Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. + If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + enum: + - zipkin + - lightstep + - datadog + - stackdriver + - openCensusAgent + - none + type: string + type: object + proxy_init: + description: Specifies the Configuration for proxy_init container + which sets the pods' networking to intercept the inbound/outbound + traffic. + properties: + image: + description: Specifies the image for the proxy_init container. + type: string + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + remotePilotAddress: + description: Specifies the Istio control plane’s pilot Pod + IP address or remote cluster DNS resolvable hostname. + type: string + revision: + description: Configures the revision this control plane is + a part of + type: string + sds: + description: Specifies the Configuration for the SecretDiscoveryService + instead of using K8S secrets to mount the certificates. + properties: + token: + description: 'Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto.' + properties: + aud: + type: string + type: object + type: object + sts: + description: Specifies the configuration for Security Token + Service. + properties: + servicePort: + format: int32 + type: integer + type: object + tag: + description: Specifies the tag for the Istio docker images. + type: string + tracer: + description: Specifies the Configuration for each of the supported + tracers. + properties: + datadog: + description: Configuration for the datadog tracing service. + properties: + address: + description: Address in host:port format for reporting + trace data to the Datadog agent. + type: string + type: object + lightstep: + description: Configuration for the lightstep tracing service. + properties: + accessToken: + description: Sets the lightstep access token. + type: string + address: + description: Sets the lightstep satellite pool address + in host:port format for reporting trace data. + type: string + type: object + stackdriver: + description: Configuration for the stackdriver tracing + service. + properties: + debug: + description: enables trace output to stdout. + type: boolean + maxNumberOfAnnotations: + description: The global default max number of annotation + events per span. + format: int32 + type: integer + maxNumberOfAttributes: + description: The global default max number of attributes + per span. + format: int32 + type: integer + maxNumberOfMessageEvents: + description: The global default max number of message + events per span. + format: int32 + type: integer + type: object + zipkin: + description: Configuration for the zipkin tracing service. + properties: + address: + description: |- + Address of zipkin instance in host:port format for reporting trace data. + + Example: .:941 + type: string + type: object + type: object + variant: + description: The variant of the Istio container images to + use. Options are "debug" or "distroless". Unset will use + the default for the given version. + type: string + waypoint: + description: Specifies how waypoints are configured within + Istio. + properties: + resources: + description: |- + K8s resource settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + type: object + istiodRemote: + description: Configuration for istiod-remote. + properties: + injectionCABundle: + description: injector ca bundle + type: string + injectionPath: + description: Path to use for the sidecar injector webhook + service. + type: string + injectionURL: + description: URL to use for sidecar injector webhook. + type: string + type: object + meshConfig: + description: |- + Defines runtime configuration of components, including Istiod and istio-agent behavior. + See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options. + properties: + accessLogEncoding: + description: |- + Encoding for the proxy access log (`TEXT` or `JSON`). + Default value is `TEXT`. + enum: + - TEXT + - JSON + type: string + accessLogFile: + description: |- + File address for the proxy access log (e.g. /dev/stdout). + Empty value disables access logging. + type: string + accessLogFormat: + description: |- + Format for the proxy access log + Empty value results in proxy's default access log format + type: string + ca: + description: |- + If specified, Istiod will authorize and forward the CSRs from the workloads to the specified external CA + using the Istio CA gRPC API. + properties: + address: + description: |- + REQUIRED. Address of the CA server implementing the Istio CA gRPC API. + Can be IP address or a fully qualified DNS name with port + Eg: custom-ca.default.svc.cluster.local:8932, 192.168.23.2:9000 + type: string + istiodSide: + description: |- + Use istiod_side to specify CA Server integrate to Istiod side or Agent side + Default: true + type: boolean + requestTimeout: + description: |- + timeout for forward CSR requests from Istiod to External CA + Default: 10s + type: string + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. + Regarding tls_settings: + - DISABLE MODE is legitimate for the case Istiod is making the request via an Envoy sidecar. + DISABLE MODE can also be used for testing + - TLS MUTUAL MODE be on by default. If the CA certificates + (cert bundle to verify the CA server's certificate) is omitted, Istiod will + use the system root certs to verify the CA server's certificate. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + required: + - address + type: object + caCertificates: + description: |- + The extra root certificates for workload-to-workload communication. + The plugin certificates (the 'cacerts' secret) or self-signed certificates (the 'istio-ca-secret' secret) + are automatically added by Istiod. + The CA certificate that signs the workload certificates is automatically added by Istio Agent. + items: + properties: + certSigners: + description: |- + when Istiod is acting as RA(registration authority) + If set, they are used for these signers. Otherwise, this trustAnchor is used for all signers. + items: + type: string + type: array + pem: + description: The PEM data of the certificate. + type: string + spiffeBundleUrl: + description: |- + The SPIFFE bundle endpoint URL that complies to: + https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle + The endpoint should support authentication based on Web PKI: + https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki + The certificate is retrieved from the endpoint. + type: string + trustDomains: + description: |- + Optional. Specify the list of trust domains to which this trustAnchor data belongs. + If set, they are used for these trust domains. Otherwise, this trustAnchor is used for default trust domain + and its aliases. + Note that we can have multiple trustAnchor data for a same trust_domain. + In that case, trustAnchors with a same trust domain will be merged and used together to verify peer certificates. + If neither cert_signers nor trust_domains is set, this trustAnchor is used for all trust domains and all signers. + If only trust_domains is set, this trustAnchor is used for these trust_domains and all signers. + If only cert_signers is set, this trustAnchor is used for these cert_signers and all trust domains. + If both cert_signers and trust_domains is set, this trustAnchor is only used for these signers and trust domains. + items: + type: string + type: array + type: object + x-kubernetes-validations: + - message: At most one of [pem spiffeBundleUrl] should be + set + rule: (has(self.pem)?1:0) + (has(self.spiffeBundleUrl)?1:0) + <= 1 + type: array + certificates: + description: |- + Configure the provision of certificates. + + Note: Deprecated, please refer to Cert-Manager or other cert provisioning solutions to sign DNS certificates. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + items: + description: "Certificate configures the provision of a + certificate and its key.\nExample 1: key and cert stored + in a secret\n```\n{ secretName: galley-cert\n\n\t secretNamespace: + istio-system\n\t dnsNames:\n\t - galley.istio-system.svc\n\t + \ - galley.mydomain.com\n\t}\n\n```\nExample 2: key + and cert stored in a directory\n```\n{ dnsNames:\n - + pilot.istio-system\n - pilot.istio-system.svc\n - pilot.mydomain.com\n + \ }\n\n```" + properties: + dnsNames: + description: |- + The DNS names for the certificate. A certificate may contain + multiple DNS names. + items: + type: string + type: array + secretName: + description: |- + Name of the secret the certificate and its key will be stored into. + If it is empty, it will not be stored into a secret. + Instead, the certificate and its key will be stored into a hard-coded directory. + type: string + type: object + type: array + configSources: + description: |- + ConfigSource describes a source of configuration data for networking + rules, and other Istio configuration artifacts. Multiple data sources + can be configured for a single control plane. + items: + description: |- + ConfigSource describes information about a configuration store inside a + mesh. A single control plane instance can interact with one or more data + sources. + properties: + address: + description: |- + Address of the server implementing the Istio Mesh Configuration + protocol (MCP). Can be IP address or a fully qualified DNS name. + Use xds:// to specify a grpc-based xds backend, k8s:// to specify a k8s controller or + fs:/// to specify a file-based backend with absolute path to the directory. + type: string + subscribedResources: + description: Describes the source of configuration, + if nothing is specified default is MCP + items: + description: Resource describes the source of configuration + enum: + - SERVICE_REGISTRY + type: string + type: array + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. If the MCP server + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + type: array + connectTimeout: + description: |- + Connection timeout used by Envoy. (MUST BE >=1ms) + Default timeout is 10s. + type: string + defaultConfig: + description: |- + Default proxy config used by gateway and sidecars. + In case of Kubernetes, the proxy config is applied once during the injection process, + and remain constant for the duration of the pod. The rest of the mesh config can be changed + at runtime and config gets distributed dynamically. + On Kubernetes, this can be overridden on individual pods with the `proxy.istio.io/config` annotation. + properties: + availabilityZone: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + binaryPath: + description: Path to the proxy binary + type: string + caCertificatesPem: + description: |- + The PEM data of the extra root certificates for workload-to-workload communication. + This includes the certificates defined in MeshConfig and any other certificates that Istiod uses as CA. + The plugin certificates (the 'cacerts' secret), self-signed certificates (the 'istio-ca-secret' secret) + are added automatically by Istiod. + items: + type: string + type: array + concurrency: + description: |- + The number of worker threads to run. + If unset, which is recommended, this will be automatically determined based on CPU requests/limits. + If set to 0, all cores on the machine will be used, ignoring CPU requests or limits. This can lead to major performance + issues if CPU limits are also set. + format: int32 + type: integer + configPath: + description: |- + Path to the generated configuration file directory. + Proxy agent generates the actual configuration and stores it in this directory. + type: string + controlPlaneAuthPolicy: + description: |- + AuthenticationPolicy defines how the proxy is authenticated when it connects to the control plane. + Default is set to `MUTUAL_TLS`. + enum: + - NONE + - MUTUAL_TLS + - INHERIT + type: string + customConfigFile: + description: |- + File path of custom proxy configuration, currently used by proxies + in front of Mixer and Pilot. + type: string + discoveryAddress: + description: |- + Address of the discovery service exposing xDS with mTLS connection. + The inject configuration may override this value. + type: string + discoveryRefreshDelay: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + drainDuration: + description: |- + restart. MUST be >=1s (e.g., _1s/1m/1h_) + Default drain duration is `45s`. + type: string + envoyAccessLogService: + description: |- + Address of the service to which access logs from Envoys should be + sent. (e.g. `accesslog-service:15000`). See [Access Log + Service](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/accesslog/v2/als.proto) + for details about Envoy's gRPC Access Log Service API. + properties: + address: + description: |- + Address of a remove service used for various purposes (access log + receiver, metrics receiver, etc.). Can be IP address or a fully + qualified DNS name. + type: string + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the + socket to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsSettings: + description: |- + Use the `tls_settings` to specify the tls mode to use. If the remote service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + envoyMetricsService: + description: |- + Address of the Envoy Metrics Service implementation (e.g. `metrics-service:15000`). + See [Metric Service](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto) + for details about Envoy's Metrics Service API. + properties: + address: + description: |- + Address of a remove service used for various purposes (access log + receiver, metrics receiver, etc.). Can be IP address or a fully + qualified DNS name. + type: string + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the + socket to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsSettings: + description: |- + Use the `tls_settings` to specify the tls mode to use. If the remote service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + envoyMetricsServiceAddress: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + extraStatTags: + description: |- + An additional list of tags to extract from the in-proxy Istio telemetry. These extra tags can be + added by configuring the telemetry extension. Each additional tag needs to be present in this list. + Extra tags emitted by the telemetry extensions must be listed here so that they can be processed + and exposed as Prometheus metrics. + Deprecated: `istio.stats` is a native filter now, this field is no longer needed. + items: + type: string + type: array + gatewayTopology: + description: |- + Topology encapsulates the configuration which describes where the proxy is + located i.e. behind a (or N) trusted proxy (proxies) or directly exposed + to the internet. This configuration only effects gateways and is applied + to all the gateways in the cluster unless overridden via annotations of the + gateway workloads. + properties: + forwardClientCertDetails: + description: |- + Configures how the gateway proxy handles x-forwarded-client-cert (XFCC) + header in the incoming request. + enum: + - UNDEFINED + - SANITIZE + - FORWARD_ONLY + - APPEND_FORWARD + - SANITIZE_SET + - ALWAYS_FORWARD_ONLY + type: string + numTrustedProxies: + description: |- + Number of trusted proxies deployed in front of the Istio gateway proxy. + When this option is set to value N greater than zero, the trusted client + address is assumed to be the Nth address from the right end of the + X-Forwarded-For (XFF) header from the incoming request. If the + X-Forwarded-For (XFF) header is missing or has fewer than N addresses, the + gateway proxy falls back to using the immediate downstream connection's + source address as the trusted client address. + Note that the gateway proxy will append the downstream connection's source + address to the X-Forwarded-For (XFF) address and set the + X-Envoy-External-Address header to the trusted client address before + forwarding it to the upstream services in the cluster. + The default value of num_trusted_proxies is 0. + See [Envoy XFF](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#config-http-conn-man-headers-x-forwarded-for) + header handling for more details. + format: int32 + type: integer + proxyProtocol: + description: |- + Enables [PROXY protocol](http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt) for + downstream connections on a gateway. + type: object + type: object + holdApplicationUntilProxyStarts: + description: |- + Boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. + This feature adds hooks to delay application startup until the pod proxy + is ready to accept traffic, mitigating some startup race conditions. + Default value is 'false'. + type: boolean + image: + description: Specifies the details of the proxy image. + properties: + imageType: + description: |- + The image type of the image. + Istio publishes default, debug, and distroless images. + Other values are allowed if those image types (example: centos) are published to the specified hub. + supported values: default, debug, distroless. + type: string + type: object + interceptionMode: + description: The mode used to redirect inbound traffic + to Envoy. + enum: + - REDIRECT + - TPROXY + - NONE + type: string + meshId: + description: |- + The unique identifier for the [service mesh](https://istio.io/docs/reference/glossary/#service-mesh) + All control planes running in the same service mesh should specify the same mesh ID. + Mesh ID is used to label telemetry reports for cases where telemetry from multiple meshes is mixed together. + type: string + privateKeyProvider: + description: Specifies the details of the Private Key + Provider configuration for gateway and sidecar proxies. + properties: + cryptomb: + description: Use CryptoMb private key provider + properties: + fallback: + description: |- + If the private key provider isn’t available (eg. the required hardware capability doesn’t existed) + Envoy will fallback to the BoringSSL default implementation when the fallback is true. + The default value is false. + type: boolean + pollDelay: + description: |- + How long to wait until the per-thread processing queue should be processed. If the processing queue + gets full (eight sign or decrypt requests are received) it is processed immediately. + However, if the queue is not filled before the delay has expired, the requests already in the queue + are processed, even if the queue is not full. + In effect, this value controls the balance between latency and throughput. + The duration needs to be set to a value greater than or equal to 1 millisecond. + type: string + type: object + qat: + description: Use QAT private key provider + properties: + fallback: + description: |- + If the private key provider isn’t available (eg. the required hardware capability doesn’t existed) + Envoy will fallback to the BoringSSL default implementation when the fallback is true. + The default value is false. + type: boolean + pollDelay: + description: |- + How long to wait before polling the hardware accelerator after a request has been submitted there. + Having a small value leads to quicker answers from the hardware but causes more polling loop spins, + leading to potentially larger CPU usage. + The duration needs to be set to a value greater than or equal to 1 millisecond. + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [cryptomb qat] should be set + rule: (has(self.cryptomb)?1:0) + (has(self.qat)?1:0) + <= 1 + proxyAdminPort: + description: |- + Port on which Envoy should listen for administrative commands. + Default port is `15000`. + format: int32 + type: integer + proxyBootstrapTemplatePath: + description: Path to the proxy bootstrap template file + type: string + proxyHeaders: + description: "Define the set of headers to add/modify + for HTTP request/responses.\n\nTo enable an optional + header, simply set the field. If no specific configuration + is required, an empty object (`{}`) will enable it.\nNote: + currently all headers are enabled by default.\n\nBelow + shows an example of customizing the `server` header + and disabling the `X-Envoy-Attempt-Count` header:\n\n```yaml\nproxyHeaders:\n\n\tserver:\n\t + \ value: \"my-custom-server\"\n\trequestId: {} // Explicitly + enable Request IDs. As this is the default, this has + no effect.\n\tattemptCount:\n\t disabled: true\n\n```\n\nSome + headers are enabled by default, and require explicitly + disabling. See below for an example of disabling all + default-enabled headers:\n\n```yaml\nproxyHeaders:\n\n\tforwardedClientCert: + SANITIZE\n\tserver:\n\t disabled: true\n\trequestId:\n\t + \ disabled: true\n\tattemptCount:\n\t disabled: true\n\tenvoyDebugHeaders:\n\t + \ disabled: true\n\tmetadataExchangeHeaders:\n\t mode: + IN_MESH\n\n```" + properties: + attemptCount: + description: |- + Controls the `X-Envoy-Attempt-Count` header. + If enabled, this header will be added on outbound request headers (including gateways) that have retries configured. + If disabled, this header will not be set. If it is already present, it will be preserved. + This header is enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + envoyDebugHeaders: + description: |- + Controls various `X-Envoy-*` headers, such as `X-Envoy-Overloaded` and `X-Envoy-Upstream-Service-Time`. If enabled, + these headers will be included. + If disabled, these headers will not be set. If they are already present, they will be preserved. + See the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/router/v3/router.proto#envoy-v3-api-field-extensions-filters-http-router-v3-router-suppress-envoy-headers) for more details. + These headers are enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + forwardedClientCert: + description: |- + Controls the `X-Forwarded-Client-Cert` header for inbound sidecar requests. To set this on gateways, use the `Topology` setting. + To disable the header, configure either `SANITIZE` (to always remove the header, if present) or `FORWARD_ONLY` (to leave the header as-is). + By default, `APPEND_FORWARD` will be used. + enum: + - UNDEFINED + - SANITIZE + - FORWARD_ONLY + - APPEND_FORWARD + - SANITIZE_SET + - ALWAYS_FORWARD_ONLY + type: string + metadataExchangeHeaders: + description: |- + Controls Istio metadata exchange headers `X-Envoy-Peer-Metadata` and `X-Envoy-Peer-Metadata-Id`. + By default, the behavior is unspecified. + If IN_MESH, these headers will not be appended to outbound requests from sidecars to services not in-mesh. + properties: + mode: + enum: + - UNDEFINED + - IN_MESH + type: string + type: object + requestId: + description: |- + Controls the `X-Request-Id` header. If enabled, a request ID is generated for each request if one is not already set. + This applies to all types of traffic (inbound, outbound, and gateways). + If disabled, no request ID will be generate for the request. If it is already present, it will be preserved. + Warning: request IDs are a critical component to mesh tracing and logging, so disabling this is not recommended. + This header is enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + server: + description: |- + Controls the `server` header. If enabled, the `Server: istio-envoy` header is set in response headers for inbound traffic (including gateways). + If disabled, the `Server` header is not modified. If it is already present, it will be preserved. + properties: + disabled: + type: boolean + value: + description: If set, and the server header is + enabled, this value will be set as the server + header. By default, `istio-envoy` will be used. + type: string + type: object + type: object + proxyMetadata: + additionalProperties: + type: string + description: |- + Additional environment variables for the proxy. + Names starting with `ISTIO_META_` will be included in the generated bootstrap and sent to the XDS server. + type: object + proxyStatsMatcher: + description: "Proxy stats matcher defines configuration + for reporting custom Envoy stats.\nTo reduce memory + and CPU overhead from Envoy stats system, Istio proxies + by\ndefault create and expose only a subset of Envoy + stats. This option is to\ncontrol creation of additional + Envoy stats with prefix, suffix, and regex\nexpressions + match on the name of the stats. This replaces the stats\ninclusion + annotations\n(`sidecar.istio.io/statsInclusionPrefixes`,\n`sidecar.istio.io/statsInclusionRegexps`, + and\n`sidecar.istio.io/statsInclusionSuffixes`). For + example, to enable stats\nfor circuit breakers, request + retries, upstream connections, and request timeouts,\nyou + can specify stats matcher as follows:\n```yaml\nproxyStatsMatcher:\n\n\tinclusionRegexps:\n\t + \ - .*outlier_detection.*\n\t - .*upstream_rq_retry.*\n\t + \ - .*upstream_cx_.*\n\tinclusionSuffixes:\n\t - upstream_rq_timeout\n\n```\nNote + including more Envoy stats might increase number of + time series\ncollected by prometheus significantly. + Care needs to be taken on Prometheus\nresource provision + and configuration to reduce cardinality." + properties: + inclusionPrefixes: + description: Proxy stats name prefix matcher for inclusion. + items: + type: string + type: array + inclusionRegexps: + description: Proxy stats name regexps matcher for + inclusion. + items: + type: string + type: array + inclusionSuffixes: + description: Proxy stats name suffix matcher for inclusion. + items: + type: string + type: array + type: object + readinessProbe: + description: |- + VM Health Checking readiness probe. This health check config exactly mirrors the + kubernetes readiness probe configuration both in schema and logic. + Only one health check method of 3 can be set at a time. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + runtimeValues: + additionalProperties: + type: string + description: |- + Envoy [runtime configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/runtime) to set during bootstrapping. + This enables setting experimental, unsafe, unsupported, and deprecated features that should be used with extreme caution. + type: object + sds: + description: |- + Secret Discovery Service(SDS) configuration to be used by the proxy. + + Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto. + properties: + enabled: + description: True if SDS is enabled. + type: boolean + k8sSaJwtPath: + description: Path of k8s service account JWT path. + type: string + type: object + serviceCluster: + description: |- + Service cluster defines the name for the `service_cluster` that is + shared by all Envoy instances. This setting corresponds to + `--service-cluster` flag in Envoy. In a typical Envoy deployment, the + `service-cluster` flag is used to identify the caller, for + source-based routing scenarios. + + Since Istio does not assign a local `service/service` version to each + Envoy instance, the name is same for all of them. However, the + source/caller's identity (e.g., IP address) is encoded in the + `--service-node` flag when launching Envoy. When the RDS service + receives API calls from Envoy, it uses the value of the `service-node` + flag to compute routes that are relative to the service instances + located at that IP address. + type: string + statNameLength: + description: |- + Maximum length of name field in Envoy's metrics. The length of the name field + is determined by the length of a name field in a service and the set of labels that + comprise a particular version of the service. The default value is set to 189 characters. + Envoy's internal metrics take up 67 characters, for a total of 256 character name per metric. + Increase the value of this field if you find that the metrics from Envoys are truncated. + format: int32 + type: integer + statsdUdpAddress: + description: IP Address and Port of a statsd UDP listener + (e.g. `10.75.241.127:9125`). + type: string + statusPort: + description: |- + Port on which the agent should listen for administrative commands such as readiness probe. + Default is set to port `15020`. + format: int32 + type: integer + terminationDrainDuration: + description: |- + The amount of time allowed for connections to complete on proxy shutdown. + On receiving `SIGTERM` or `SIGINT`, `istio-agent` tells the active Envoy to start gracefully draining, + discouraging any new connections and allowing existing connections to complete. It then + sleeps for the `termination_drain_duration` and then kills any remaining active Envoy processes. + If not set, a default of `5s` will be applied. + type: string + tracing: + description: Tracing configuration to be used by the proxy. + properties: + customTags: + additionalProperties: + description: |- + Configure custom tags that will be added to any active span. + Tags can be generated via literals, environment variables or an incoming request header. + properties: + environment: + description: |- + The custom tag's value should be populated from an environmental + variable + properties: + defaultValue: + description: |- + When the environment variable is not found, + the tag's value will be populated with this default value if specified, + otherwise the tag will not be populated. + type: string + name: + description: Name of the environment variable + used to populate the tag's value + type: string + type: object + header: + description: |- + The custom tag's value is populated by an http header from + an incoming request. + properties: + defaultValue: + description: |- + Default value to be used for the tag when the named HTTP header does not exist. + The tag will be skipped if no default value is provided. + type: string + name: + description: HTTP header name used to obtain + the value from to populate the tag value. + type: string + type: object + literal: + description: The custom tag's value is the specified + literal. + properties: + value: + description: Static literal value used to + populate the tag value. + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [literal environment header] + should be set + rule: (has(self.literal)?1:0) + (has(self.environment)?1:0) + + (has(self.header)?1:0) <= 1 + description: "and gateways).\nThe key represents the + name of the tag.\nEx:\n```yaml\ncustom_tags:\n\n\tnew_tag_name:\n\t + \ header:\n\t name: custom-http-header-name\n\t + \ default_value: defaulted-value-from-custom-header\n\n```" + type: object + datadog: + description: Use a Datadog tracer. + properties: + address: + description: Address of the Datadog Agent. + type: string + type: object + lightstep: + description: |- + Use a Lightstep tracer. + NOTE: For Istio 1.15+, this configuration option will result + in using OpenTelemetry-based Lightstep integration. + properties: + accessToken: + description: The Lightstep access token. + type: string + address: + description: Address of the Lightstep Satellite + pool. + type: string + type: object + maxPathTagLength: + description: |- + Configures the maximum length of the request path to extract and include in the + HttpUrl tag. Used to truncate length request paths to meet the needs of tracing + backend. If not set, then a length of 256 will be used. + format: int32 + type: integer + openCensusAgent: + description: Use an OpenCensus tracer exporting to + an OpenCensus agent. + properties: + address: + description: |- + gRPC address for the OpenCensus agent (e.g. dns://authority/host:port or + unix:path). See [gRPC naming + docs](https://github.com/grpc/grpc/blob/master/doc/naming.md) for + details. + type: string + context: + description: |- + Specifies the set of context propagation headers used for distributed + tracing. Default is `["W3C_TRACE_CONTEXT"]`. If multiple values are specified, + the proxy will attempt to read each header for each request and will + write all headers. + items: + description: |- + TraceContext selects the context propagation headers used for + distributed tracing. + enum: + - UNSPECIFIED + - W3C_TRACE_CONTEXT + - GRPC_BIN + - CLOUD_TRACE_CONTEXT + - B3 + type: string + type: array + type: object + sampling: + description: |- + The percentage of requests (0.0 - 100.0) that will be randomly selected for trace generation, + if not requested by the client or not forced. Default is 1.0. + type: number + stackdriver: + description: Use a Stackdriver tracer. + properties: + debug: + description: debug enables trace output to stdout. + type: boolean + maxNumberOfAnnotations: + description: |- + The global default max number of annotation events per span. + default is 200. + format: int64 + type: integer + maxNumberOfAttributes: + description: |- + The global default max number of attributes per span. + default is 200. + format: int64 + type: integer + maxNumberOfMessageEvents: + description: |- + The global default max number of message events per span. + default is 200. + format: int64 + type: integer + type: object + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. If the remote tracing service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + zipkin: + description: Use a Zipkin tracer. + properties: + address: + description: Address of the Zipkin service (e.g. + _zipkin:9411_). + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [zipkin lightstep datadog stackdriver + openCensusAgent] should be set + rule: (has(self.zipkin)?1:0) + (has(self.lightstep)?1:0) + + (has(self.datadog)?1:0) + (has(self.stackdriver)?1:0) + + (has(self.openCensusAgent)?1:0) <= 1 + tracingServiceName: + description: |- + Used by Envoy proxies to assign the values for the service names in trace + spans. + enum: + - APP_LABEL_AND_NAMESPACE + - CANONICAL_NAME_ONLY + - CANONICAL_NAME_AND_NAMESPACE + type: string + zipkinAddress: + description: |- + Address of the Zipkin service (e.g. _zipkin:9411_). + DEPRECATED: Use [tracing][istio.mesh.v1alpha1.ProxyConfig.tracing] instead. + + Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [serviceCluster tracingServiceName] + should be set + rule: (has(self.serviceCluster)?1:0) + (has(self.tracingServiceName)?1:0) + <= 1 + defaultDestinationRuleExportTo: + description: |- + The default value for the `DestinationRule.export_to` field. Has the same + syntax as `default_service_export_to`. + + If not set the system will use "*" as the default value which implies that + destination rules are exported to all namespaces + items: + type: string + type: array + defaultHttpRetryPolicy: + description: "Configure the default HTTP retry policy.\nThe + default number of retry attempts is set at 2 for these errors:\n\n\t\"connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes\".\n\nSetting + the number of attempts to 0 disables retry policy globally.\nThis + setting can be overridden on a per-host basis using the + Virtual Service\nAPI.\nAll settings in the retry policy + except `perTryTimeout` can currently be\nconfigured globally + via this field." + properties: + attempts: + description: |- + Number of retries to be allowed for a given request. The interval + between retries will be determined automatically (25ms+). When request + `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) + or `per_try_timeout` is configured, the actual number of retries attempted also depends on + the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. + The maximum possible number of requests made will be 1 + `attempts`. + format: int32 + type: integer + perTryTimeout: + description: |- + Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. + Default is same value as request + `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), + which means no timeout. + type: string + retryOn: + description: |- + Specifies the conditions under which retry takes place. + One or more policies can be specified using a ‘,’ delimited list. + See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) + and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + + In addition to the policies specified above, a list of HTTP status codes can be passed, such as `retryOn: "503,reset"`. + Note these status codes refer to the actual responses received from the destination. + For example, if a connection is reset, Istio will translate this to 503 for it's response. + However, the destination did not return a 503 error, so this would not match `"503"` (it would, however, match `"reset"`). + + If not specified, this defaults to `connect-failure,refused-stream,unavailable,cancelled,503`. + type: string + retryRemoteLocalities: + description: |- + Flag to specify whether the retries should retry to other localities. + See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. + type: boolean + type: object + defaultProviders: + description: Specifies extension providers to use by default + in Istio configuration resources. + properties: + accessLogging: + description: Name of the default provider(s) for access + logging. + items: + type: string + type: array + metrics: + description: Name of the default provider(s) for metrics. + items: + type: string + type: array + tracing: + description: Name of the default provider(s) for tracing. + items: + type: string + type: array + type: object + defaultServiceExportTo: + description: |- + The default value for the ServiceEntry.export_to field and services + imported through container registry integrations, e.g. this applies to + Kubernetes Service resources. The value is a list of namespace names and + reserved namespace aliases. The allowed namespace aliases are: + ``` + * - All Namespaces + . - Current Namespace + ~ - No Namespace + ``` + If not set the system will use "*" as the default value which implies that + services are exported to all namespaces. + + `All namespaces` is a reasonable default for implementations that don't + need to restrict access or visibility of services across namespace + boundaries. If that requirement is present it is generally good practice to + make the default `Current namespace` so that services are only visible + within their own namespaces by default. Operators can then expand the + visibility of services to other namespaces as needed. Use of `No Namespace` + is expected to be rare but can have utility for deployments where + dependency management needs to be precise even within the scope of a single + namespace. + + For further discussion see the reference documentation for `ServiceEntry`, + `Sidecar`, and `Gateway`. + items: + type: string + type: array + defaultVirtualServiceExportTo: + description: |- + The default value for the VirtualService.export_to field. Has the same + syntax as `default_service_export_to`. + + If not set the system will use "*" as the default value which implies that + virtual services are exported to all namespaces + items: + type: string + type: array + disableEnvoyListenerLog: + description: |- + This flag disables Envoy Listener logs. + See [Listener Access Log](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log) + Istio Enables Envoy's listener access logs on "NoRoute" response flag. + Default value is `false`. + type: boolean + discoverySelectors: + description: |- + A list of Kubernetes selectors that specify the set of namespaces that Istio considers when + computing configuration updates for sidecars. This can be used to reduce Istio's computational load + by limiting the number of entities (including services, pods, and endpoints) that are watched and processed. + If omitted, Istio will use the default behavior of processing all namespaces in the cluster. + Elements in the list are disjunctive (OR semantics), i.e. a namespace will be included if it matches any selector. + The following example selects any namespace that matches either below: + 1. The namespace has both of these labels: `env: prod` and `region: us-east1` + 2. The namespace has label `app` equal to `cassandra` or `spark`. + ```yaml + discoverySelectors: + - matchLabels: + env: prod + region: us-east1 + - matchExpressions: + - key: app + operator: In + values: + - cassandra + - spark + + ``` + Refer to the [Kubernetes selector docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) + for additional detail on selector semantics. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + dnsRefreshRate: + description: |- + Configures DNS refresh rate for Envoy clusters of type `STRICT_DNS` + Default refresh rate is `60s`. + type: string + enableAutoMtls: + description: |- + This flag is used to enable mutual `TLS` automatically for service to service communication + within the mesh, default true. + If set to true, and a given service does not have a corresponding `DestinationRule` configured, + or its `DestinationRule` does not have ClientTLSSettings specified, Istio configures client side + TLS configuration appropriately. More specifically, + If the upstream authentication policy is in `STRICT` mode, use Istio provisioned certificate + for mutual `TLS` to connect to upstream. + If upstream service is in plain text mode, use plain text. + If the upstream authentication policy is in PERMISSIVE mode, Istio configures clients to use + mutual `TLS` when server sides are capable of accepting mutual `TLS` traffic. + If service `DestinationRule` exists and has `ClientTLSSettings` specified, that is always used instead. + type: boolean + enableEnvoyAccessLogService: + description: |- + This flag enables Envoy's gRPC Access Log Service. + See [Access Log Service](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/grpc/v3/als.proto) + for details about Envoy's gRPC Access Log Service API. + Default value is `false`. + type: boolean + enablePrometheusMerge: + description: |- + If enabled, Istio agent will merge metrics exposed by the application with metrics from Envoy + and Istio agent. The sidecar injection will replace `prometheus.io` annotations present on the pod + and redirect them towards Istio agent, which will then merge metrics of from the application with Istio metrics. + This relies on the annotations `prometheus.io/scrape`, `prometheus.io/port`, and + `prometheus.io/path` annotations. + If you are running a separately managed Envoy with an Istio sidecar, this may cause issues, as the metrics will collide. + In this case, it is recommended to disable aggregation on that deployment with the + `prometheus.istio.io/merge-metrics: "false"` annotation. + If not specified, this will be enabled by default. + type: boolean + enableTracing: + description: |- + Flag to control generation of trace spans and request IDs. + Requires a trace span collector defined in the proxy configuration. + type: boolean + extensionProviders: + description: |- + Defines a list of extension providers that extend Istio's functionality. For example, the AuthorizationPolicy + can be used with an extension provider to delegate the authorization decision to a custom authorization system. + items: + properties: + datadog: + description: Configures a Datadog tracing provider. + properties: + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the Datadog agent. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "datadog.default.svc.cluster.local" or "bar/datadog.example.com". + type: string + required: + - port + - service + type: object + envoyExtAuthzGrpc: + description: Configures an external authorizer that + implements the Envoy ext_authz filter authorization + check service using the gRPC API. + properties: + failOpen: + description: |- + If true, the HTTP request or TCP connection will be allowed even if the communication with the authorization service has failed, + or if the authorization service has returned a HTTP 5xx error. + Default is false. For HTTP request, it will be rejected with 403 (HTTP Forbidden). For TCP connection, it will be closed immediately. + type: boolean + includeRequestBodyInCheck: + description: If set, the client request body will + be included in the authorization request sent + to the authorization service. + properties: + allowPartialMessage: + description: |- + When this field is true, ext-authz filter will buffer the message until max_request_bytes is reached. + The authorization request will be dispatched and no 413 HTTP error will be returned by the filter. + A "x-envoy-auth-partial-body: false|true" metadata header will be added to the authorization request message + indicating if the body data is partial. + type: boolean + maxRequestBytes: + description: |- + Sets the maximum size of a message body that the ext-authz filter will hold in memory. + If max_request_bytes is reached, and allow_partial_message is false, Envoy will return a 413 (Payload Too Large). + Otherwise the request will be sent to the provider with a partial message. + Note that this setting will have precedence over the fail_open field, the 413 will be returned even when the + fail_open is set to true. + format: int32 + type: integer + packAsBytes: + description: |- + If true, the body sent to the external authorization service in the gRPC authorization request is set with raw bytes + in the [raw_body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L153). + Otherwise, it will be filled with UTF-8 string in the [body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L147). + This field only works with the envoy_ext_authz_grpc provider and has no effect for the envoy_ext_authz_http provider. + type: boolean + type: object + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ext_authz gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "my-ext-authz.foo.svc.cluster.local" or "bar/my-ext-authz.example.com". + type: string + statusOnError: + description: |- + Sets the HTTP status that is returned to the client when there is a network error to the authorization service. + The default status is "403" (HTTP Forbidden). + type: string + timeout: + description: |- + The maximum duration that the proxy will wait for a response from the provider, this is the timeout for a specific request (default timeout: 600s). + When this timeout condition is met, the proxy marks the communication to the authorization service as failure. + In this situation, the response sent back to the client will depend on the configured `fail_open` field. + type: string + required: + - port + - service + type: object + envoyExtAuthzHttp: + description: Configures an external authorizer that + implements the Envoy ext_authz filter authorization + check service using the HTTP API. + properties: + failOpen: + description: |- + If true, the user request will be allowed even if the communication with the authorization service has failed, + or if the authorization service has returned a HTTP 5xx error. + Default is false and the request will be rejected with "Forbidden" response. + type: boolean + headersToDownstreamOnAllow: + description: |- + List of headers from the authorization service that should be forwarded to downstream when the authorization + check result is allowed (HTTP code 200). + If not specified, the original response will not be modified and forwarded to downstream as-is. + Note, any existing headers will be overridden. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + headersToDownstreamOnDeny: + description: |- + List of headers from the authorization service that should be forwarded to downstream when the authorization + check result is not allowed (HTTP code other than 200). + If not specified, all the authorization response headers, except *Authority (Host)* will be in the response to + the downstream. + When a header is included in this list, *Path*, *Status*, *Content-Length*, *WWWAuthenticate* and *Location* are + automatically added. + Note, the body from the authorization service is always included in the response to downstream. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + headersToUpstreamOnAllow: + description: |- + List of headers from the authorization service that should be added or overridden in the original request and + forwarded to the upstream when the authorization check result is allowed (HTTP code 200). + If not specified, the original request will not be modified and forwarded to backend as-is. + Note, any existing headers will be overridden. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + includeAdditionalHeadersInCheck: + additionalProperties: + type: string + description: |- + Set of additional fixed headers that should be included in the authorization request sent to the authorization service. + Key is the header name and value is the header value. + Note that client request of the same key or headers specified in include_request_headers_in_check will be overridden. + type: object + includeHeadersInCheck: + description: |- + DEPRECATED. Use include_request_headers_in_check instead. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + items: + type: string + type: array + includeRequestBodyInCheck: + description: If set, the client request body will + be included in the authorization request sent + to the authorization service. + properties: + allowPartialMessage: + description: |- + When this field is true, ext-authz filter will buffer the message until max_request_bytes is reached. + The authorization request will be dispatched and no 413 HTTP error will be returned by the filter. + A "x-envoy-auth-partial-body: false|true" metadata header will be added to the authorization request message + indicating if the body data is partial. + type: boolean + maxRequestBytes: + description: |- + Sets the maximum size of a message body that the ext-authz filter will hold in memory. + If max_request_bytes is reached, and allow_partial_message is false, Envoy will return a 413 (Payload Too Large). + Otherwise the request will be sent to the provider with a partial message. + Note that this setting will have precedence over the fail_open field, the 413 will be returned even when the + fail_open is set to true. + format: int32 + type: integer + packAsBytes: + description: |- + If true, the body sent to the external authorization service in the gRPC authorization request is set with raw bytes + in the [raw_body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L153). + Otherwise, it will be filled with UTF-8 string in the [body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L147). + This field only works with the envoy_ext_authz_grpc provider and has no effect for the envoy_ext_authz_http provider. + type: boolean + type: object + includeRequestHeadersInCheck: + description: |- + List of client request headers that should be included in the authorization request sent to the authorization service. + Note that in addition to the headers specified here following headers are included by default: + 1. *Host*, *Method*, *Path* and *Content-Length* are automatically sent. + 2. *Content-Length* will be set to 0 and the request will not have a message body. However, the authorization + request can include the buffered client request body (controlled by include_request_body_in_check setting), + consequently the value of Content-Length of the authorization request reflects the size of its payload size. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + pathPrefix: + description: |- + Sets a prefix to the value of authorization request header *Path*. + For example, setting this to "/check" for an original user request at path "/admin" will cause the + authorization check request to be sent to the authorization service at the path "/check/admin" instead of "/admin". + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ext_authz HTTP authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "my-ext-authz.foo.svc.cluster.local" or "bar/my-ext-authz.example.com". + type: string + statusOnError: + description: |- + Sets the HTTP status that is returned to the client when there is a network error to the authorization service. + The default status is "403" (HTTP Forbidden). + type: string + timeout: + description: |- + The maximum duration that the proxy will wait for a response from the provider (default timeout: 600s). + When this timeout condition is met, the proxy marks the communication to the authorization service as failure. + In this situation, the response sent back to the client will depend on the configured `fail_open` field. + type: string + required: + - port + - service + type: object + envoyFileAccessLog: + description: Configures an Envoy File Access Log provider. + properties: + logFormat: + description: Optional. Allows overriding of the + default access log format. + properties: + labels: + additionalProperties: + type: string + description: "JSON structured format for the + envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)\ncan + be used as values for fields within the Struct. + Values are rendered\nas strings, numbers, + or boolean values, as appropriate\n(see: [format + dictionaries](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-dictionaries)). + Nested JSON is\nsupported for some command + operators (e.g. `FILTER_STATE` or `DYNAMIC_METADATA`).\nUse + `labels: {}` for default envoy JSON log format.\n\nExample:\n```\nlabels:\n\n\tstatus: + \"%RESPONSE_CODE%\"\n\tmessage: \"%LOCAL_REPLY_BODY%\"\n\n```" + type: object + text: + description: |- + Textual format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be + used in the format. The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) + provides more information. + + NOTE: Istio will insert a newline ('\n') on all formats (if missing). + + Example: `text: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%"` + type: string + type: object + x-kubernetes-validations: + - message: At most one of [text labels] should be + set + rule: (has(self.text)?1:0) + (has(self.labels)?1:0) + <= 1 + path: + description: |- + Path to a local file to write the access log entries. + This may be used to write to streams, via `/dev/stderr` and `/dev/stdout` + If unspecified, defaults to `/dev/stdout`. + type: string + type: object + envoyHttpAls: + description: Configures an Envoy Access Logging Service + provider for HTTP traffic. + properties: + additionalRequestHeadersToLog: + description: Optional. Additional request headers + to log. + items: + type: string + type: array + additionalResponseHeadersToLog: + description: Optional. Additional response headers + to log. + items: + type: string + type: array + additionalResponseTrailersToLog: + description: Optional. Additional response trailers + to log. + items: + type: string + type: array + filterStateObjectsToLog: + description: Optional. Additional filter state objects + to log. + items: + type: string + type: array + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "http_envoy_accesslog" + - "listener_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + envoyOtelAls: + description: Configures an Envoy Open Telemetry Access + Logging Service provider. + properties: + logFormat: + description: |- + Optional. Format for the proxy access log + Empty value results in proxy's default access log format, following Envoy access logging formatting. + properties: + labels: + additionalProperties: + type: string + description: "Optional. Additional attributes + that describe the specific event occurrence.\nStructured + format for the envoy access logs. Envoy [command + operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)\ncan + be used as values for fields within the Struct. + Values are rendered\nas strings, numbers, + or boolean values, as appropriate\n(see: [format + dictionaries](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-dictionaries)). + Nested JSON is\nsupported for some command + operators (e.g. FILTER_STATE or DYNAMIC_METADATA).\nAlias + to `attributes` filed in [Open Telemetry](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto)\n\nExample:\n```\nlabels:\n\n\tstatus: + \"%RESPONSE_CODE%\"\n\tmessage: \"%LOCAL_REPLY_BODY%\"\n\n```" + type: object + text: + description: |- + Textual format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be + used in the format. The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) + provides more information. + Alias to `body` filed in [Open Telemetry](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto) + Example: `text: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%"` + type: string + type: object + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "otel_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + envoyTcpAls: + description: Configures an Envoy Access Logging Service + provider for TCP traffic. + properties: + filterStateObjectsToLog: + description: Optional. Additional filter state objects + to log. + items: + type: string + type: array + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "tcp_envoy_accesslog" + - "listener_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + lightstep: + description: |- + Configures a Lightstep tracing provider. + Deprecated: For Istio 1.15+, please use an OpenTelemetryTracingProvider instead, more details can be found at https://github.com/istio/istio/issues/40027 + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + properties: + accessToken: + description: The Lightstep access token. + type: string + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the Lightstep collector. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "lightstep.default.svc.cluster.local" or "bar/lightstep.example.com". + type: string + required: + - port + - service + type: object + name: + description: REQUIRED. A unique name identifying the + extension provider. + type: string + opencensus: + description: |- + Configures an OpenCensusAgent tracing provider. + Deprecated: OpenCensus is deprecated, more details can be found at https://opentelemetry.io/blog/2023/sunsetting-opencensus/ + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + properties: + context: + description: |- + Specifies the set of context propagation headers used for distributed + tracing. Default is `["W3C_TRACE_CONTEXT"]`. If multiple values are specified, + the proxy will attempt to read each header for each request and will + write all headers. + items: + description: |- + TraceContext selects the context propagation headers used for + distributed tracing. + enum: + - UNSPECIFIED + - W3C_TRACE_CONTEXT + - GRPC_BIN + - CLOUD_TRACE_CONTEXT + - B3 + type: string + type: array + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the OpenCensusAgent. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "ocagent.default.svc.cluster.local" or "bar/ocagent.example.com". + type: string + required: + - port + - service + type: object + opentelemetry: + description: Configures an OpenTelemetry tracing provider. + properties: + dynatraceSampler: + description: |- + The Dynatrace adaptive traffic management (ATM) sampler. + + Example configuration: + + ```yaml + - name: otel-tracing + opentelemetry: + port: 443 + service: "{your-environment-id}.live.dynatrace.com" + http: + path: "/api/v2/otlp/v1/traces" + timeout: 10s + headers: + - name: "Authorization" + value: "Api-Token dt0c01." + resource_detectors: + dynatrace: {} + dynatrace_sampler: + tenant: "{your-environment-id}" + cluster_id: 1234 + properties: + clusterId: + description: |- + REQUIRED. The identifier of the cluster in the Dynatrace platform. + The cluster here is Dynatrace-specific concept and not related to the cluster concept in Istio/Envoy. + + The value can be obtained from the Istio deployment page in Dynatrace. + format: int32 + type: integer + httpService: + description: |- + Optional. Dynatrace HTTP API to obtain sampling configuration. + + When not provided, the Dynatrace Sampler will re-use the configuration from the OpenTelemetryTracingProvider HTTP Exporter + (`service`, `port` and `http`), including the access token. + properties: + http: + description: REQUIRED. Specifies sampling + configuration URI. + properties: + headers: + description: |- + Optional. Allows specifying custom HTTP headers that will be added + to each HTTP request sent. + items: + properties: + name: + description: REQUIRED. The HTTP + header name. + type: string + value: + description: REQUIRED. The HTTP + header value. + type: string + required: + - name + - value + type: object + type: array + path: + description: REQUIRED. Specifies the + path on the service. + type: string + timeout: + description: |- + Optional. Specifies the timeout for the HTTP request. + If not specified, the default is 3s. + type: string + required: + - path + type: object + port: + description: REQUIRED. Specifies the port + of the service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the Dynatrace environment to obtain the sampling configuration. + The format is ``, where `` is the fully qualified Dynatrace environment + host name defined in the ServiceEntry. + + Example: "{your-environment-id}.live.dynatrace.com". + type: string + required: + - http + - port + - service + type: object + rootSpansPerMinute: + description: |- + Optional. Number of sampled spans per minute to be used + when the adaptive value cannot be obtained from the Dynatrace API. + + A default value of `1000` is used when: + + - `root_spans_per_minute` is unset + - `root_spans_per_minute` is set to 0 + format: int32 + type: integer + tenant: + description: |- + REQUIRED. The Dynatrace customer's tenant identifier. + + The value can be obtained from the Istio deployment page in Dynatrace. + type: string + required: + - clusterId + - tenant + type: object + http: + description: "Optional. Specifies the configuration + for exporting OTLP traces via HTTP.\nWhen empty, + traces will be exported via gRPC.\n\nThe following + example shows how to configure the OpenTelemetry + ExtensionProvider to export via HTTP:\n\n1. Add/change + the OpenTelemetry extension provider in `MeshConfig`\n```yaml\n + \ - name: otel-tracing\n opentelemetry:\n port: + 443\n service: my.olly-backend.com\n http:\n + \ path: \"/api/otlp/traces\"\n timeout: 10s\n + \ headers:\n - name: \"my-custom-header\"\n + \ value: \"some value\"\n\n```\n\n2. Deploy + a `ServiceEntry` for the observability back-end\n```yaml\napiVersion: + networking.istio.io/v1alpha3\nkind: ServiceEntry\nmetadata:\n\n\tname: + my-olly-backend\n\nspec:\n\n\thosts:\n\t- my.olly-backend.com\n\tports:\n\t- + number: 443\n\t name: https-port\n\t protocol: + HTTPS\n\tresolution: DNS\n\tlocation: MESH_EXTERNAL\n\n---\napiVersion: + networking.istio.io/v1alpha3\nkind: DestinationRule\nmetadata:\n\n\tname: + my-olly-backend\n\nspec:\n\n\thost: my.olly-backend.com\n\ttrafficPolicy:\n\t + \ portLevelSettings:\n\t - port:\n\t number: + 443\n\t tls:\n\t mode: SIMPLE\n\n```" + properties: + headers: + description: |- + Optional. Allows specifying custom HTTP headers that will be added + to each HTTP request sent. + items: + properties: + name: + description: REQUIRED. The HTTP header + name. + type: string + value: + description: REQUIRED. The HTTP header + value. + type: string + required: + - name + - value + type: object + type: array + path: + description: REQUIRED. Specifies the path on + the service. + type: string + timeout: + description: |- + Optional. Specifies the timeout for the HTTP request. + If not specified, the default is 3s. + type: string + required: + - path + type: object + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + resourceDetectors: + description: |- + Optional. Specifies [Resource Detectors](https://opentelemetry.io/docs/specs/otel/resource/sdk/) + to be used by the OpenTelemetry Tracer. When multiple resources are provided, they are merged + according to the OpenTelemetry [Resource specification](https://opentelemetry.io/docs/specs/otel/resource/sdk/#merge). + + The following example shows how to configure the Environment Resource Detector, that will + read the attributes from the environment variable `OTEL_RESOURCE_ATTRIBUTES`: + + ```yaml + - name: otel-tracing + opentelemetry: + port: 443 + service: my.olly-backend.com + resource_detectors: + environment: {} + + ``` + properties: + dynatrace: + description: |- + Dynatrace Resource Detector. + The resource detector reads from the Dynatrace enrichment files + and adds host/process related attributes to the OpenTelemetry resource. + + See: [Enrich ingested data with Dynatrace-specific dimensions](https://docs.dynatrace.com/docs/shortlink/enrichment-files) + type: object + environment: + description: |- + OpenTelemetry Environment Resource Detector. + The resource detector reads attributes from the environment variable `OTEL_RESOURCE_ATTRIBUTES` + and adds them to the OpenTelemetry resource. + + See: [Resource specification](https://opentelemetry.io/docs/specs/otel/resource/sdk/#specifying-resource-information-via-an-environment-variable) + type: object + type: object + service: + description: |- + REQUIRED. Specifies the OpenTelemetry endpoint that will receive OTLP traces. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "otlp.default.svc.cluster.local" or "bar/otlp.example.com". + type: string + required: + - port + - service + type: object + x-kubernetes-validations: + - message: At most one of [dynatraceSampler] should + be set + rule: (has(self.dynatraceSampler)?1:0) <= 1 + prometheus: + description: Configures a Prometheus metrics provider. + type: object + skywalking: + description: Configures a Apache SkyWalking provider. + properties: + accessToken: + description: Optional. The SkyWalking OAP access + token. + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the SkyWalking receiver. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "skywalking.default.svc.cluster.local" or "bar/skywalking.example.com". + type: string + required: + - port + - service + type: object + stackdriver: + description: Configures a Stackdriver provider. + properties: + debug: + description: |- + debug enables trace output to stdout. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + type: boolean + logging: + description: Optional. Controls Stackdriver logging + behavior. + properties: + labels: + additionalProperties: + type: string + description: "Collection of tag names and tag + expressions to include in the log\nentry. + Conflicts are resolved by the tag name by + overriding previously\nsupplied values.\n\nExample:\n\n\tlabels:\n\t + \ path: request.url_path\n\t foo: request.headers['x-foo']" + type: object + type: object + maxNumberOfAnnotations: + description: |- + The global default max number of annotation events per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxNumberOfAttributes: + description: |- + The global default max number of attributes per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxNumberOfMessageEvents: + description: |- + The global default max number of message events per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + type: object + zipkin: + description: Configures a tracing provider that uses + the Zipkin API. + properties: + enable64bitTraceId: + description: |- + Optional. A 128 bit trace id will be used in Istio. + If true, will result in a 64 bit trace id being used. + type: boolean + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that the Zipkin API. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "zipkin.default.svc.cluster.local" or "bar/zipkin.example.com". + type: string + required: + - port + - service + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: At most one of [envoyExtAuthzHttp envoyExtAuthzGrpc + zipkin lightstep datadog stackdriver opencensus skywalking + opentelemetry prometheus envoyFileAccessLog envoyHttpAls + envoyTcpAls envoyOtelAls] should be set + rule: (has(self.envoyExtAuthzHttp)?1:0) + (has(self.envoyExtAuthzGrpc)?1:0) + + (has(self.zipkin)?1:0) + (has(self.lightstep)?1:0) + + (has(self.datadog)?1:0) + (has(self.stackdriver)?1:0) + + (has(self.opencensus)?1:0) + (has(self.skywalking)?1:0) + + (has(self.opentelemetry)?1:0) + (has(self.prometheus)?1:0) + + (has(self.envoyFileAccessLog)?1:0) + (has(self.envoyHttpAls)?1:0) + + (has(self.envoyTcpAls)?1:0) + (has(self.envoyOtelAls)?1:0) + <= 1 + maxItems: 1000 + type: array + h2UpgradePolicy: + description: |- + Specify if http1.1 connections should be upgraded to http2 by default. + if sidecar is installed on all pods in the mesh, then this should be set to `UPGRADE`. + If one or more services or namespaces do not have sidecar(s), then this should be set to `DO_NOT_UPGRADE`. + It can be enabled by destination using the `destinationRule.trafficPolicy.connectionPool.http.h2UpgradePolicy` override. + enum: + - DO_NOT_UPGRADE + - UPGRADE + type: string + inboundClusterStatName: + description: |- + Name to be used while emitting statistics for inbound clusters. The same pattern is used while computing stat prefix for + network filters like TCP and Redis. + By default, Istio emits statistics with the pattern `inbound|||`. + For example `inbound|7443|grpc-reviews|reviews.prod.svc.cluster.local`. This can be used to override that pattern. + + A Pattern can be composed of various pre-defined variables. The following variables are supported. + + - `%SERVICE%` - Will be substituted with short hostname of the service. + - `%SERVICE_NAME%` - Will be substituted with name of the service. + - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. + - `%SERVICE_PORT%` - Will be substituted with port of the service. + - `%TARGET_PORT%` - Will be substituted with the target port of the service. + - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. + + Following are some examples of supported patterns for reviews: + + - `%SERVICE_FQDN%_%SERVICE_PORT%` will use reviews.prod.svc.cluster.local_7443 as the stats name. + - `%SERVICE%` will use reviews.prod as the stats name. + type: string + inboundTrafficPolicy: + description: |- + Set the default behavior of the sidecar for handling inbound + traffic to the application. If your application listens on + localhost, you will need to set this to `LOCALHOST`. + properties: + mode: + enum: + - PASSTHROUGH + - LOCALHOST + type: string + type: object + ingressClass: + description: |- + Class of ingress resources to be processed by Istio ingress + controller. This corresponds to the value of + `kubernetes.io/ingress.class` annotation. + type: string + ingressControllerMode: + description: |- + Defines whether to use Istio ingress controller for annotated or all ingress resources. + Default mode is `STRICT`. + enum: + - UNSPECIFIED + - "OFF" + - DEFAULT + - STRICT + type: string + ingressSelector: + description: |- + Defines which gateway deployment to use as the Ingress controller. This field corresponds to + the Gateway.selector field, and will be set as `istio: INGRESS_SELECTOR`. + By default, `ingressgateway` is used, which will select the default IngressGateway as it has the + `istio: ingressgateway` labels. + It is recommended that this is the same value as ingress_service. + type: string + ingressService: + description: |- + Name of the Kubernetes service used for the istio ingress controller. + If no ingress controller is specified, the default value `istio-ingressgateway` is used. + type: string + localityLbSetting: + description: |- + Locality based load balancing distribution or failover settings. + If unspecified, locality based load balancing will be enabled by default. + However, this requires outlierDetection to actually take effect for a particular + service, see https://istio.io/latest/docs/tasks/traffic-management/locality-load-balancing/failover/ + properties: + distribute: + description: |- + Optional: only one of distribute, failover or failoverPriority can be set. + Explicitly specify loadbalancing weight across different zones and geographical locations. + Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) + If empty, the locality weight is set according to the endpoints number within it. + items: + description: |- + Describes how traffic originating in the 'from' zone or sub-zone is + distributed over a set of 'to' zones. Syntax for specifying a zone is + {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any + segment of the specification. Examples: + + `*` - matches all localities + + `us-west/*` - all zones and sub-zones within the us-west region + + `us-west/zone-1/*` - all sub-zones within us-west/zone-1 + properties: + from: + description: Originating locality, '/' separated, + e.g. 'region/zone/sub_zone'. + type: string + to: + additionalProperties: + format: int32 + type: integer + description: |- + Map of upstream localities to traffic distribution weights. The sum of + all weights should be 100. Any locality not present will + receive no traffic. + type: object + type: object + type: array + enabled: + description: |- + enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. + e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. + type: boolean + failover: + description: |- + Optional: only one of distribute, failover or failoverPriority can be set. + Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. + Should be used together with OutlierDetection to detect unhealthy endpoints. + Note: if no OutlierDetection specified, this will not take effect. + items: + description: |- + Specify the traffic failover policy across regions. Since zone and sub-zone + failover is supported by default this only needs to be specified for + regions when the operator needs to constrain traffic failover so that + the default behavior of failing over to any endpoint globally does not + apply. This is useful when failing over traffic across regions would not + improve service health or may need to be restricted for other reasons + like regulatory controls. + properties: + from: + description: Originating region. + type: string + to: + description: |- + Destination region the traffic will fail over to when endpoints in + the 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: |- + failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. + This is to support traffic failover across different groups of endpoints. + Two kinds of labels can be specified: + + - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. + Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: + + 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. + 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. + 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. + 4. All the other endpoints have priority P(N) i.e. lowest priority. + + - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. + Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: + + 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. + 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. + 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. + 4. All the other endpoints have priority P(N) i.e. lowest priority. + + Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. + + It can be any label specified on both client and server workloads. + The following labels which have special semantic meaning are also supported: + + - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. + - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. + - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. + - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. + - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. + + The below topology config indicates the following priority levels: + + ```yaml + failoverPriority: + - "topology.istio.io/network" + - "topology.kubernetes.io/region" + - "topology.kubernetes.io/zone" + - "topology.istio.io/subzone" + ``` + + 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. + 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. + 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. + 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. + 5. all the other endpoints have the same lowest priority. + + Suppose a service associated endpoints reside in multi clusters, the below example represents: + 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. + 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. + 2. all the other endpoints have P(2) priority. + + ```yaml + failoverPriority: + - "version=v1" + - "topology.istio.io/cluster=clusterA" + ``` + + Optional: only one of distribute, failover or failoverPriority can be set. + And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. + items: + type: string + type: array + type: object + meshMTLS: + description: "The below configuration parameters can be used + to specify TLSConfig for mesh traffic.\nFor example, a user + could enable min TLS version for ISTIO_MUTUAL traffic and + specify a curve for non ISTIO_MUTUAL traffic like below:\n```yaml\nmeshConfig:\n\n\tmeshMTLS:\n\t + \ minProtocolVersion: TLSV1_3\n\ttlsDefaults:\n\t Note: + applicable only for non ISTIO_MUTUAL scenarios\n\t ecdhCurves:\n\t + \ - P-256\n\t - P-512\n\n```\nConfiguration of mTLS + for traffic between workloads with ISTIO_MUTUAL TLS traffic.\n\nNote: + Mesh mTLS does not respect ECDH curves." + properties: + cipherSuites: + description: |- + Optional: If specified, the TLS connection will only support the specified cipher list when negotiating TLS 1.0-1.2. + If not specified, the following cipher suites will be used: + ``` + ECDHE-ECDSA-AES256-GCM-SHA384 + ECDHE-RSA-AES256-GCM-SHA384 + ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-RSA-AES128-GCM-SHA256 + AES256-GCM-SHA384 + AES128-GCM-SHA256 + ``` + items: + type: string + type: array + ecdhCurves: + description: |- + Optional: If specified, the TLS connection will only support the specified ECDH curves for the DH key exchange. + If not specified, the default curves enforced by Envoy will be used. For details about the default curves, refer to + [Ecdh Curves](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + items: + type: string + type: array + minProtocolVersion: + description: |- + Optional: the minimum TLS protocol version. The default minimum + TLS version will be TLS 1.2. As servers may not be Envoy and be + set to TLS 1.2 (e.g., workloads using mTLS without sidecars), the + minimum TLS version for clients may also be TLS 1.2. + In the current Istio implementation, the maximum TLS protocol version + is TLS 1.3. + enum: + - TLS_AUTO + - TLSV1_2 + - TLSV1_3 + type: string + type: object + outboundClusterStatName: + description: |- + Name to be used while emitting statistics for outbound clusters. The same pattern is used while computing stat prefix for + network filters like TCP and Redis. + By default, Istio emits statistics with the pattern `outbound|||`. + For example `outbound|8080|v2|reviews.prod.svc.cluster.local`. This can be used to override that pattern. + + A Pattern can be composed of various pre-defined variables. The following variables are supported. + + - `%SERVICE%` - Will be substituted with short hostname of the service. + - `%SERVICE_NAME%` - Will be substituted with name of the service. + - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. + - `%SERVICE_PORT%` - Will be substituted with port of the service. + - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. + - `%SUBSET_NAME%` - Will be substituted with subset. + + Following are some examples of supported patterns for reviews: + + - `%SERVICE_FQDN%_%SERVICE_PORT%` will use `reviews.prod.svc.cluster.local_7443` as the stats name. + - `%SERVICE%` will use reviews.prod as the stats name. + type: string + outboundTrafficPolicy: + description: |- + Set the default behavior of the sidecar for handling outbound + traffic from the application. + + Can be overridden at a Sidecar level by setting the `OutboundTrafficPolicy` in the + [Sidecar API](https://istio.io/docs/reference/config/networking/sidecar/#OutboundTrafficPolicy). + + Default mode is `ALLOW_ANY`, which means outbound traffic to unknown destinations will be allowed. + properties: + mode: + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + pathNormalization: + description: |- + ProxyPathNormalization configures how URL paths in incoming and outgoing HTTP requests are + normalized by the sidecars and gateways. + The normalized paths will be used in all aspects through the requests' lifetime on the + sidecars and gateways, which includes routing decisions in outbound direction (client proxy), + authorization policy match and enforcement in inbound direction (server proxy), and the URL + path proxied to the upstream service. + If not set, the NormalizationType.DEFAULT configuration will be used. + properties: + normalization: + enum: + - DEFAULT + - NONE + - BASE + - MERGE_SLASHES + - DECODE_AND_MERGE_SLASHES + type: string + type: object + protocolDetectionTimeout: + description: |- + Automatic protocol detection uses a set of heuristics to + determine whether the connection is using TLS or not (on the + server side), as well as the application protocol being used + (e.g., http vs tcp). These heuristics rely on the client sending + the first bits of data. For server first protocols like MySQL, + MongoDB, etc. Envoy will timeout on the protocol detection after + the specified period, defaulting to non mTLS plain TCP + traffic. Set this field to tweak the period that Envoy will wait + for the client to send the first bits of data. (MUST BE >=1ms or + 0s to disable). Default detection timeout is 0s (no timeout). + + Setting a timeout is not recommended nor safe. Even high timeouts (>5s) will be hit + occasionally, and when they occur the result is typically broken traffic that may not + recover on its own. Exceptionally high values might solve this, but injecting 60s delays + onto new connections is generally not tenable anyways. + type: string + proxyHttpPort: + description: Port on which Envoy should listen for HTTP PROXY + requests if set. + format: int32 + type: integer + proxyInboundListenPort: + description: |- + Port on which Envoy should listen for all inbound traffic to the pod/vm will be captured to. + Default port is 15006. + format: int32 + type: integer + proxyListenPort: + description: |- + Port on which Envoy should listen for all outbound traffic to other services. + Default port is 15001. + format: int32 + type: integer + rootNamespace: + description: |- + The namespace to treat as the administrative root namespace for + Istio configuration. When processing a leaf namespace Istio will search for + declarations in that namespace first and if none are found it will + search in the root namespace. Any matching declaration found in the root + namespace is processed as if it were declared in the leaf namespace. + + The precise semantics of this processing are documented on each resource + type. + type: string + serviceSettings: + description: Settings to be applied to select services. + items: + description: |- + Settings to be applied to select services. + + For example, the following configures all services in namespace "foo" as well as the + "bar" service in namespace "baz" to be considered cluster-local: + + ```yaml + serviceSettings: + - settings: + cluster_local: true + hosts: + - "*.foo.svc.cluster.local" + - "bar.baz.svc.cluster.local" + + ``` + properties: + hosts: + description: |- + The services to which the Settings should be applied. Services are selected using the hostname + matching rules used by DestinationRule. + + For example: foo.bar.svc.cluster.local, *.baz.svc.cluster.local + items: + type: string + type: array + settings: + description: The settings to apply to the selected services. + properties: + clusterLocal: + description: |- + If true, specifies that the client and service endpoints must reside in the same cluster. + By default, in multi-cluster deployments, the Istio control plane assumes all service + endpoints to be reachable from any client in any of the clusters which are part of the + mesh. This configuration option limits the set of service endpoints visible to a client + to be cluster scoped. + + There are some common scenarios when this can be useful: + + - A service (or group of services) is inherently local to the cluster and has local storage + for that cluster. For example, the kube-system namespace (e.g. the Kube API Server). + - A mesh administrator wants to slowly migrate services to Istio. They might start by first + having services cluster-local and then slowly transition them to mesh-wide. They could do + this service-by-service (e.g. mysvc.myns.svc.cluster.local) or as a group + (e.g. *.myns.svc.cluster.local). + + By default Istio will consider kubernetes.default.svc (i.e. the API Server) as well as all + services in the kube-system namespace to be cluster-local, unless explicitly overridden here. + type: boolean + type: object + type: object + type: array + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the socket + to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsDefaults: + description: |- + Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. + Currently, this supports configuration of ecdh_curves and cipher_suites only. + For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. + properties: + cipherSuites: + description: |- + Optional: If specified, the TLS connection will only support the specified cipher list when negotiating TLS 1.0-1.2. + If not specified, the following cipher suites will be used: + ``` + ECDHE-ECDSA-AES256-GCM-SHA384 + ECDHE-RSA-AES256-GCM-SHA384 + ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-RSA-AES128-GCM-SHA256 + AES256-GCM-SHA384 + AES128-GCM-SHA256 + ``` + items: + type: string + type: array + ecdhCurves: + description: |- + Optional: If specified, the TLS connection will only support the specified ECDH curves for the DH key exchange. + If not specified, the default curves enforced by Envoy will be used. For details about the default curves, refer to + [Ecdh Curves](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + items: + type: string + type: array + minProtocolVersion: + description: |- + Optional: the minimum TLS protocol version. The default minimum + TLS version will be TLS 1.2. As servers may not be Envoy and be + set to TLS 1.2 (e.g., workloads using mTLS without sidecars), the + minimum TLS version for clients may also be TLS 1.2. + In the current Istio implementation, the maximum TLS protocol version + is TLS 1.3. + enum: + - TLS_AUTO + - TLSV1_2 + - TLSV1_3 + type: string + type: object + trustDomain: + description: |- + The trust domain corresponds to the trust root of a system. + Refer to [SPIFFE-ID](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain) + type: string + trustDomainAliases: + description: |- + The trust domain aliases represent the aliases of `trust_domain`. + For example, if we have + ```yaml + trustDomain: td1 + trustDomainAliases: ["td2", "td3"] + ``` + Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`, + or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh. + items: + type: string + type: array + verifyCertificateAtClient: + description: |- + `VerifyCertificateAtClient` sets the mesh global default for peer certificate validation + at the client-side proxy when `SIMPLE` TLS or `MUTUAL` TLS (non `ISTIO_MUTUAL`) origination + modes are used. This setting can be overridden at the host level via DestinationRule API. + By default, `VerifyCertificateAtClient` is `true`. + + `CaCertificates`: If set, proxy verifies CA signature based on given CaCertificates. If unset, + and VerifyCertificateAtClient is true, proxy uses default System CA bundle. If unset and + `VerifyCertificateAtClient` is false, proxy will not verify the CA. + + `SubjectAltNames`: If set, proxy verifies subject alt names are present in the SAN. If unset, + and `VerifyCertificateAtClient` is true, proxy uses host in destination rule to verify the SANs. + If unset, and `VerifyCertificateAtClient` is false, proxy does not verify SANs. + + For SAN, client-side proxy will exact match host in `DestinationRule` as well as one level + wildcard if the specified host in DestinationRule doesn't contain a wildcard. + For example, if the host in `DestinationRule` is `x.y.com`, client-side proxy will + match either `x.y.com` or `*.y.com` for the SAN in the presented server certificate. + For wildcard host name in DestinationRule, client-side proxy will do a suffix match. For example, + if host is `*.x.y.com`, client-side proxy will verify the presented server certificate SAN matches + “.x.y.com` suffix. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + type: boolean + type: object + pilot: + description: Configuration for the Pilot component. + properties: + affinity: + description: K8s affinity to set on the Pilot Pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + autoscaleBehavior: + description: See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configurable-scaling-behavior + properties: + scaleDown: + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + scaleUp: + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + type: object + autoscaleEnabled: + description: Controls whether a HorizontalPodAutoscaler is + installed for Pilot. + type: boolean + autoscaleMax: + description: Maximum number of replicas in the HorizontalPodAutoscaler + for Pilot. + format: int32 + type: integer + autoscaleMin: + description: Minimum number of replicas in the HorizontalPodAutoscaler + for Pilot. + format: int32 + type: integer + cni: + description: Configures whether to use an existing CNI installation + for workloads + properties: + enabled: + description: Controls whether CNI should be used. + type: boolean + provider: + description: |- + Specifies the CNI provider. Can be either "default" or "multus". When set to "multus", an annotation + `k8s.v1.cni.cncf.io/networks` is set on injected pods to point to a NetworkAttachmentDefinition + type: string + type: object + configMap: + description: |- + Configuration settings passed to Pilot as a ConfigMap. + + This controls whether the mesh config map, generated from values.yaml is generated. + If false, pilot wil use default values or user-supplied values, in that order of preference. + type: boolean + cpu: + description: |- + Target CPU utilization used in HorizontalPodAutoscaler. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + targetAverageUtilization: + description: |- + K8s utilization setting for HorizontalPodAutoscaler target. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + format: int32 + type: integer + type: object + deploymentLabels: + additionalProperties: + type: string + description: |- + Labels that are added to Pilot deployment. + + See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + enabled: + description: Controls whether Pilot is enabled. + type: boolean + env: + additionalProperties: + type: string + description: "Environment variables passed to the Pilot container.\n\nExamples:\nenv:\n\n\tENV_VAR_1: + value1\n\tENV_VAR_2: value2" + type: object + extraContainerArgs: + description: Additional container arguments for the Pilot + container. + items: + type: string + type: array + hub: + description: Hub to pull the container image from. Image will + be `Hub/Image:Tag-Variant`. + type: string + image: + description: |- + Image name used for Pilot. + + This can be set either to image name if hub is also set, or can be set to the full hub:name string. + + Examples: custom-pilot, docker.io/someuser:custom-pilot + type: string + ipFamilies: + description: |- + Defines which IP family to use for single stack or the order of IP families for dual-stack. + Valid list items are "IPv4", "IPv6". + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + items: + type: string + type: array + ipFamilyPolicy: + description: |- + Controls whether Services are configured to use IPv4, IPv6, or both. Valid options + are PreferDualStack, RequireDualStack, and SingleStack. + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + type: string + jwksResolverExtraRootCA: + description: |- + Specifies an extra root certificate in PEM format. This certificate will be trusted + by pilot when resolving JWKS URIs. + type: string + keepaliveMaxServerConnectionAge: + description: |- + Maximum duration that a sidecar can be connected to a pilot. + + This setting balances out load across pilot instances, but adds some resource overhead. + + Examples: 300s, 30m, 1h + type: string + memory: + description: |- + Target memory utilization used in HorizontalPodAutoscaler. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + targetAverageUtilization: + description: |- + K8s utilization setting for HorizontalPodAutoscaler target. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + K8s node selector. + + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + podAnnotations: + additionalProperties: + type: string + description: |- + K8s annotations for pods. + + See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + podLabels: + additionalProperties: + type: string + description: |- + Labels that are added to Pilot pods. + + See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + replicaCount: + description: |- + Number of replicas in the Pilot Deployment. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + format: int32 + type: integer + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + rollingMaxSurge: + anyOf: + - type: integer + - type: string + description: |- + K8s rolling update strategy + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + x-kubernetes-int-or-string: true + rollingMaxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The number of pods that can be unavailable during a rolling update (see + `strategy.rollingUpdate.maxUnavailable` here: + https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec). + May be specified as a number of pods or as a percent of the total number + of pods at the start of the update. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + x-kubernetes-int-or-string: true + seccompProfile: + description: |- + The seccompProfile for the Pilot container. + + See: https://kubernetes.io/docs/tutorials/security/seccomp/ + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + description: K8s annotations for the service account + type: object + serviceAnnotations: + additionalProperties: + type: string + description: |- + K8s annotations for the Service. + + See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + tag: + description: The container image tag to pull. Image will be + `Hub/Image:Tag-Variant`. + type: string + taint: + properties: + enabled: + description: |- + Enable the untaint controller for new nodes. This aims to solve a race for CNI installation on + new nodes. For this to work, the newly added nodes need to have the istio CNI taint as they are + added to the cluster. This is usually done by configuring the cluster infra provider. + type: boolean + namespace: + description: The namespace of the CNI daemonset, incase + it's not the same as istiod. + type: string + type: object + tolerations: + description: |- + The node tolerations to be applied to the Pilot deployment so that it can be + scheduled to particular nodes with matching taints. + More info: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: The k8s topologySpreadConstraints for the Pilot + pods. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + traceSampling: + description: |- + Trace sampling fraction. + + Used to set the fraction of time that traces are sampled. Higher values are more accurate but add CPU overhead. + + Allowed values: 0.0 to 1.0 + type: number + trustedZtunnelNamespace: + description: |- + If set, `istiod` will allow connections from trusted node proxy ztunnels + in the provided namespace. + type: string + variant: + description: The container image variant to pull. Options + are "debug" or "distroless". Unset will use the default + for the given version. + type: string + volumeMounts: + description: Additional volumeMounts to add to the Pilot container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Additional volumes to add to the Pilot Pod. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + profile: + description: Specifies which installation configuration profile + to apply. + type: string + revision: + description: Identifies the revision this installation is associated + with. + type: string + revisionTags: + description: |- + Specifies the aliases for the Istio control plane revision. A MutatingWebhookConfiguration + is created for each alias. + items: + type: string + type: array + sidecarInjectorWebhook: + description: Configuration for the sidecar injector webhook. + properties: + alwaysInjectSelector: + description: See NeverInjectSelector. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + defaultTemplates: + description: 'defaultTemplates: ["sidecar", "hello"]' + items: + type: string + type: array + enableNamespacesByDefault: + description: Enables sidecar auto-injection in namespaces + by default. + type: boolean + injectedAnnotations: + additionalProperties: + type: string + description: |- + injectedAnnotations are additional annotations that will be added to the pod spec after injection + This is primarily to support PSP annotations. + type: object + injectionURL: + description: Configure the injection url for sidecar injector + webhook + type: string + neverInjectSelector: + description: |- + Instructs Istio to not inject the sidecar on those pods, based on labels that are present in those pods. + + Annotations in the pods have higher precedence than the label selectors. + Order of evaluation: Pod Annotations → NeverInjectSelector → AlwaysInjectSelector → Default Policy. + See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + reinvocationPolicy: + description: 'Setting this to `IfNeeded` will result in the + sidecar injector being run again if additional mutations + occur. Default: Never' + type: string + rewriteAppHTTPProbe: + description: If true, webhook or istioctl injector will rewrite + PodSpec for liveness health check to redirect request to + sidecar. This makes liveness check work even when mTLS is + enabled. + type: boolean + templates: + additionalProperties: + type: string + description: "Templates defines a set of custom injection + templates that can be used. For example, defining:\n\ntemplates:\n\n\thello: + |\n\t metadata:\n\t labels:\n\t hello: world\n\nThen + starting a pod with the `inject.istio.io/templates: hello` + annotation, will result in the pod\nbeing injected with + the hello=world labels.\nThis is intended for advanced configuration + only; most users should use the built in template" + type: object + type: object + telemetry: + description: Controls whether telemetry is exported for Pilot. + properties: + enabled: + description: Controls whether telemetry is exported for Pilot. + type: boolean + v2: + description: Configuration for Telemetry v2. + properties: + enabled: + description: Controls whether pilot will configure telemetry + v2. + type: boolean + prometheus: + description: Telemetry v2 settings for prometheus. + properties: + enabled: + description: Controls whether stats envoyfilter would + be enabled or not. + type: boolean + type: object + stackdriver: + description: Telemetry v2 settings for stackdriver. + properties: + enabled: + type: boolean + type: object + type: object + type: object + type: object + version: + default: v1.23.0 + description: |- + Defines the version of Istio to install. + Must be one of: v1.23.0, v1.22.4. + enum: + - v1.23.0 + - v1.22.4 + type: string + required: + - namespace + - version + type: object + x-kubernetes-validations: + - message: spec.values.global.istioNamespace must match spec.namespace + rule: '!has(self.values) || !has(self.values.global) || !has(self.values.global.istioNamespace) + || self.values.global.istioNamespace == self.__namespace__' + status: + description: IstioStatus defines the observed state of Istio + properties: + conditions: + description: Represents the latest available observations of the object's + current state. + items: + description: IstioCondition represents a specific observation of + the IstioCondition object's state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + the last transition. + type: string + reason: + description: Unique, single-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: The status of this condition. Can be True, False + or Unknown. + type: string + type: + description: The type of this condition. + type: string + type: object + type: array + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this + Istio object. It corresponds to the object's generation, which is + updated on mutation by the API Server. The information in the status + pertains to this particular generation of the object. + format: int64 + type: integer + revisions: + description: Reports information about the underlying IstioRevisions. + properties: + inUse: + description: Number of IstioRevisions that are currently in use. + format: int32 + type: integer + ready: + description: Number of IstioRevisions that are Ready. + format: int32 + type: integer + total: + description: Total number of IstioRevisions currently associated + with this Istio. + format: int32 + type: integer + required: + - inUse + - ready + - total + type: object + state: + description: Reports the current state of the object. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/sailoperator.io_remoteistios.yaml b/operators/sailoperator/0.1.0/manifests/sailoperator.io_remoteistios.yaml new file mode 100644 index 00000000000..b4a2c7677f0 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/sailoperator.io_remoteistios.yaml @@ -0,0 +1,8068 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.0 + creationTimestamp: null + name: remoteistios.sailoperator.io +spec: + group: sailoperator.io + names: + categories: + - istio-io + kind: RemoteIstio + listKind: RemoteIstioList + plural: remoteistios + singular: remoteistio + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Total number of IstioRevision objects currently associated with + this object. + jsonPath: .status.revisions.total + name: Revisions + type: string + - description: Number of revisions that are ready. + jsonPath: .status.revisions.ready + name: Ready + type: string + - description: Number of revisions that are currently being used by workloads. + jsonPath: .status.revisions.inUse + name: In use + type: string + - description: The current state of the active revision. + jsonPath: .status.state + name: Active Revision + type: string + - description: The version of the control plane installation. + jsonPath: .spec.version + name: Version + type: string + - description: The age of the object + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + RemoteIstio represents a remote Istio Service Mesh deployment consisting of one or more + remote control plane instances (represented by one or more IstioRevision objects). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: + namespace: istio-system + updateStrategy: + type: InPlace + version: v1.23.0 + description: RemoteIstioSpec defines the desired state of RemoteIstio + properties: + namespace: + default: istio-system + description: Namespace to which the Istio components should be installed. + type: string + profile: + description: |- + The built-in installation configuration profile to use. + The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. + Must be one of: ambient, default, demo, empty, openshift-ambient, openshift, preview, stable. + enum: + - ambient + - default + - demo + - empty + - openshift-ambient + - openshift + - preview + - stable + type: string + updateStrategy: + default: + type: InPlace + description: Defines the update strategy to use when the version in + the RemoteIstio CR is updated. + properties: + inactiveRevisionDeletionGracePeriodSeconds: + description: |- + Defines how many seconds the operator should wait before removing a non-active revision after all + the workloads have stopped using it. You may want to set this value on the order of minutes. + The minimum and the default value is 30. + format: int64 + minimum: 30 + type: integer + type: + default: InPlace + description: "Type of strategy to use. Can be \"InPlace\" or \"RevisionBased\". + When the \"InPlace\" strategy\nis used, the existing Istio control + plane is updated in-place. The workloads therefore\ndon't need + to be moved from one control plane instance to another. When + the \"RevisionBased\"\nstrategy is used, a new Istio control + plane instance is created for every change to the\nIstio.spec.version + field. The old control plane remains in place until all workloads + have\nbeen moved to the new control plane instance.\n\nThe \"InPlace\" + strategy is the default.\tTODO: change default to \"RevisionBased\"" + enum: + - InPlace + - RevisionBased + type: string + updateWorkloads: + description: |- + Defines whether the workloads should be moved from one control plane instance to another + automatically. If updateWorkloads is true, the operator moves the workloads from the old + control plane instance to the new one after the new control plane is ready. + If updateWorkloads is false, the user must move the workloads manually by updating the + istio.io/rev labels on the namespace and/or the pods. + Defaults to false. + type: boolean + type: object + values: + description: Defines the values to be passed to the Helm charts when + installing Istio. + properties: + base: + description: Configuration for the base component. + properties: + validationCABundle: + description: validation webhook CA bundle + type: string + validationURL: + description: URL to use for validating webhook. + type: string + type: object + compatibilityVersion: + description: |- + Specifies the compatibility version to use. When this is set, the control plane will + be configured with the same defaults as the specified version. + type: string + defaultRevision: + description: The name of the default revision in the cluster. + type: string + experimental: + description: Specifies experimental helm fields that could be + removed or changed in the future + x-kubernetes-preserve-unknown-fields: true + global: + description: Global configuration for Istio components. + properties: + arch: + description: "Specifies pod scheduling arch(amd64, ppc64le, + s390x, arm64) and weight as follows:\n\n\t0 - Never scheduled\n\t1 + - Least preferred\n\t2 - No preference\n\t3 - Most preferred\n\nDeprecated: + replaced by the affinity k8s settings which allows architecture + nodeAffinity configuration of this behavior.\n\nDeprecated: + Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto." + properties: + amd64: + description: Sets pod scheduling weight for amd64 arch + format: int32 + type: integer + arm64: + description: Sets pod scheduling weight for arm64 arch. + format: int32 + type: integer + ppc64le: + description: Sets pod scheduling weight for ppc64le arch. + format: int32 + type: integer + s390x: + description: Sets pod scheduling weight for s390x arch. + format: int32 + type: integer + type: object + caAddress: + description: The address of the CA for CSR. + type: string + caName: + description: |- + The name of the CA for workloads. + For example, when caName=GkeWorkloadCertificate, GKE workload certificates + will be used as the certificates for workloads. + The default value is "" and when caName="", the CA will be configured by other + mechanisms (e.g., environmental variable CA_PROVIDER). + type: string + certSigners: + description: List of certSigners to allow "approve" action + in the ClusterRole + items: + type: string + type: array + configCluster: + description: Controls whether a remote cluster is the config + cluster for an external istiod + type: boolean + configValidation: + description: Controls whether the server-side validation is + enabled. + type: boolean + defaultNodeSelector: + additionalProperties: + type: string + description: |- + Default k8s node selector for all the Istio control plane components + + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + defaultPodDisruptionBudget: + description: |- + Specifies the default pod disruption budget configuration. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + enabled: + description: Controls whether a PodDisruptionBudget with + a default minAvailable value of 1 is created for each + deployment. + type: boolean + type: object + defaultResources: + description: |- + Default k8s resources settings for all Istio control plane components. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + defaultTolerations: + description: |- + Default node tolerations to be applied to all deployments so that all pods can be + scheduled to nodes with matching taints. Each component can overwrite + these default values by adding its tolerations block in the relevant section below + and setting the desired values. + Configure this field in case that all pods of Istio control plane are expected to + be scheduled to particular nodes with specified taints. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + externalIstiod: + description: Controls whether one external istiod is enabled. + type: boolean + hub: + description: Specifies the docker hub for Istio images. + type: string + imagePullPolicy: + description: |- + Specifies the image pull policy for the Istio images. one of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. + + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + enum: + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: |- + ImagePullSecrets for the control plane ServiceAccount, list of secrets in the same namespace + to use for pulling any images in pods that reference this ServiceAccount. + Must be set for any cluster configured with private docker registry. + items: + type: string + type: array + ipFamilies: + description: |- + Defines which IP family to use for single stack or the order of IP families for dual-stack. + Valid list items are "IPv4", "IPv6". + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + items: + type: string + type: array + ipFamilyPolicy: + description: |- + Controls whether Services are configured to use IPv4, IPv6, or both. Valid options + are PreferDualStack, RequireDualStack, and SingleStack. + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + type: string + istioNamespace: + description: Specifies the default namespace for the Istio + control plane components. + type: string + istiod: + description: Specifies the configution of istiod + properties: + enableAnalysis: + description: If enabled, istiod will perform config analysis + type: boolean + type: object + jwtPolicy: + description: |- + Configure the policy for validating JWT. + This is deprecated and has no effect. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: string + logAsJson: + description: Specifies whether istio components should output + logs in json format by adding --log_as_json argument to + each container. + type: boolean + logging: + description: Specifies the global logging level settings for + the Istio control plane components. + properties: + level: + description: |- + Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + The control plane has different scopes depending on component, but can configure default log level across all components + If empty, default scope and level will be used as configured in code + type: string + type: object + meshID: + description: |- + The Mesh Identifier. It should be unique within the scope where + meshes will interact with each other, but it is not required to be + globally/universally unique. For example, if any of the following are true, + then two meshes must have different Mesh IDs: + - Meshes will have their telemetry aggregated in one place + - Meshes will be federated together + - Policy will be written referencing one mesh from the other + + If an administrator expects that any of these conditions may become true in + the future, they should ensure their meshes have different Mesh IDs + assigned. + + Within a multicluster mesh, each cluster must be (manually or auto) + configured to have the same Mesh ID value. If an existing cluster 'joins' a + multicluster mesh, it will need to be migrated to the new mesh ID. Details + of migration TBD, and it may be a disruptive operation to change the Mesh + ID post-install. + + If the mesh admin does not specify a value, Istio will use the value of the + mesh's Trust Domain. The best practice is to select a proper Trust Domain + value. + type: string + meshNetworks: + additionalProperties: + description: |- + Network provides information about the endpoints in a routable L3 + network. A single routable L3 network can have one or more service + registries. Note that the network has no relation to the locality of the + endpoint. The endpoint locality will be obtained from the service + registry. + properties: + endpoints: + description: |- + The list of endpoints in the network (obtained through the + constituent service registries or from CIDR ranges). All endpoints in + the network are directly accessible to one another. + items: + description: "NetworkEndpoints describes how the network + associated with an endpoint\nshould be inferred. + An endpoint will be assigned to a network based + on\nthe following rules:\n\n1. Implicitly: If the + registry explicitly provides information about\nthe + network to which the endpoint belongs to. In some + cases, its\npossible to indicate the network associated + with the endpoint by\nadding the `ISTIO_META_NETWORK` + environment variable to the sidecar.\n\n2. Explicitly:\n\n\ta. + By matching the registry name with one of the \"fromRegistry\"\n\tin + the mesh config. A \"from_registry\" can only be + assigned to a\n\tsingle network.\n\n\tb. By matching + the IP against one of the CIDR ranges in a mesh\n\tconfig + network. The CIDR ranges must not overlap and be + assigned to\n\ta single network.\n\n(2) will override + (1) if both are present." + properties: + fromCidr: + description: |- + A CIDR range for the set of endpoints in this network. The CIDR + ranges for endpoints from different networks must not overlap. + type: string + fromRegistry: + description: |- + Add all endpoints from the specified registry into this network. + The names of the registries should correspond to the kubeconfig file name + inside the secret that was used to configure the registry (Kubernetes + multicluster) or supplied by MCP server. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [fromCidr fromRegistry] + should be set + rule: (has(self.fromCidr)?1:0) + (has(self.fromRegistry)?1:0) + <= 1 + type: array + gateways: + description: Set of gateways associated with the network. + items: + description: |- + The gateway associated with this network. Traffic from remote networks + will arrive at the specified gateway:port. All incoming traffic must + use mTLS. + properties: + address: + description: IP address or externally resolvable + DNS address associated with the gateway. + type: string + locality: + description: The locality associated with an explicitly + specified gateway (i.e. ip) + type: string + port: + format: int32 + type: integer + registryServiceName: + description: |- + A fully qualified domain name of the gateway service. Pilot will + lookup the service from the service registries in the network and + obtain the endpoint IPs of the gateway from the service + registry. Note that while the service name is a fully qualified + domain name, it need not be resolvable outside the orchestration + platform for the registry. e.g., this could be + istio-ingressgateway.istio-system.svc.cluster.local. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [registryServiceName address] + should be set + rule: (has(self.registryServiceName)?1:0) + (has(self.address)?1:0) + <= 1 + type: array + type: object + description: "Configure the mesh networks to be used by the + Split Horizon EDS.\n\nThe following example defines two + networks with different endpoints association methods.\nFor + `network1` all endpoints that their IP belongs to the provided + CIDR range will be\nmapped to network1. The gateway for + this network example is specified by its public IP\naddress + and port.\nThe second network, `network2`, in this example + is defined differently with all endpoints\nretrieved through + the specified Multi-Cluster registry being mapped to network2. + The\ngateway is also defined differently with the name of + the gateway service on the remote\ncluster. The public IP + for the gateway will be determined from that remote service + (only\nLoadBalancer gateway service type is currently supported, + for a NodePort type gateway service,\nit still need to be + configured manually).\n\nmeshNetworks:\n\n\tnetwork1:\n\t + \ endpoints:\n\t - fromCidr: \"192.168.0.1/24\"\n\t gateways:\n\t + \ - address: 1.1.1.1\n\t port: 80\n\tnetwork2:\n\t endpoints:\n\t + \ - fromRegistry: reg1\n\t gateways:\n\t - registryServiceName: + istio-ingressgateway.istio-system.svc.cluster.local\n\t + \ port: 443" + type: object + mountMtlsCerts: + description: Controls whether the in-cluster MTLS key and + certs are loaded from the secret volume mounts. + type: boolean + multiCluster: + description: Specifies the Configuration for Istio mesh across + multiple clusters through Istio gateways. + properties: + clusterName: + description: |- + The name of the cluster this installation will run in. This is required for sidecar injection + to properly label proxies + type: string + enabled: + description: |- + Enables the connection between two kubernetes clusters via their respective ingressgateway services. + Use if the pods in each cluster cannot directly talk to one another. + type: boolean + globalDomainSuffix: + description: The suffix for global service names. + type: string + includeEnvoyFilter: + description: Enable envoy filter to translate `globalDomainSuffix` + to cluster local suffix for cross cluster communication. + type: boolean + type: object + network: + description: |- + Network defines the network this cluster belong to. This name + corresponds to the networks in the map of mesh networks. + type: string + omitSidecarInjectorConfigMap: + description: |- + Controls whether the creation of the sidecar injector ConfigMap should be skipped. + Defaults to false. When set to true, the sidecar injector ConfigMap will not be created. + type: boolean + operatorManageWebhooks: + description: |- + Controls whether the WebhookConfiguration resource(s) should be created. The current behavior + of Istiod is to manage its own webhook configurations. + When this option is set to true, Istio Operator, instead of webhooks, manages the + webhook configurations. When this option is set as false, webhooks manage their + own webhook configurations. + type: boolean + pilotCertProvider: + description: |- + Configure the Pilot certificate provider. + Currently, four providers are supported: "kubernetes", "istiod", "custom" and "none". + type: string + platform: + description: |- + Platform in which Istio is deployed. Possible values are: "openshift" and "gcp" + An empty value means it is a vanilla Kubernetes distribution, therefore no special + treatment will be considered. + type: string + podDNSSearchNamespaces: + description: |- + Custom DNS config for the pod to resolve names of services in other + clusters. Use this to add additional search domains, and other settings. + see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + This does not apply to gateway pods as they typically need a different + set of DNS settings than the normal application pods (e.g. in multicluster scenarios). + items: + type: string + type: array + priorityClassName: + description: |- + Specifies the k8s priorityClassName for the istio control plane components. + + See https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: string + proxy: + description: Specifies how proxies are configured within Istio. + properties: + autoInject: + description: Controls the 'policy' in the sidecar injector. + type: string + clusterDomain: + description: |- + Domain for the cluster, default: "cluster.local". + + K8s allows this to be customized, see https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/ + type: string + componentLogLevel: + description: |- + Per Component log level for proxy, applies to gateways and sidecars. + + If a component level is not set, then the global "logLevel" will be used. If left empty, "misc:error" is used. + type: string + enableCoreDump: + description: |- + Enables core dumps for newly injected sidecars. + + If set, newly injected sidecars will have core dumps enabled. + type: boolean + excludeIPRanges: + description: Lists the excluded IP ranges of Istio egress + traffic that the sidecar captures. + type: string + excludeInboundPorts: + description: Specifies the Istio ingress ports not to + capture. + type: string + excludeOutboundPorts: + description: A comma separated list of outbound ports + to be excluded from redirection to Envoy. + type: string + holdApplicationUntilProxyStarts: + description: |- + Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready + + Deprecated: replaced by ProxyConfig setting which allows per-pod configuration of this behavior. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: boolean + image: + description: |- + Image name or path for the proxy, default: "proxyv2". + + If registry or tag are not specified, global.hub and global.tag are used. + + Examples: my-proxy (uses global.hub/tag), docker.io/myrepo/my-proxy:v1.0.0 + type: string + includeIPRanges: + description: |- + Lists the IP ranges of Istio egress traffic that the sidecar captures. + + Example: "172.30.0.0/16,172.20.0.0/16" + This would only capture egress traffic on those two IP Ranges, all other outbound traffic would # be allowed by the sidecar." + type: string + includeInboundPorts: + description: |- + A comma separated list of inbound ports for which traffic is to be redirected to Envoy. + The wildcard character '*' can be used to configure redirection for all ports. + type: string + includeOutboundPorts: + description: A comma separated list of outbound ports + for which traffic is to be redirected to Envoy, regardless + of the destination IP. + type: string + lifecycle: + description: |- + The k8s lifecycle hooks definition (pod.spec.containers.lifecycle) for the proxy container. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + logLevel: + description: 'Log level for proxy, applies to gateways + and sidecars. If left empty, "warning" is used. Expected + values are: trace\|debug\|info\|warning\|error\|critical\|off' + type: string + outlierLogPath: + description: |- + Path to the file to which the proxy will write outlier detection logs. + + Example: "/dev/stdout" + This would write the logs to standard output. + type: string + privileged: + description: |- + Enables privileged securityContext for the istio-proxy container. + + See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: boolean + readinessFailureThreshold: + description: Sets the number of successive failed probes + before indicating readiness failure. + format: int32 + type: integer + readinessInitialDelaySeconds: + description: Sets the initial delay for readiness probes + in seconds. + format: int32 + type: integer + readinessPeriodSeconds: + description: Sets the interval between readiness probes + in seconds. + format: int32 + type: integer + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: Configures the startup probe for the istio-proxy + container. + properties: + enabled: + description: |- + Enables or disables a startup probe. + For optimal startup times, changing this should be tied to the readiness probe values. + + If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + and doesn't spam the readiness endpoint too much + + If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + type: boolean + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + format: int32 + type: integer + type: object + statusPort: + description: Default port used for the Pilot agent's health + checks. + format: int32 + type: integer + tracer: + description: |- + Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver. + If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + enum: + - zipkin + - lightstep + - datadog + - stackdriver + - openCensusAgent + - none + type: string + type: object + proxy_init: + description: Specifies the Configuration for proxy_init container + which sets the pods' networking to intercept the inbound/outbound + traffic. + properties: + image: + description: Specifies the image for the proxy_init container. + type: string + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + remotePilotAddress: + description: Specifies the Istio control plane’s pilot Pod + IP address or remote cluster DNS resolvable hostname. + type: string + revision: + description: Configures the revision this control plane is + a part of + type: string + sds: + description: Specifies the Configuration for the SecretDiscoveryService + instead of using K8S secrets to mount the certificates. + properties: + token: + description: 'Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto.' + properties: + aud: + type: string + type: object + type: object + sts: + description: Specifies the configuration for Security Token + Service. + properties: + servicePort: + format: int32 + type: integer + type: object + tag: + description: Specifies the tag for the Istio docker images. + type: string + tracer: + description: Specifies the Configuration for each of the supported + tracers. + properties: + datadog: + description: Configuration for the datadog tracing service. + properties: + address: + description: Address in host:port format for reporting + trace data to the Datadog agent. + type: string + type: object + lightstep: + description: Configuration for the lightstep tracing service. + properties: + accessToken: + description: Sets the lightstep access token. + type: string + address: + description: Sets the lightstep satellite pool address + in host:port format for reporting trace data. + type: string + type: object + stackdriver: + description: Configuration for the stackdriver tracing + service. + properties: + debug: + description: enables trace output to stdout. + type: boolean + maxNumberOfAnnotations: + description: The global default max number of annotation + events per span. + format: int32 + type: integer + maxNumberOfAttributes: + description: The global default max number of attributes + per span. + format: int32 + type: integer + maxNumberOfMessageEvents: + description: The global default max number of message + events per span. + format: int32 + type: integer + type: object + zipkin: + description: Configuration for the zipkin tracing service. + properties: + address: + description: |- + Address of zipkin instance in host:port format for reporting trace data. + + Example: .:941 + type: string + type: object + type: object + variant: + description: The variant of the Istio container images to + use. Options are "debug" or "distroless". Unset will use + the default for the given version. + type: string + waypoint: + description: Specifies how waypoints are configured within + Istio. + properties: + resources: + description: |- + K8s resource settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + type: object + istiodRemote: + description: Configuration for istiod-remote. + properties: + injectionCABundle: + description: injector ca bundle + type: string + injectionPath: + description: Path to use for the sidecar injector webhook + service. + type: string + injectionURL: + description: URL to use for sidecar injector webhook. + type: string + type: object + meshConfig: + description: |- + Defines runtime configuration of components, including Istiod and istio-agent behavior. + See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options. + properties: + accessLogEncoding: + description: |- + Encoding for the proxy access log (`TEXT` or `JSON`). + Default value is `TEXT`. + enum: + - TEXT + - JSON + type: string + accessLogFile: + description: |- + File address for the proxy access log (e.g. /dev/stdout). + Empty value disables access logging. + type: string + accessLogFormat: + description: |- + Format for the proxy access log + Empty value results in proxy's default access log format + type: string + ca: + description: |- + If specified, Istiod will authorize and forward the CSRs from the workloads to the specified external CA + using the Istio CA gRPC API. + properties: + address: + description: |- + REQUIRED. Address of the CA server implementing the Istio CA gRPC API. + Can be IP address or a fully qualified DNS name with port + Eg: custom-ca.default.svc.cluster.local:8932, 192.168.23.2:9000 + type: string + istiodSide: + description: |- + Use istiod_side to specify CA Server integrate to Istiod side or Agent side + Default: true + type: boolean + requestTimeout: + description: |- + timeout for forward CSR requests from Istiod to External CA + Default: 10s + type: string + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. + Regarding tls_settings: + - DISABLE MODE is legitimate for the case Istiod is making the request via an Envoy sidecar. + DISABLE MODE can also be used for testing + - TLS MUTUAL MODE be on by default. If the CA certificates + (cert bundle to verify the CA server's certificate) is omitted, Istiod will + use the system root certs to verify the CA server's certificate. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + required: + - address + type: object + caCertificates: + description: |- + The extra root certificates for workload-to-workload communication. + The plugin certificates (the 'cacerts' secret) or self-signed certificates (the 'istio-ca-secret' secret) + are automatically added by Istiod. + The CA certificate that signs the workload certificates is automatically added by Istio Agent. + items: + properties: + certSigners: + description: |- + when Istiod is acting as RA(registration authority) + If set, they are used for these signers. Otherwise, this trustAnchor is used for all signers. + items: + type: string + type: array + pem: + description: The PEM data of the certificate. + type: string + spiffeBundleUrl: + description: |- + The SPIFFE bundle endpoint URL that complies to: + https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#the-spiffe-trust-domain-and-bundle + The endpoint should support authentication based on Web PKI: + https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE_Trust_Domain_and_Bundle.md#521-web-pki + The certificate is retrieved from the endpoint. + type: string + trustDomains: + description: |- + Optional. Specify the list of trust domains to which this trustAnchor data belongs. + If set, they are used for these trust domains. Otherwise, this trustAnchor is used for default trust domain + and its aliases. + Note that we can have multiple trustAnchor data for a same trust_domain. + In that case, trustAnchors with a same trust domain will be merged and used together to verify peer certificates. + If neither cert_signers nor trust_domains is set, this trustAnchor is used for all trust domains and all signers. + If only trust_domains is set, this trustAnchor is used for these trust_domains and all signers. + If only cert_signers is set, this trustAnchor is used for these cert_signers and all trust domains. + If both cert_signers and trust_domains is set, this trustAnchor is only used for these signers and trust domains. + items: + type: string + type: array + type: object + x-kubernetes-validations: + - message: At most one of [pem spiffeBundleUrl] should be + set + rule: (has(self.pem)?1:0) + (has(self.spiffeBundleUrl)?1:0) + <= 1 + type: array + certificates: + description: |- + Configure the provision of certificates. + + Note: Deprecated, please refer to Cert-Manager or other cert provisioning solutions to sign DNS certificates. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + items: + description: "Certificate configures the provision of a + certificate and its key.\nExample 1: key and cert stored + in a secret\n```\n{ secretName: galley-cert\n\n\t secretNamespace: + istio-system\n\t dnsNames:\n\t - galley.istio-system.svc\n\t + \ - galley.mydomain.com\n\t}\n\n```\nExample 2: key + and cert stored in a directory\n```\n{ dnsNames:\n - + pilot.istio-system\n - pilot.istio-system.svc\n - pilot.mydomain.com\n + \ }\n\n```" + properties: + dnsNames: + description: |- + The DNS names for the certificate. A certificate may contain + multiple DNS names. + items: + type: string + type: array + secretName: + description: |- + Name of the secret the certificate and its key will be stored into. + If it is empty, it will not be stored into a secret. + Instead, the certificate and its key will be stored into a hard-coded directory. + type: string + type: object + type: array + configSources: + description: |- + ConfigSource describes a source of configuration data for networking + rules, and other Istio configuration artifacts. Multiple data sources + can be configured for a single control plane. + items: + description: |- + ConfigSource describes information about a configuration store inside a + mesh. A single control plane instance can interact with one or more data + sources. + properties: + address: + description: |- + Address of the server implementing the Istio Mesh Configuration + protocol (MCP). Can be IP address or a fully qualified DNS name. + Use xds:// to specify a grpc-based xds backend, k8s:// to specify a k8s controller or + fs:/// to specify a file-based backend with absolute path to the directory. + type: string + subscribedResources: + description: Describes the source of configuration, + if nothing is specified default is MCP + items: + description: Resource describes the source of configuration + enum: + - SERVICE_REGISTRY + type: string + type: array + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. If the MCP server + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + type: array + connectTimeout: + description: |- + Connection timeout used by Envoy. (MUST BE >=1ms) + Default timeout is 10s. + type: string + defaultConfig: + description: |- + Default proxy config used by gateway and sidecars. + In case of Kubernetes, the proxy config is applied once during the injection process, + and remain constant for the duration of the pod. The rest of the mesh config can be changed + at runtime and config gets distributed dynamically. + On Kubernetes, this can be overridden on individual pods with the `proxy.istio.io/config` annotation. + properties: + availabilityZone: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + binaryPath: + description: Path to the proxy binary + type: string + caCertificatesPem: + description: |- + The PEM data of the extra root certificates for workload-to-workload communication. + This includes the certificates defined in MeshConfig and any other certificates that Istiod uses as CA. + The plugin certificates (the 'cacerts' secret), self-signed certificates (the 'istio-ca-secret' secret) + are added automatically by Istiod. + items: + type: string + type: array + concurrency: + description: |- + The number of worker threads to run. + If unset, which is recommended, this will be automatically determined based on CPU requests/limits. + If set to 0, all cores on the machine will be used, ignoring CPU requests or limits. This can lead to major performance + issues if CPU limits are also set. + format: int32 + type: integer + configPath: + description: |- + Path to the generated configuration file directory. + Proxy agent generates the actual configuration and stores it in this directory. + type: string + controlPlaneAuthPolicy: + description: |- + AuthenticationPolicy defines how the proxy is authenticated when it connects to the control plane. + Default is set to `MUTUAL_TLS`. + enum: + - NONE + - MUTUAL_TLS + - INHERIT + type: string + customConfigFile: + description: |- + File path of custom proxy configuration, currently used by proxies + in front of Mixer and Pilot. + type: string + discoveryAddress: + description: |- + Address of the discovery service exposing xDS with mTLS connection. + The inject configuration may override this value. + type: string + discoveryRefreshDelay: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + drainDuration: + description: |- + restart. MUST be >=1s (e.g., _1s/1m/1h_) + Default drain duration is `45s`. + type: string + envoyAccessLogService: + description: |- + Address of the service to which access logs from Envoys should be + sent. (e.g. `accesslog-service:15000`). See [Access Log + Service](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/accesslog/v2/als.proto) + for details about Envoy's gRPC Access Log Service API. + properties: + address: + description: |- + Address of a remove service used for various purposes (access log + receiver, metrics receiver, etc.). Can be IP address or a fully + qualified DNS name. + type: string + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the + socket to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsSettings: + description: |- + Use the `tls_settings` to specify the tls mode to use. If the remote service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + envoyMetricsService: + description: |- + Address of the Envoy Metrics Service implementation (e.g. `metrics-service:15000`). + See [Metric Service](https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/metrics/v2/metrics_service.proto) + for details about Envoy's Metrics Service API. + properties: + address: + description: |- + Address of a remove service used for various purposes (access log + receiver, metrics receiver, etc.). Can be IP address or a fully + qualified DNS name. + type: string + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the + socket to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsSettings: + description: |- + Use the `tls_settings` to specify the tls mode to use. If the remote service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + type: object + envoyMetricsServiceAddress: + description: 'Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto.' + type: string + extraStatTags: + description: |- + An additional list of tags to extract from the in-proxy Istio telemetry. These extra tags can be + added by configuring the telemetry extension. Each additional tag needs to be present in this list. + Extra tags emitted by the telemetry extensions must be listed here so that they can be processed + and exposed as Prometheus metrics. + Deprecated: `istio.stats` is a native filter now, this field is no longer needed. + items: + type: string + type: array + gatewayTopology: + description: |- + Topology encapsulates the configuration which describes where the proxy is + located i.e. behind a (or N) trusted proxy (proxies) or directly exposed + to the internet. This configuration only effects gateways and is applied + to all the gateways in the cluster unless overridden via annotations of the + gateway workloads. + properties: + forwardClientCertDetails: + description: |- + Configures how the gateway proxy handles x-forwarded-client-cert (XFCC) + header in the incoming request. + enum: + - UNDEFINED + - SANITIZE + - FORWARD_ONLY + - APPEND_FORWARD + - SANITIZE_SET + - ALWAYS_FORWARD_ONLY + type: string + numTrustedProxies: + description: |- + Number of trusted proxies deployed in front of the Istio gateway proxy. + When this option is set to value N greater than zero, the trusted client + address is assumed to be the Nth address from the right end of the + X-Forwarded-For (XFF) header from the incoming request. If the + X-Forwarded-For (XFF) header is missing or has fewer than N addresses, the + gateway proxy falls back to using the immediate downstream connection's + source address as the trusted client address. + Note that the gateway proxy will append the downstream connection's source + address to the X-Forwarded-For (XFF) address and set the + X-Envoy-External-Address header to the trusted client address before + forwarding it to the upstream services in the cluster. + The default value of num_trusted_proxies is 0. + See [Envoy XFF](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#config-http-conn-man-headers-x-forwarded-for) + header handling for more details. + format: int32 + type: integer + proxyProtocol: + description: |- + Enables [PROXY protocol](http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt) for + downstream connections on a gateway. + type: object + type: object + holdApplicationUntilProxyStarts: + description: |- + Boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. + This feature adds hooks to delay application startup until the pod proxy + is ready to accept traffic, mitigating some startup race conditions. + Default value is 'false'. + type: boolean + image: + description: Specifies the details of the proxy image. + properties: + imageType: + description: |- + The image type of the image. + Istio publishes default, debug, and distroless images. + Other values are allowed if those image types (example: centos) are published to the specified hub. + supported values: default, debug, distroless. + type: string + type: object + interceptionMode: + description: The mode used to redirect inbound traffic + to Envoy. + enum: + - REDIRECT + - TPROXY + - NONE + type: string + meshId: + description: |- + The unique identifier for the [service mesh](https://istio.io/docs/reference/glossary/#service-mesh) + All control planes running in the same service mesh should specify the same mesh ID. + Mesh ID is used to label telemetry reports for cases where telemetry from multiple meshes is mixed together. + type: string + privateKeyProvider: + description: Specifies the details of the Private Key + Provider configuration for gateway and sidecar proxies. + properties: + cryptomb: + description: Use CryptoMb private key provider + properties: + fallback: + description: |- + If the private key provider isn’t available (eg. the required hardware capability doesn’t existed) + Envoy will fallback to the BoringSSL default implementation when the fallback is true. + The default value is false. + type: boolean + pollDelay: + description: |- + How long to wait until the per-thread processing queue should be processed. If the processing queue + gets full (eight sign or decrypt requests are received) it is processed immediately. + However, if the queue is not filled before the delay has expired, the requests already in the queue + are processed, even if the queue is not full. + In effect, this value controls the balance between latency and throughput. + The duration needs to be set to a value greater than or equal to 1 millisecond. + type: string + type: object + qat: + description: Use QAT private key provider + properties: + fallback: + description: |- + If the private key provider isn’t available (eg. the required hardware capability doesn’t existed) + Envoy will fallback to the BoringSSL default implementation when the fallback is true. + The default value is false. + type: boolean + pollDelay: + description: |- + How long to wait before polling the hardware accelerator after a request has been submitted there. + Having a small value leads to quicker answers from the hardware but causes more polling loop spins, + leading to potentially larger CPU usage. + The duration needs to be set to a value greater than or equal to 1 millisecond. + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [cryptomb qat] should be set + rule: (has(self.cryptomb)?1:0) + (has(self.qat)?1:0) + <= 1 + proxyAdminPort: + description: |- + Port on which Envoy should listen for administrative commands. + Default port is `15000`. + format: int32 + type: integer + proxyBootstrapTemplatePath: + description: Path to the proxy bootstrap template file + type: string + proxyHeaders: + description: "Define the set of headers to add/modify + for HTTP request/responses.\n\nTo enable an optional + header, simply set the field. If no specific configuration + is required, an empty object (`{}`) will enable it.\nNote: + currently all headers are enabled by default.\n\nBelow + shows an example of customizing the `server` header + and disabling the `X-Envoy-Attempt-Count` header:\n\n```yaml\nproxyHeaders:\n\n\tserver:\n\t + \ value: \"my-custom-server\"\n\trequestId: {} // Explicitly + enable Request IDs. As this is the default, this has + no effect.\n\tattemptCount:\n\t disabled: true\n\n```\n\nSome + headers are enabled by default, and require explicitly + disabling. See below for an example of disabling all + default-enabled headers:\n\n```yaml\nproxyHeaders:\n\n\tforwardedClientCert: + SANITIZE\n\tserver:\n\t disabled: true\n\trequestId:\n\t + \ disabled: true\n\tattemptCount:\n\t disabled: true\n\tenvoyDebugHeaders:\n\t + \ disabled: true\n\tmetadataExchangeHeaders:\n\t mode: + IN_MESH\n\n```" + properties: + attemptCount: + description: |- + Controls the `X-Envoy-Attempt-Count` header. + If enabled, this header will be added on outbound request headers (including gateways) that have retries configured. + If disabled, this header will not be set. If it is already present, it will be preserved. + This header is enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + envoyDebugHeaders: + description: |- + Controls various `X-Envoy-*` headers, such as `X-Envoy-Overloaded` and `X-Envoy-Upstream-Service-Time`. If enabled, + these headers will be included. + If disabled, these headers will not be set. If they are already present, they will be preserved. + See the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/router/v3/router.proto#envoy-v3-api-field-extensions-filters-http-router-v3-router-suppress-envoy-headers) for more details. + These headers are enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + forwardedClientCert: + description: |- + Controls the `X-Forwarded-Client-Cert` header for inbound sidecar requests. To set this on gateways, use the `Topology` setting. + To disable the header, configure either `SANITIZE` (to always remove the header, if present) or `FORWARD_ONLY` (to leave the header as-is). + By default, `APPEND_FORWARD` will be used. + enum: + - UNDEFINED + - SANITIZE + - FORWARD_ONLY + - APPEND_FORWARD + - SANITIZE_SET + - ALWAYS_FORWARD_ONLY + type: string + metadataExchangeHeaders: + description: |- + Controls Istio metadata exchange headers `X-Envoy-Peer-Metadata` and `X-Envoy-Peer-Metadata-Id`. + By default, the behavior is unspecified. + If IN_MESH, these headers will not be appended to outbound requests from sidecars to services not in-mesh. + properties: + mode: + enum: + - UNDEFINED + - IN_MESH + type: string + type: object + requestId: + description: |- + Controls the `X-Request-Id` header. If enabled, a request ID is generated for each request if one is not already set. + This applies to all types of traffic (inbound, outbound, and gateways). + If disabled, no request ID will be generate for the request. If it is already present, it will be preserved. + Warning: request IDs are a critical component to mesh tracing and logging, so disabling this is not recommended. + This header is enabled by default if not configured. + properties: + disabled: + type: boolean + type: object + server: + description: |- + Controls the `server` header. If enabled, the `Server: istio-envoy` header is set in response headers for inbound traffic (including gateways). + If disabled, the `Server` header is not modified. If it is already present, it will be preserved. + properties: + disabled: + type: boolean + value: + description: If set, and the server header is + enabled, this value will be set as the server + header. By default, `istio-envoy` will be used. + type: string + type: object + type: object + proxyMetadata: + additionalProperties: + type: string + description: |- + Additional environment variables for the proxy. + Names starting with `ISTIO_META_` will be included in the generated bootstrap and sent to the XDS server. + type: object + proxyStatsMatcher: + description: "Proxy stats matcher defines configuration + for reporting custom Envoy stats.\nTo reduce memory + and CPU overhead from Envoy stats system, Istio proxies + by\ndefault create and expose only a subset of Envoy + stats. This option is to\ncontrol creation of additional + Envoy stats with prefix, suffix, and regex\nexpressions + match on the name of the stats. This replaces the stats\ninclusion + annotations\n(`sidecar.istio.io/statsInclusionPrefixes`,\n`sidecar.istio.io/statsInclusionRegexps`, + and\n`sidecar.istio.io/statsInclusionSuffixes`). For + example, to enable stats\nfor circuit breakers, request + retries, upstream connections, and request timeouts,\nyou + can specify stats matcher as follows:\n```yaml\nproxyStatsMatcher:\n\n\tinclusionRegexps:\n\t + \ - .*outlier_detection.*\n\t - .*upstream_rq_retry.*\n\t + \ - .*upstream_cx_.*\n\tinclusionSuffixes:\n\t - upstream_rq_timeout\n\n```\nNote + including more Envoy stats might increase number of + time series\ncollected by prometheus significantly. + Care needs to be taken on Prometheus\nresource provision + and configuration to reduce cardinality." + properties: + inclusionPrefixes: + description: Proxy stats name prefix matcher for inclusion. + items: + type: string + type: array + inclusionRegexps: + description: Proxy stats name regexps matcher for + inclusion. + items: + type: string + type: array + inclusionSuffixes: + description: Proxy stats name suffix matcher for inclusion. + items: + type: string + type: array + type: object + readinessProbe: + description: |- + VM Health Checking readiness probe. This health check config exactly mirrors the + kubernetes readiness probe configuration both in schema and logic. + Only one health check method of 3 can be set at a time. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a + GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + default: "" + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to + perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + runtimeValues: + additionalProperties: + type: string + description: |- + Envoy [runtime configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/operations/runtime) to set during bootstrapping. + This enables setting experimental, unsafe, unsupported, and deprecated features that should be used with extreme caution. + type: object + sds: + description: |- + Secret Discovery Service(SDS) configuration to be used by the proxy. + + Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto. + properties: + enabled: + description: True if SDS is enabled. + type: boolean + k8sSaJwtPath: + description: Path of k8s service account JWT path. + type: string + type: object + serviceCluster: + description: |- + Service cluster defines the name for the `service_cluster` that is + shared by all Envoy instances. This setting corresponds to + `--service-cluster` flag in Envoy. In a typical Envoy deployment, the + `service-cluster` flag is used to identify the caller, for + source-based routing scenarios. + + Since Istio does not assign a local `service/service` version to each + Envoy instance, the name is same for all of them. However, the + source/caller's identity (e.g., IP address) is encoded in the + `--service-node` flag when launching Envoy. When the RDS service + receives API calls from Envoy, it uses the value of the `service-node` + flag to compute routes that are relative to the service instances + located at that IP address. + type: string + statNameLength: + description: |- + Maximum length of name field in Envoy's metrics. The length of the name field + is determined by the length of a name field in a service and the set of labels that + comprise a particular version of the service. The default value is set to 189 characters. + Envoy's internal metrics take up 67 characters, for a total of 256 character name per metric. + Increase the value of this field if you find that the metrics from Envoys are truncated. + format: int32 + type: integer + statsdUdpAddress: + description: IP Address and Port of a statsd UDP listener + (e.g. `10.75.241.127:9125`). + type: string + statusPort: + description: |- + Port on which the agent should listen for administrative commands such as readiness probe. + Default is set to port `15020`. + format: int32 + type: integer + terminationDrainDuration: + description: |- + The amount of time allowed for connections to complete on proxy shutdown. + On receiving `SIGTERM` or `SIGINT`, `istio-agent` tells the active Envoy to start gracefully draining, + discouraging any new connections and allowing existing connections to complete. It then + sleeps for the `termination_drain_duration` and then kills any remaining active Envoy processes. + If not set, a default of `5s` will be applied. + type: string + tracing: + description: Tracing configuration to be used by the proxy. + properties: + customTags: + additionalProperties: + description: |- + Configure custom tags that will be added to any active span. + Tags can be generated via literals, environment variables or an incoming request header. + properties: + environment: + description: |- + The custom tag's value should be populated from an environmental + variable + properties: + defaultValue: + description: |- + When the environment variable is not found, + the tag's value will be populated with this default value if specified, + otherwise the tag will not be populated. + type: string + name: + description: Name of the environment variable + used to populate the tag's value + type: string + type: object + header: + description: |- + The custom tag's value is populated by an http header from + an incoming request. + properties: + defaultValue: + description: |- + Default value to be used for the tag when the named HTTP header does not exist. + The tag will be skipped if no default value is provided. + type: string + name: + description: HTTP header name used to obtain + the value from to populate the tag value. + type: string + type: object + literal: + description: The custom tag's value is the specified + literal. + properties: + value: + description: Static literal value used to + populate the tag value. + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [literal environment header] + should be set + rule: (has(self.literal)?1:0) + (has(self.environment)?1:0) + + (has(self.header)?1:0) <= 1 + description: "and gateways).\nThe key represents the + name of the tag.\nEx:\n```yaml\ncustom_tags:\n\n\tnew_tag_name:\n\t + \ header:\n\t name: custom-http-header-name\n\t + \ default_value: defaulted-value-from-custom-header\n\n```" + type: object + datadog: + description: Use a Datadog tracer. + properties: + address: + description: Address of the Datadog Agent. + type: string + type: object + lightstep: + description: |- + Use a Lightstep tracer. + NOTE: For Istio 1.15+, this configuration option will result + in using OpenTelemetry-based Lightstep integration. + properties: + accessToken: + description: The Lightstep access token. + type: string + address: + description: Address of the Lightstep Satellite + pool. + type: string + type: object + maxPathTagLength: + description: |- + Configures the maximum length of the request path to extract and include in the + HttpUrl tag. Used to truncate length request paths to meet the needs of tracing + backend. If not set, then a length of 256 will be used. + format: int32 + type: integer + openCensusAgent: + description: Use an OpenCensus tracer exporting to + an OpenCensus agent. + properties: + address: + description: |- + gRPC address for the OpenCensus agent (e.g. dns://authority/host:port or + unix:path). See [gRPC naming + docs](https://github.com/grpc/grpc/blob/master/doc/naming.md) for + details. + type: string + context: + description: |- + Specifies the set of context propagation headers used for distributed + tracing. Default is `["W3C_TRACE_CONTEXT"]`. If multiple values are specified, + the proxy will attempt to read each header for each request and will + write all headers. + items: + description: |- + TraceContext selects the context propagation headers used for + distributed tracing. + enum: + - UNSPECIFIED + - W3C_TRACE_CONTEXT + - GRPC_BIN + - CLOUD_TRACE_CONTEXT + - B3 + type: string + type: array + type: object + sampling: + description: |- + The percentage of requests (0.0 - 100.0) that will be randomly selected for trace generation, + if not requested by the client or not forced. Default is 1.0. + type: number + stackdriver: + description: Use a Stackdriver tracer. + properties: + debug: + description: debug enables trace output to stdout. + type: boolean + maxNumberOfAnnotations: + description: |- + The global default max number of annotation events per span. + default is 200. + format: int64 + type: integer + maxNumberOfAttributes: + description: |- + The global default max number of attributes per span. + default is 200. + format: int64 + type: integer + maxNumberOfMessageEvents: + description: |- + The global default max number of message events per span. + default is 200. + format: int64 + type: integer + type: object + tlsSettings: + description: |- + Use the tls_settings to specify the tls mode to use. If the remote tracing service + uses Istio mutual TLS and shares the root CA with Pilot, specify the TLS + mode as `ISTIO_MUTUAL`. + properties: + caCertificates: + description: |- + OPTIONAL: The path to the file containing certificate authority + certificates to use in verifying a presented server certificate. If + omitted, the proxy will verify the server's certificate using + the OS CA certificates. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + caCrl: + description: |- + OPTIONAL: The path to the file containing the certificate revocation list (CRL) + to use in verifying a presented server certificate. `CRL` is a list of certificates + that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + If omitted, the proxy will not verify the certificate against the `crl`. + type: string + clientCertificate: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client-side TLS certificate to use. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + credentialName: + description: |- + The name of the secret that holds the TLS certs for the + client including the CA certificates. This secret must exist in + the namespace of the proxy using the certificates. + An Opaque secret should contain the following keys and values: + `key: `, `cert: `, `cacert: `, + `crl: ` + Here CACertificate is used to verify the server certificate. + For mutual TLS, `cacert: ` can be provided in the + same secret or a separate secret named `-cacert`. + A TLS secret for client certificates with an additional + `ca.crt` key for CA certificates and `ca.crl` key for + certificate revocation list(CRL) is also supported. + Only one of client certificates and CA certificate + or credentialName can be specified. + + **NOTE:** This field is applicable at sidecars only if + `DestinationRule` has a `workloadSelector` specified. + Otherwise the field will be applicable only at gateways, and + sidecars will continue to use the certificate paths. + type: string + insecureSkipVerify: + description: |- + `insecureSkipVerify` specifies whether the proxy should skip verifying the + CA signature and SAN for the server certificate corresponding to the host. + The default value of this field is false. + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured + using TLS. The value of this field determines how TLS is enforced. + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: |- + REQUIRED if mode is `MUTUAL`. The path to the file holding the + client's private key. + Should be empty if mode is `ISTIO_MUTUAL`. + type: string + sni: + description: |- + SNI string to present to the server during TLS handshake. + If unspecified, SNI will be automatically set based on downstream HTTP + host/authority header for SIMPLE and MUTUAL TLS modes. + type: string + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the + certificate. If specified, the proxy will verify that the server + certificate's subject alt name matches one of the specified values. + If specified, this list overrides the value of subject_alt_names + from the ServiceEntry. If unspecified, automatic validation of upstream + presented certificate for new upstream connections will be done based on the + downstream HTTP host/authority header. + items: + type: string + type: array + type: object + zipkin: + description: Use a Zipkin tracer. + properties: + address: + description: Address of the Zipkin service (e.g. + _zipkin:9411_). + type: string + type: object + type: object + x-kubernetes-validations: + - message: At most one of [zipkin lightstep datadog stackdriver + openCensusAgent] should be set + rule: (has(self.zipkin)?1:0) + (has(self.lightstep)?1:0) + + (has(self.datadog)?1:0) + (has(self.stackdriver)?1:0) + + (has(self.openCensusAgent)?1:0) <= 1 + tracingServiceName: + description: |- + Used by Envoy proxies to assign the values for the service names in trace + spans. + enum: + - APP_LABEL_AND_NAMESPACE + - CANONICAL_NAME_ONLY + - CANONICAL_NAME_AND_NAMESPACE + type: string + zipkinAddress: + description: |- + Address of the Zipkin service (e.g. _zipkin:9411_). + DEPRECATED: Use [tracing][istio.mesh.v1alpha1.ProxyConfig.tracing] instead. + + Deprecated: Marked as deprecated in mesh/v1alpha1/proxy.proto. + type: string + type: object + x-kubernetes-validations: + - message: At most one of [serviceCluster tracingServiceName] + should be set + rule: (has(self.serviceCluster)?1:0) + (has(self.tracingServiceName)?1:0) + <= 1 + defaultDestinationRuleExportTo: + description: |- + The default value for the `DestinationRule.export_to` field. Has the same + syntax as `default_service_export_to`. + + If not set the system will use "*" as the default value which implies that + destination rules are exported to all namespaces + items: + type: string + type: array + defaultHttpRetryPolicy: + description: "Configure the default HTTP retry policy.\nThe + default number of retry attempts is set at 2 for these errors:\n\n\t\"connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes\".\n\nSetting + the number of attempts to 0 disables retry policy globally.\nThis + setting can be overridden on a per-host basis using the + Virtual Service\nAPI.\nAll settings in the retry policy + except `perTryTimeout` can currently be\nconfigured globally + via this field." + properties: + attempts: + description: |- + Number of retries to be allowed for a given request. The interval + between retries will be determined automatically (25ms+). When request + `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) + or `per_try_timeout` is configured, the actual number of retries attempted also depends on + the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. + The maximum possible number of requests made will be 1 + `attempts`. + format: int32 + type: integer + perTryTimeout: + description: |- + Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. + Default is same value as request + `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), + which means no timeout. + type: string + retryOn: + description: |- + Specifies the conditions under which retry takes place. + One or more policies can be specified using a ‘,’ delimited list. + See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) + and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + + In addition to the policies specified above, a list of HTTP status codes can be passed, such as `retryOn: "503,reset"`. + Note these status codes refer to the actual responses received from the destination. + For example, if a connection is reset, Istio will translate this to 503 for it's response. + However, the destination did not return a 503 error, so this would not match `"503"` (it would, however, match `"reset"`). + + If not specified, this defaults to `connect-failure,refused-stream,unavailable,cancelled,503`. + type: string + retryRemoteLocalities: + description: |- + Flag to specify whether the retries should retry to other localities. + See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. + type: boolean + type: object + defaultProviders: + description: Specifies extension providers to use by default + in Istio configuration resources. + properties: + accessLogging: + description: Name of the default provider(s) for access + logging. + items: + type: string + type: array + metrics: + description: Name of the default provider(s) for metrics. + items: + type: string + type: array + tracing: + description: Name of the default provider(s) for tracing. + items: + type: string + type: array + type: object + defaultServiceExportTo: + description: |- + The default value for the ServiceEntry.export_to field and services + imported through container registry integrations, e.g. this applies to + Kubernetes Service resources. The value is a list of namespace names and + reserved namespace aliases. The allowed namespace aliases are: + ``` + * - All Namespaces + . - Current Namespace + ~ - No Namespace + ``` + If not set the system will use "*" as the default value which implies that + services are exported to all namespaces. + + `All namespaces` is a reasonable default for implementations that don't + need to restrict access or visibility of services across namespace + boundaries. If that requirement is present it is generally good practice to + make the default `Current namespace` so that services are only visible + within their own namespaces by default. Operators can then expand the + visibility of services to other namespaces as needed. Use of `No Namespace` + is expected to be rare but can have utility for deployments where + dependency management needs to be precise even within the scope of a single + namespace. + + For further discussion see the reference documentation for `ServiceEntry`, + `Sidecar`, and `Gateway`. + items: + type: string + type: array + defaultVirtualServiceExportTo: + description: |- + The default value for the VirtualService.export_to field. Has the same + syntax as `default_service_export_to`. + + If not set the system will use "*" as the default value which implies that + virtual services are exported to all namespaces + items: + type: string + type: array + disableEnvoyListenerLog: + description: |- + This flag disables Envoy Listener logs. + See [Listener Access Log](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-access-log) + Istio Enables Envoy's listener access logs on "NoRoute" response flag. + Default value is `false`. + type: boolean + discoverySelectors: + description: |- + A list of Kubernetes selectors that specify the set of namespaces that Istio considers when + computing configuration updates for sidecars. This can be used to reduce Istio's computational load + by limiting the number of entities (including services, pods, and endpoints) that are watched and processed. + If omitted, Istio will use the default behavior of processing all namespaces in the cluster. + Elements in the list are disjunctive (OR semantics), i.e. a namespace will be included if it matches any selector. + The following example selects any namespace that matches either below: + 1. The namespace has both of these labels: `env: prod` and `region: us-east1` + 2. The namespace has label `app` equal to `cassandra` or `spark`. + ```yaml + discoverySelectors: + - matchLabels: + env: prod + region: us-east1 + - matchExpressions: + - key: app + operator: In + values: + - cassandra + - spark + + ``` + Refer to the [Kubernetes selector docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) + for additional detail on selector semantics. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + dnsRefreshRate: + description: |- + Configures DNS refresh rate for Envoy clusters of type `STRICT_DNS` + Default refresh rate is `60s`. + type: string + enableAutoMtls: + description: |- + This flag is used to enable mutual `TLS` automatically for service to service communication + within the mesh, default true. + If set to true, and a given service does not have a corresponding `DestinationRule` configured, + or its `DestinationRule` does not have ClientTLSSettings specified, Istio configures client side + TLS configuration appropriately. More specifically, + If the upstream authentication policy is in `STRICT` mode, use Istio provisioned certificate + for mutual `TLS` to connect to upstream. + If upstream service is in plain text mode, use plain text. + If the upstream authentication policy is in PERMISSIVE mode, Istio configures clients to use + mutual `TLS` when server sides are capable of accepting mutual `TLS` traffic. + If service `DestinationRule` exists and has `ClientTLSSettings` specified, that is always used instead. + type: boolean + enableEnvoyAccessLogService: + description: |- + This flag enables Envoy's gRPC Access Log Service. + See [Access Log Service](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/grpc/v3/als.proto) + for details about Envoy's gRPC Access Log Service API. + Default value is `false`. + type: boolean + enablePrometheusMerge: + description: |- + If enabled, Istio agent will merge metrics exposed by the application with metrics from Envoy + and Istio agent. The sidecar injection will replace `prometheus.io` annotations present on the pod + and redirect them towards Istio agent, which will then merge metrics of from the application with Istio metrics. + This relies on the annotations `prometheus.io/scrape`, `prometheus.io/port`, and + `prometheus.io/path` annotations. + If you are running a separately managed Envoy with an Istio sidecar, this may cause issues, as the metrics will collide. + In this case, it is recommended to disable aggregation on that deployment with the + `prometheus.istio.io/merge-metrics: "false"` annotation. + If not specified, this will be enabled by default. + type: boolean + enableTracing: + description: |- + Flag to control generation of trace spans and request IDs. + Requires a trace span collector defined in the proxy configuration. + type: boolean + extensionProviders: + description: |- + Defines a list of extension providers that extend Istio's functionality. For example, the AuthorizationPolicy + can be used with an extension provider to delegate the authorization decision to a custom authorization system. + items: + properties: + datadog: + description: Configures a Datadog tracing provider. + properties: + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the Datadog agent. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "datadog.default.svc.cluster.local" or "bar/datadog.example.com". + type: string + required: + - port + - service + type: object + envoyExtAuthzGrpc: + description: Configures an external authorizer that + implements the Envoy ext_authz filter authorization + check service using the gRPC API. + properties: + failOpen: + description: |- + If true, the HTTP request or TCP connection will be allowed even if the communication with the authorization service has failed, + or if the authorization service has returned a HTTP 5xx error. + Default is false. For HTTP request, it will be rejected with 403 (HTTP Forbidden). For TCP connection, it will be closed immediately. + type: boolean + includeRequestBodyInCheck: + description: If set, the client request body will + be included in the authorization request sent + to the authorization service. + properties: + allowPartialMessage: + description: |- + When this field is true, ext-authz filter will buffer the message until max_request_bytes is reached. + The authorization request will be dispatched and no 413 HTTP error will be returned by the filter. + A "x-envoy-auth-partial-body: false|true" metadata header will be added to the authorization request message + indicating if the body data is partial. + type: boolean + maxRequestBytes: + description: |- + Sets the maximum size of a message body that the ext-authz filter will hold in memory. + If max_request_bytes is reached, and allow_partial_message is false, Envoy will return a 413 (Payload Too Large). + Otherwise the request will be sent to the provider with a partial message. + Note that this setting will have precedence over the fail_open field, the 413 will be returned even when the + fail_open is set to true. + format: int32 + type: integer + packAsBytes: + description: |- + If true, the body sent to the external authorization service in the gRPC authorization request is set with raw bytes + in the [raw_body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L153). + Otherwise, it will be filled with UTF-8 string in the [body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L147). + This field only works with the envoy_ext_authz_grpc provider and has no effect for the envoy_ext_authz_http provider. + type: boolean + type: object + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ext_authz gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "my-ext-authz.foo.svc.cluster.local" or "bar/my-ext-authz.example.com". + type: string + statusOnError: + description: |- + Sets the HTTP status that is returned to the client when there is a network error to the authorization service. + The default status is "403" (HTTP Forbidden). + type: string + timeout: + description: |- + The maximum duration that the proxy will wait for a response from the provider, this is the timeout for a specific request (default timeout: 600s). + When this timeout condition is met, the proxy marks the communication to the authorization service as failure. + In this situation, the response sent back to the client will depend on the configured `fail_open` field. + type: string + required: + - port + - service + type: object + envoyExtAuthzHttp: + description: Configures an external authorizer that + implements the Envoy ext_authz filter authorization + check service using the HTTP API. + properties: + failOpen: + description: |- + If true, the user request will be allowed even if the communication with the authorization service has failed, + or if the authorization service has returned a HTTP 5xx error. + Default is false and the request will be rejected with "Forbidden" response. + type: boolean + headersToDownstreamOnAllow: + description: |- + List of headers from the authorization service that should be forwarded to downstream when the authorization + check result is allowed (HTTP code 200). + If not specified, the original response will not be modified and forwarded to downstream as-is. + Note, any existing headers will be overridden. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + headersToDownstreamOnDeny: + description: |- + List of headers from the authorization service that should be forwarded to downstream when the authorization + check result is not allowed (HTTP code other than 200). + If not specified, all the authorization response headers, except *Authority (Host)* will be in the response to + the downstream. + When a header is included in this list, *Path*, *Status*, *Content-Length*, *WWWAuthenticate* and *Location* are + automatically added. + Note, the body from the authorization service is always included in the response to downstream. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + headersToUpstreamOnAllow: + description: |- + List of headers from the authorization service that should be added or overridden in the original request and + forwarded to the upstream when the authorization check result is allowed (HTTP code 200). + If not specified, the original request will not be modified and forwarded to backend as-is. + Note, any existing headers will be overridden. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + includeAdditionalHeadersInCheck: + additionalProperties: + type: string + description: |- + Set of additional fixed headers that should be included in the authorization request sent to the authorization service. + Key is the header name and value is the header value. + Note that client request of the same key or headers specified in include_request_headers_in_check will be overridden. + type: object + includeHeadersInCheck: + description: |- + DEPRECATED. Use include_request_headers_in_check instead. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + items: + type: string + type: array + includeRequestBodyInCheck: + description: If set, the client request body will + be included in the authorization request sent + to the authorization service. + properties: + allowPartialMessage: + description: |- + When this field is true, ext-authz filter will buffer the message until max_request_bytes is reached. + The authorization request will be dispatched and no 413 HTTP error will be returned by the filter. + A "x-envoy-auth-partial-body: false|true" metadata header will be added to the authorization request message + indicating if the body data is partial. + type: boolean + maxRequestBytes: + description: |- + Sets the maximum size of a message body that the ext-authz filter will hold in memory. + If max_request_bytes is reached, and allow_partial_message is false, Envoy will return a 413 (Payload Too Large). + Otherwise the request will be sent to the provider with a partial message. + Note that this setting will have precedence over the fail_open field, the 413 will be returned even when the + fail_open is set to true. + format: int32 + type: integer + packAsBytes: + description: |- + If true, the body sent to the external authorization service in the gRPC authorization request is set with raw bytes + in the [raw_body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L153). + Otherwise, it will be filled with UTF-8 string in the [body field](https://github.com/envoyproxy/envoy/blame/cffb095d59d7935abda12b9509bcd136808367bb/api/envoy/service/auth/v3/attribute_context.proto#L147). + This field only works with the envoy_ext_authz_grpc provider and has no effect for the envoy_ext_authz_http provider. + type: boolean + type: object + includeRequestHeadersInCheck: + description: |- + List of client request headers that should be included in the authorization request sent to the authorization service. + Note that in addition to the headers specified here following headers are included by default: + 1. *Host*, *Method*, *Path* and *Content-Length* are automatically sent. + 2. *Content-Length* will be set to 0 and the request will not have a message body. However, the authorization + request can include the buffered client request body (controlled by include_request_body_in_check setting), + consequently the value of Content-Length of the authorization request reflects the size of its payload size. + + Exact, prefix and suffix matches are supported (similar to the + [authorization policy rule syntax](https://istio.io/latest/docs/reference/config/security/authorization-policy/#Rule) + except the presence match): + - Exact match: "abc" will match on value "abc". + - Prefix match: "abc*" will match on value "abc" and "abcd". + - Suffix match: "*abc" will match on value "abc" and "xabc". + items: + type: string + type: array + pathPrefix: + description: |- + Sets a prefix to the value of authorization request header *Path*. + For example, setting this to "/check" for an original user request at path "/admin" will cause the + authorization check request to be sent to the authorization service at the path "/check/admin" instead of "/admin". + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ext_authz HTTP authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "my-ext-authz.foo.svc.cluster.local" or "bar/my-ext-authz.example.com". + type: string + statusOnError: + description: |- + Sets the HTTP status that is returned to the client when there is a network error to the authorization service. + The default status is "403" (HTTP Forbidden). + type: string + timeout: + description: |- + The maximum duration that the proxy will wait for a response from the provider (default timeout: 600s). + When this timeout condition is met, the proxy marks the communication to the authorization service as failure. + In this situation, the response sent back to the client will depend on the configured `fail_open` field. + type: string + required: + - port + - service + type: object + envoyFileAccessLog: + description: Configures an Envoy File Access Log provider. + properties: + logFormat: + description: Optional. Allows overriding of the + default access log format. + properties: + labels: + additionalProperties: + type: string + description: "JSON structured format for the + envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)\ncan + be used as values for fields within the Struct. + Values are rendered\nas strings, numbers, + or boolean values, as appropriate\n(see: [format + dictionaries](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-dictionaries)). + Nested JSON is\nsupported for some command + operators (e.g. `FILTER_STATE` or `DYNAMIC_METADATA`).\nUse + `labels: {}` for default envoy JSON log format.\n\nExample:\n```\nlabels:\n\n\tstatus: + \"%RESPONSE_CODE%\"\n\tmessage: \"%LOCAL_REPLY_BODY%\"\n\n```" + type: object + text: + description: |- + Textual format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be + used in the format. The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) + provides more information. + + NOTE: Istio will insert a newline ('\n') on all formats (if missing). + + Example: `text: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%"` + type: string + type: object + x-kubernetes-validations: + - message: At most one of [text labels] should be + set + rule: (has(self.text)?1:0) + (has(self.labels)?1:0) + <= 1 + path: + description: |- + Path to a local file to write the access log entries. + This may be used to write to streams, via `/dev/stderr` and `/dev/stdout` + If unspecified, defaults to `/dev/stdout`. + type: string + type: object + envoyHttpAls: + description: Configures an Envoy Access Logging Service + provider for HTTP traffic. + properties: + additionalRequestHeadersToLog: + description: Optional. Additional request headers + to log. + items: + type: string + type: array + additionalResponseHeadersToLog: + description: Optional. Additional response headers + to log. + items: + type: string + type: array + additionalResponseTrailersToLog: + description: Optional. Additional response trailers + to log. + items: + type: string + type: array + filterStateObjectsToLog: + description: Optional. Additional filter state objects + to log. + items: + type: string + type: array + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "http_envoy_accesslog" + - "listener_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + envoyOtelAls: + description: Configures an Envoy Open Telemetry Access + Logging Service provider. + properties: + logFormat: + description: |- + Optional. Format for the proxy access log + Empty value results in proxy's default access log format, following Envoy access logging formatting. + properties: + labels: + additionalProperties: + type: string + description: "Optional. Additional attributes + that describe the specific event occurrence.\nStructured + format for the envoy access logs. Envoy [command + operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators)\ncan + be used as values for fields within the Struct. + Values are rendered\nas strings, numbers, + or boolean values, as appropriate\n(see: [format + dictionaries](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-dictionaries)). + Nested JSON is\nsupported for some command + operators (e.g. FILTER_STATE or DYNAMIC_METADATA).\nAlias + to `attributes` filed in [Open Telemetry](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto)\n\nExample:\n```\nlabels:\n\n\tstatus: + \"%RESPONSE_CODE%\"\n\tmessage: \"%LOCAL_REPLY_BODY%\"\n\n```" + type: object + text: + description: |- + Textual format for the envoy access logs. Envoy [command operators](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators) may be + used in the format. The [format string documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-strings) + provides more information. + Alias to `body` filed in [Open Telemetry](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/access_loggers/open_telemetry/v3/logs_service.proto) + Example: `text: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%"` + type: string + type: object + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "otel_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + envoyTcpAls: + description: Configures an Envoy Access Logging Service + provider for TCP traffic. + properties: + filterStateObjectsToLog: + description: Optional. Additional filter state objects + to log. + items: + type: string + type: array + logName: + description: |- + Optional. The friendly name of the access log. + Defaults: + - "tcp_envoy_accesslog" + - "listener_envoy_accesslog" + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that implements the Envoy ALS gRPC authorization service. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "envoy-als.foo.svc.cluster.local" or "bar/envoy-als.example.com". + type: string + required: + - port + - service + type: object + lightstep: + description: |- + Configures a Lightstep tracing provider. + Deprecated: For Istio 1.15+, please use an OpenTelemetryTracingProvider instead, more details can be found at https://github.com/istio/istio/issues/40027 + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + properties: + accessToken: + description: The Lightstep access token. + type: string + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the Lightstep collector. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "lightstep.default.svc.cluster.local" or "bar/lightstep.example.com". + type: string + required: + - port + - service + type: object + name: + description: REQUIRED. A unique name identifying the + extension provider. + type: string + opencensus: + description: |- + Configures an OpenCensusAgent tracing provider. + Deprecated: OpenCensus is deprecated, more details can be found at https://opentelemetry.io/blog/2023/sunsetting-opencensus/ + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + properties: + context: + description: |- + Specifies the set of context propagation headers used for distributed + tracing. Default is `["W3C_TRACE_CONTEXT"]`. If multiple values are specified, + the proxy will attempt to read each header for each request and will + write all headers. + items: + description: |- + TraceContext selects the context propagation headers used for + distributed tracing. + enum: + - UNSPECIFIED + - W3C_TRACE_CONTEXT + - GRPC_BIN + - CLOUD_TRACE_CONTEXT + - B3 + type: string + type: array + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the OpenCensusAgent. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "ocagent.default.svc.cluster.local" or "bar/ocagent.example.com". + type: string + required: + - port + - service + type: object + opentelemetry: + description: Configures an OpenTelemetry tracing provider. + properties: + dynatraceSampler: + description: |- + The Dynatrace adaptive traffic management (ATM) sampler. + + Example configuration: + + ```yaml + - name: otel-tracing + opentelemetry: + port: 443 + service: "{your-environment-id}.live.dynatrace.com" + http: + path: "/api/v2/otlp/v1/traces" + timeout: 10s + headers: + - name: "Authorization" + value: "Api-Token dt0c01." + resource_detectors: + dynatrace: {} + dynatrace_sampler: + tenant: "{your-environment-id}" + cluster_id: 1234 + properties: + clusterId: + description: |- + REQUIRED. The identifier of the cluster in the Dynatrace platform. + The cluster here is Dynatrace-specific concept and not related to the cluster concept in Istio/Envoy. + + The value can be obtained from the Istio deployment page in Dynatrace. + format: int32 + type: integer + httpService: + description: |- + Optional. Dynatrace HTTP API to obtain sampling configuration. + + When not provided, the Dynatrace Sampler will re-use the configuration from the OpenTelemetryTracingProvider HTTP Exporter + (`service`, `port` and `http`), including the access token. + properties: + http: + description: REQUIRED. Specifies sampling + configuration URI. + properties: + headers: + description: |- + Optional. Allows specifying custom HTTP headers that will be added + to each HTTP request sent. + items: + properties: + name: + description: REQUIRED. The HTTP + header name. + type: string + value: + description: REQUIRED. The HTTP + header value. + type: string + required: + - name + - value + type: object + type: array + path: + description: REQUIRED. Specifies the + path on the service. + type: string + timeout: + description: |- + Optional. Specifies the timeout for the HTTP request. + If not specified, the default is 3s. + type: string + required: + - path + type: object + port: + description: REQUIRED. Specifies the port + of the service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the Dynatrace environment to obtain the sampling configuration. + The format is ``, where `` is the fully qualified Dynatrace environment + host name defined in the ServiceEntry. + + Example: "{your-environment-id}.live.dynatrace.com". + type: string + required: + - http + - port + - service + type: object + rootSpansPerMinute: + description: |- + Optional. Number of sampled spans per minute to be used + when the adaptive value cannot be obtained from the Dynatrace API. + + A default value of `1000` is used when: + + - `root_spans_per_minute` is unset + - `root_spans_per_minute` is set to 0 + format: int32 + type: integer + tenant: + description: |- + REQUIRED. The Dynatrace customer's tenant identifier. + + The value can be obtained from the Istio deployment page in Dynatrace. + type: string + required: + - clusterId + - tenant + type: object + http: + description: "Optional. Specifies the configuration + for exporting OTLP traces via HTTP.\nWhen empty, + traces will be exported via gRPC.\n\nThe following + example shows how to configure the OpenTelemetry + ExtensionProvider to export via HTTP:\n\n1. Add/change + the OpenTelemetry extension provider in `MeshConfig`\n```yaml\n + \ - name: otel-tracing\n opentelemetry:\n port: + 443\n service: my.olly-backend.com\n http:\n + \ path: \"/api/otlp/traces\"\n timeout: 10s\n + \ headers:\n - name: \"my-custom-header\"\n + \ value: \"some value\"\n\n```\n\n2. Deploy + a `ServiceEntry` for the observability back-end\n```yaml\napiVersion: + networking.istio.io/v1alpha3\nkind: ServiceEntry\nmetadata:\n\n\tname: + my-olly-backend\n\nspec:\n\n\thosts:\n\t- my.olly-backend.com\n\tports:\n\t- + number: 443\n\t name: https-port\n\t protocol: + HTTPS\n\tresolution: DNS\n\tlocation: MESH_EXTERNAL\n\n---\napiVersion: + networking.istio.io/v1alpha3\nkind: DestinationRule\nmetadata:\n\n\tname: + my-olly-backend\n\nspec:\n\n\thost: my.olly-backend.com\n\ttrafficPolicy:\n\t + \ portLevelSettings:\n\t - port:\n\t number: + 443\n\t tls:\n\t mode: SIMPLE\n\n```" + properties: + headers: + description: |- + Optional. Allows specifying custom HTTP headers that will be added + to each HTTP request sent. + items: + properties: + name: + description: REQUIRED. The HTTP header + name. + type: string + value: + description: REQUIRED. The HTTP header + value. + type: string + required: + - name + - value + type: object + type: array + path: + description: REQUIRED. Specifies the path on + the service. + type: string + timeout: + description: |- + Optional. Specifies the timeout for the HTTP request. + If not specified, the default is 3s. + type: string + required: + - path + type: object + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + resourceDetectors: + description: |- + Optional. Specifies [Resource Detectors](https://opentelemetry.io/docs/specs/otel/resource/sdk/) + to be used by the OpenTelemetry Tracer. When multiple resources are provided, they are merged + according to the OpenTelemetry [Resource specification](https://opentelemetry.io/docs/specs/otel/resource/sdk/#merge). + + The following example shows how to configure the Environment Resource Detector, that will + read the attributes from the environment variable `OTEL_RESOURCE_ATTRIBUTES`: + + ```yaml + - name: otel-tracing + opentelemetry: + port: 443 + service: my.olly-backend.com + resource_detectors: + environment: {} + + ``` + properties: + dynatrace: + description: |- + Dynatrace Resource Detector. + The resource detector reads from the Dynatrace enrichment files + and adds host/process related attributes to the OpenTelemetry resource. + + See: [Enrich ingested data with Dynatrace-specific dimensions](https://docs.dynatrace.com/docs/shortlink/enrichment-files) + type: object + environment: + description: |- + OpenTelemetry Environment Resource Detector. + The resource detector reads attributes from the environment variable `OTEL_RESOURCE_ATTRIBUTES` + and adds them to the OpenTelemetry resource. + + See: [Resource specification](https://opentelemetry.io/docs/specs/otel/resource/sdk/#specifying-resource-information-via-an-environment-variable) + type: object + type: object + service: + description: |- + REQUIRED. Specifies the OpenTelemetry endpoint that will receive OTLP traces. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "otlp.default.svc.cluster.local" or "bar/otlp.example.com". + type: string + required: + - port + - service + type: object + x-kubernetes-validations: + - message: At most one of [dynatraceSampler] should + be set + rule: (has(self.dynatraceSampler)?1:0) <= 1 + prometheus: + description: Configures a Prometheus metrics provider. + type: object + skywalking: + description: Configures a Apache SkyWalking provider. + properties: + accessToken: + description: Optional. The SkyWalking OAP access + token. + type: string + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service for the SkyWalking receiver. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "skywalking.default.svc.cluster.local" or "bar/skywalking.example.com". + type: string + required: + - port + - service + type: object + stackdriver: + description: Configures a Stackdriver provider. + properties: + debug: + description: |- + debug enables trace output to stdout. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + type: boolean + logging: + description: Optional. Controls Stackdriver logging + behavior. + properties: + labels: + additionalProperties: + type: string + description: "Collection of tag names and tag + expressions to include in the log\nentry. + Conflicts are resolved by the tag name by + overriding previously\nsupplied values.\n\nExample:\n\n\tlabels:\n\t + \ path: request.url_path\n\t foo: request.headers['x-foo']" + type: object + type: object + maxNumberOfAnnotations: + description: |- + The global default max number of annotation events per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxNumberOfAttributes: + description: |- + The global default max number of attributes per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxNumberOfMessageEvents: + description: |- + The global default max number of message events per span. + default is 200. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + format: int64 + type: integer + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + type: object + zipkin: + description: Configures a tracing provider that uses + the Zipkin API. + properties: + enable64bitTraceId: + description: |- + Optional. A 128 bit trace id will be used in Istio. + If true, will result in a 64 bit trace id being used. + type: boolean + maxTagLength: + description: |- + Optional. Controls the overall path length allowed in a reported span. + NOTE: currently only controls max length of the path tag. + format: int32 + type: integer + port: + description: REQUIRED. Specifies the port of the + service. + format: int32 + type: integer + service: + description: |- + REQUIRED. Specifies the service that the Zipkin API. + The format is `[/]`. The specification of `` is required only when it is insufficient + to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + service defined by the Kubernetes service or ServiceEntry. + + Example: "zipkin.default.svc.cluster.local" or "bar/zipkin.example.com". + type: string + required: + - port + - service + type: object + required: + - name + type: object + x-kubernetes-validations: + - message: At most one of [envoyExtAuthzHttp envoyExtAuthzGrpc + zipkin lightstep datadog stackdriver opencensus skywalking + opentelemetry prometheus envoyFileAccessLog envoyHttpAls + envoyTcpAls envoyOtelAls] should be set + rule: (has(self.envoyExtAuthzHttp)?1:0) + (has(self.envoyExtAuthzGrpc)?1:0) + + (has(self.zipkin)?1:0) + (has(self.lightstep)?1:0) + + (has(self.datadog)?1:0) + (has(self.stackdriver)?1:0) + + (has(self.opencensus)?1:0) + (has(self.skywalking)?1:0) + + (has(self.opentelemetry)?1:0) + (has(self.prometheus)?1:0) + + (has(self.envoyFileAccessLog)?1:0) + (has(self.envoyHttpAls)?1:0) + + (has(self.envoyTcpAls)?1:0) + (has(self.envoyOtelAls)?1:0) + <= 1 + maxItems: 1000 + type: array + h2UpgradePolicy: + description: |- + Specify if http1.1 connections should be upgraded to http2 by default. + if sidecar is installed on all pods in the mesh, then this should be set to `UPGRADE`. + If one or more services or namespaces do not have sidecar(s), then this should be set to `DO_NOT_UPGRADE`. + It can be enabled by destination using the `destinationRule.trafficPolicy.connectionPool.http.h2UpgradePolicy` override. + enum: + - DO_NOT_UPGRADE + - UPGRADE + type: string + inboundClusterStatName: + description: |- + Name to be used while emitting statistics for inbound clusters. The same pattern is used while computing stat prefix for + network filters like TCP and Redis. + By default, Istio emits statistics with the pattern `inbound|||`. + For example `inbound|7443|grpc-reviews|reviews.prod.svc.cluster.local`. This can be used to override that pattern. + + A Pattern can be composed of various pre-defined variables. The following variables are supported. + + - `%SERVICE%` - Will be substituted with short hostname of the service. + - `%SERVICE_NAME%` - Will be substituted with name of the service. + - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. + - `%SERVICE_PORT%` - Will be substituted with port of the service. + - `%TARGET_PORT%` - Will be substituted with the target port of the service. + - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. + + Following are some examples of supported patterns for reviews: + + - `%SERVICE_FQDN%_%SERVICE_PORT%` will use reviews.prod.svc.cluster.local_7443 as the stats name. + - `%SERVICE%` will use reviews.prod as the stats name. + type: string + inboundTrafficPolicy: + description: |- + Set the default behavior of the sidecar for handling inbound + traffic to the application. If your application listens on + localhost, you will need to set this to `LOCALHOST`. + properties: + mode: + enum: + - PASSTHROUGH + - LOCALHOST + type: string + type: object + ingressClass: + description: |- + Class of ingress resources to be processed by Istio ingress + controller. This corresponds to the value of + `kubernetes.io/ingress.class` annotation. + type: string + ingressControllerMode: + description: |- + Defines whether to use Istio ingress controller for annotated or all ingress resources. + Default mode is `STRICT`. + enum: + - UNSPECIFIED + - "OFF" + - DEFAULT + - STRICT + type: string + ingressSelector: + description: |- + Defines which gateway deployment to use as the Ingress controller. This field corresponds to + the Gateway.selector field, and will be set as `istio: INGRESS_SELECTOR`. + By default, `ingressgateway` is used, which will select the default IngressGateway as it has the + `istio: ingressgateway` labels. + It is recommended that this is the same value as ingress_service. + type: string + ingressService: + description: |- + Name of the Kubernetes service used for the istio ingress controller. + If no ingress controller is specified, the default value `istio-ingressgateway` is used. + type: string + localityLbSetting: + description: |- + Locality based load balancing distribution or failover settings. + If unspecified, locality based load balancing will be enabled by default. + However, this requires outlierDetection to actually take effect for a particular + service, see https://istio.io/latest/docs/tasks/traffic-management/locality-load-balancing/failover/ + properties: + distribute: + description: |- + Optional: only one of distribute, failover or failoverPriority can be set. + Explicitly specify loadbalancing weight across different zones and geographical locations. + Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) + If empty, the locality weight is set according to the endpoints number within it. + items: + description: |- + Describes how traffic originating in the 'from' zone or sub-zone is + distributed over a set of 'to' zones. Syntax for specifying a zone is + {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any + segment of the specification. Examples: + + `*` - matches all localities + + `us-west/*` - all zones and sub-zones within the us-west region + + `us-west/zone-1/*` - all sub-zones within us-west/zone-1 + properties: + from: + description: Originating locality, '/' separated, + e.g. 'region/zone/sub_zone'. + type: string + to: + additionalProperties: + format: int32 + type: integer + description: |- + Map of upstream localities to traffic distribution weights. The sum of + all weights should be 100. Any locality not present will + receive no traffic. + type: object + type: object + type: array + enabled: + description: |- + enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. + e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. + type: boolean + failover: + description: |- + Optional: only one of distribute, failover or failoverPriority can be set. + Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. + Should be used together with OutlierDetection to detect unhealthy endpoints. + Note: if no OutlierDetection specified, this will not take effect. + items: + description: |- + Specify the traffic failover policy across regions. Since zone and sub-zone + failover is supported by default this only needs to be specified for + regions when the operator needs to constrain traffic failover so that + the default behavior of failing over to any endpoint globally does not + apply. This is useful when failing over traffic across regions would not + improve service health or may need to be restricted for other reasons + like regulatory controls. + properties: + from: + description: Originating region. + type: string + to: + description: |- + Destination region the traffic will fail over to when endpoints in + the 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: |- + failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. + This is to support traffic failover across different groups of endpoints. + Two kinds of labels can be specified: + + - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. + Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: + + 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. + 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. + 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. + 4. All the other endpoints have priority P(N) i.e. lowest priority. + + - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. + Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: + + 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. + 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. + 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. + 4. All the other endpoints have priority P(N) i.e. lowest priority. + + Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. + + It can be any label specified on both client and server workloads. + The following labels which have special semantic meaning are also supported: + + - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. + - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. + - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. + - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. + - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. + + The below topology config indicates the following priority levels: + + ```yaml + failoverPriority: + - "topology.istio.io/network" + - "topology.kubernetes.io/region" + - "topology.kubernetes.io/zone" + - "topology.istio.io/subzone" + ``` + + 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. + 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. + 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. + 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. + 5. all the other endpoints have the same lowest priority. + + Suppose a service associated endpoints reside in multi clusters, the below example represents: + 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. + 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. + 2. all the other endpoints have P(2) priority. + + ```yaml + failoverPriority: + - "version=v1" + - "topology.istio.io/cluster=clusterA" + ``` + + Optional: only one of distribute, failover or failoverPriority can be set. + And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. + items: + type: string + type: array + type: object + meshMTLS: + description: "The below configuration parameters can be used + to specify TLSConfig for mesh traffic.\nFor example, a user + could enable min TLS version for ISTIO_MUTUAL traffic and + specify a curve for non ISTIO_MUTUAL traffic like below:\n```yaml\nmeshConfig:\n\n\tmeshMTLS:\n\t + \ minProtocolVersion: TLSV1_3\n\ttlsDefaults:\n\t Note: + applicable only for non ISTIO_MUTUAL scenarios\n\t ecdhCurves:\n\t + \ - P-256\n\t - P-512\n\n```\nConfiguration of mTLS + for traffic between workloads with ISTIO_MUTUAL TLS traffic.\n\nNote: + Mesh mTLS does not respect ECDH curves." + properties: + cipherSuites: + description: |- + Optional: If specified, the TLS connection will only support the specified cipher list when negotiating TLS 1.0-1.2. + If not specified, the following cipher suites will be used: + ``` + ECDHE-ECDSA-AES256-GCM-SHA384 + ECDHE-RSA-AES256-GCM-SHA384 + ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-RSA-AES128-GCM-SHA256 + AES256-GCM-SHA384 + AES128-GCM-SHA256 + ``` + items: + type: string + type: array + ecdhCurves: + description: |- + Optional: If specified, the TLS connection will only support the specified ECDH curves for the DH key exchange. + If not specified, the default curves enforced by Envoy will be used. For details about the default curves, refer to + [Ecdh Curves](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + items: + type: string + type: array + minProtocolVersion: + description: |- + Optional: the minimum TLS protocol version. The default minimum + TLS version will be TLS 1.2. As servers may not be Envoy and be + set to TLS 1.2 (e.g., workloads using mTLS without sidecars), the + minimum TLS version for clients may also be TLS 1.2. + In the current Istio implementation, the maximum TLS protocol version + is TLS 1.3. + enum: + - TLS_AUTO + - TLSV1_2 + - TLSV1_3 + type: string + type: object + outboundClusterStatName: + description: |- + Name to be used while emitting statistics for outbound clusters. The same pattern is used while computing stat prefix for + network filters like TCP and Redis. + By default, Istio emits statistics with the pattern `outbound|||`. + For example `outbound|8080|v2|reviews.prod.svc.cluster.local`. This can be used to override that pattern. + + A Pattern can be composed of various pre-defined variables. The following variables are supported. + + - `%SERVICE%` - Will be substituted with short hostname of the service. + - `%SERVICE_NAME%` - Will be substituted with name of the service. + - `%SERVICE_FQDN%` - Will be substituted with FQDN of the service. + - `%SERVICE_PORT%` - Will be substituted with port of the service. + - `%SERVICE_PORT_NAME%` - Will be substituted with port name of the service. + - `%SUBSET_NAME%` - Will be substituted with subset. + + Following are some examples of supported patterns for reviews: + + - `%SERVICE_FQDN%_%SERVICE_PORT%` will use `reviews.prod.svc.cluster.local_7443` as the stats name. + - `%SERVICE%` will use reviews.prod as the stats name. + type: string + outboundTrafficPolicy: + description: |- + Set the default behavior of the sidecar for handling outbound + traffic from the application. + + Can be overridden at a Sidecar level by setting the `OutboundTrafficPolicy` in the + [Sidecar API](https://istio.io/docs/reference/config/networking/sidecar/#OutboundTrafficPolicy). + + Default mode is `ALLOW_ANY`, which means outbound traffic to unknown destinations will be allowed. + properties: + mode: + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + pathNormalization: + description: |- + ProxyPathNormalization configures how URL paths in incoming and outgoing HTTP requests are + normalized by the sidecars and gateways. + The normalized paths will be used in all aspects through the requests' lifetime on the + sidecars and gateways, which includes routing decisions in outbound direction (client proxy), + authorization policy match and enforcement in inbound direction (server proxy), and the URL + path proxied to the upstream service. + If not set, the NormalizationType.DEFAULT configuration will be used. + properties: + normalization: + enum: + - DEFAULT + - NONE + - BASE + - MERGE_SLASHES + - DECODE_AND_MERGE_SLASHES + type: string + type: object + protocolDetectionTimeout: + description: |- + Automatic protocol detection uses a set of heuristics to + determine whether the connection is using TLS or not (on the + server side), as well as the application protocol being used + (e.g., http vs tcp). These heuristics rely on the client sending + the first bits of data. For server first protocols like MySQL, + MongoDB, etc. Envoy will timeout on the protocol detection after + the specified period, defaulting to non mTLS plain TCP + traffic. Set this field to tweak the period that Envoy will wait + for the client to send the first bits of data. (MUST BE >=1ms or + 0s to disable). Default detection timeout is 0s (no timeout). + + Setting a timeout is not recommended nor safe. Even high timeouts (>5s) will be hit + occasionally, and when they occur the result is typically broken traffic that may not + recover on its own. Exceptionally high values might solve this, but injecting 60s delays + onto new connections is generally not tenable anyways. + type: string + proxyHttpPort: + description: Port on which Envoy should listen for HTTP PROXY + requests if set. + format: int32 + type: integer + proxyInboundListenPort: + description: |- + Port on which Envoy should listen for all inbound traffic to the pod/vm will be captured to. + Default port is 15006. + format: int32 + type: integer + proxyListenPort: + description: |- + Port on which Envoy should listen for all outbound traffic to other services. + Default port is 15001. + format: int32 + type: integer + rootNamespace: + description: |- + The namespace to treat as the administrative root namespace for + Istio configuration. When processing a leaf namespace Istio will search for + declarations in that namespace first and if none are found it will + search in the root namespace. Any matching declaration found in the root + namespace is processed as if it were declared in the leaf namespace. + + The precise semantics of this processing are documented on each resource + type. + type: string + serviceSettings: + description: Settings to be applied to select services. + items: + description: |- + Settings to be applied to select services. + + For example, the following configures all services in namespace "foo" as well as the + "bar" service in namespace "baz" to be considered cluster-local: + + ```yaml + serviceSettings: + - settings: + cluster_local: true + hosts: + - "*.foo.svc.cluster.local" + - "bar.baz.svc.cluster.local" + + ``` + properties: + hosts: + description: |- + The services to which the Settings should be applied. Services are selected using the hostname + matching rules used by DestinationRule. + + For example: foo.bar.svc.cluster.local, *.baz.svc.cluster.local + items: + type: string + type: array + settings: + description: The settings to apply to the selected services. + properties: + clusterLocal: + description: |- + If true, specifies that the client and service endpoints must reside in the same cluster. + By default, in multi-cluster deployments, the Istio control plane assumes all service + endpoints to be reachable from any client in any of the clusters which are part of the + mesh. This configuration option limits the set of service endpoints visible to a client + to be cluster scoped. + + There are some common scenarios when this can be useful: + + - A service (or group of services) is inherently local to the cluster and has local storage + for that cluster. For example, the kube-system namespace (e.g. the Kube API Server). + - A mesh administrator wants to slowly migrate services to Istio. They might start by first + having services cluster-local and then slowly transition them to mesh-wide. They could do + this service-by-service (e.g. mysvc.myns.svc.cluster.local) or as a group + (e.g. *.myns.svc.cluster.local). + + By default Istio will consider kubernetes.default.svc (i.e. the API Server) as well as all + services in the kube-system namespace to be cluster-local, unless explicitly overridden here. + type: boolean + type: object + type: object + type: array + tcpKeepalive: + description: If set then set `SO_KEEPALIVE` on the socket + to enable TCP Keepalives. + properties: + interval: + description: |- + The time duration between keep-alive probes. + Default is to use the OS level configuration + (unless overridden, Linux defaults to 75s.) + type: string + probes: + description: |- + Maximum number of keepalive probes to send without response before + deciding the connection is dead. Default is to use the OS level configuration + (unless overridden, Linux defaults to 9.) + format: int32 + type: integer + time: + description: |- + The time duration a connection needs to be idle before keep-alive + probes start being sent. Default is to use the OS level configuration + (unless overridden, Linux defaults to 7200s (ie 2 hours.) + type: string + type: object + tlsDefaults: + description: |- + Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. + Currently, this supports configuration of ecdh_curves and cipher_suites only. + For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. + properties: + cipherSuites: + description: |- + Optional: If specified, the TLS connection will only support the specified cipher list when negotiating TLS 1.0-1.2. + If not specified, the following cipher suites will be used: + ``` + ECDHE-ECDSA-AES256-GCM-SHA384 + ECDHE-RSA-AES256-GCM-SHA384 + ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-RSA-AES128-GCM-SHA256 + AES256-GCM-SHA384 + AES128-GCM-SHA256 + ``` + items: + type: string + type: array + ecdhCurves: + description: |- + Optional: If specified, the TLS connection will only support the specified ECDH curves for the DH key exchange. + If not specified, the default curves enforced by Envoy will be used. For details about the default curves, refer to + [Ecdh Curves](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + items: + type: string + type: array + minProtocolVersion: + description: |- + Optional: the minimum TLS protocol version. The default minimum + TLS version will be TLS 1.2. As servers may not be Envoy and be + set to TLS 1.2 (e.g., workloads using mTLS without sidecars), the + minimum TLS version for clients may also be TLS 1.2. + In the current Istio implementation, the maximum TLS protocol version + is TLS 1.3. + enum: + - TLS_AUTO + - TLSV1_2 + - TLSV1_3 + type: string + type: object + trustDomain: + description: |- + The trust domain corresponds to the trust root of a system. + Refer to [SPIFFE-ID](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain) + type: string + trustDomainAliases: + description: |- + The trust domain aliases represent the aliases of `trust_domain`. + For example, if we have + ```yaml + trustDomain: td1 + trustDomainAliases: ["td2", "td3"] + ``` + Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`, + or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh. + items: + type: string + type: array + verifyCertificateAtClient: + description: |- + `VerifyCertificateAtClient` sets the mesh global default for peer certificate validation + at the client-side proxy when `SIMPLE` TLS or `MUTUAL` TLS (non `ISTIO_MUTUAL`) origination + modes are used. This setting can be overridden at the host level via DestinationRule API. + By default, `VerifyCertificateAtClient` is `true`. + + `CaCertificates`: If set, proxy verifies CA signature based on given CaCertificates. If unset, + and VerifyCertificateAtClient is true, proxy uses default System CA bundle. If unset and + `VerifyCertificateAtClient` is false, proxy will not verify the CA. + + `SubjectAltNames`: If set, proxy verifies subject alt names are present in the SAN. If unset, + and `VerifyCertificateAtClient` is true, proxy uses host in destination rule to verify the SANs. + If unset, and `VerifyCertificateAtClient` is false, proxy does not verify SANs. + + For SAN, client-side proxy will exact match host in `DestinationRule` as well as one level + wildcard if the specified host in DestinationRule doesn't contain a wildcard. + For example, if the host in `DestinationRule` is `x.y.com`, client-side proxy will + match either `x.y.com` or `*.y.com` for the SAN in the presented server certificate. + For wildcard host name in DestinationRule, client-side proxy will do a suffix match. For example, + if host is `*.x.y.com`, client-side proxy will verify the presented server certificate SAN matches + “.x.y.com` suffix. + + Deprecated: Marked as deprecated in mesh/v1alpha1/config.proto. + type: boolean + type: object + pilot: + description: Configuration for the Pilot component. + properties: + affinity: + description: K8s affinity to set on the Pilot Pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + autoscaleBehavior: + description: See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#configurable-scaling-behavior + properties: + scaleDown: + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + scaleUp: + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + type: object + autoscaleEnabled: + description: Controls whether a HorizontalPodAutoscaler is + installed for Pilot. + type: boolean + autoscaleMax: + description: Maximum number of replicas in the HorizontalPodAutoscaler + for Pilot. + format: int32 + type: integer + autoscaleMin: + description: Minimum number of replicas in the HorizontalPodAutoscaler + for Pilot. + format: int32 + type: integer + cni: + description: Configures whether to use an existing CNI installation + for workloads + properties: + enabled: + description: Controls whether CNI should be used. + type: boolean + provider: + description: |- + Specifies the CNI provider. Can be either "default" or "multus". When set to "multus", an annotation + `k8s.v1.cni.cncf.io/networks` is set on injected pods to point to a NetworkAttachmentDefinition + type: string + type: object + configMap: + description: |- + Configuration settings passed to Pilot as a ConfigMap. + + This controls whether the mesh config map, generated from values.yaml is generated. + If false, pilot wil use default values or user-supplied values, in that order of preference. + type: boolean + cpu: + description: |- + Target CPU utilization used in HorizontalPodAutoscaler. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + targetAverageUtilization: + description: |- + K8s utilization setting for HorizontalPodAutoscaler target. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + format: int32 + type: integer + type: object + deploymentLabels: + additionalProperties: + type: string + description: |- + Labels that are added to Pilot deployment. + + See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + enabled: + description: Controls whether Pilot is enabled. + type: boolean + env: + additionalProperties: + type: string + description: "Environment variables passed to the Pilot container.\n\nExamples:\nenv:\n\n\tENV_VAR_1: + value1\n\tENV_VAR_2: value2" + type: object + extraContainerArgs: + description: Additional container arguments for the Pilot + container. + items: + type: string + type: array + hub: + description: Hub to pull the container image from. Image will + be `Hub/Image:Tag-Variant`. + type: string + image: + description: |- + Image name used for Pilot. + + This can be set either to image name if hub is also set, or can be set to the full hub:name string. + + Examples: custom-pilot, docker.io/someuser:custom-pilot + type: string + ipFamilies: + description: |- + Defines which IP family to use for single stack or the order of IP families for dual-stack. + Valid list items are "IPv4", "IPv6". + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + items: + type: string + type: array + ipFamilyPolicy: + description: |- + Controls whether Services are configured to use IPv4, IPv6, or both. Valid options + are PreferDualStack, RequireDualStack, and SingleStack. + More info: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + type: string + jwksResolverExtraRootCA: + description: |- + Specifies an extra root certificate in PEM format. This certificate will be trusted + by pilot when resolving JWKS URIs. + type: string + keepaliveMaxServerConnectionAge: + description: |- + Maximum duration that a sidecar can be connected to a pilot. + + This setting balances out load across pilot instances, but adds some resource overhead. + + Examples: 300s, 30m, 1h + type: string + memory: + description: |- + Target memory utilization used in HorizontalPodAutoscaler. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + targetAverageUtilization: + description: |- + K8s utilization setting for HorizontalPodAutoscaler target. + + See https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + K8s node selector. + + See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + podAnnotations: + additionalProperties: + type: string + description: |- + K8s annotations for pods. + + See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + type: object + podLabels: + additionalProperties: + type: string + description: |- + Labels that are added to Pilot pods. + + See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + type: object + replicaCount: + description: |- + Number of replicas in the Pilot Deployment. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + format: int32 + type: integer + resources: + description: |- + K8s resources settings. + + See https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + rollingMaxSurge: + anyOf: + - type: integer + - type: string + description: |- + K8s rolling update strategy + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + x-kubernetes-int-or-string: true + rollingMaxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The number of pods that can be unavailable during a rolling update (see + `strategy.rollingUpdate.maxUnavailable` here: + https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec). + May be specified as a number of pods or as a percent of the total number + of pods at the start of the update. + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + x-kubernetes-int-or-string: true + seccompProfile: + description: |- + The seccompProfile for the Pilot container. + + See: https://kubernetes.io/docs/tutorials/security/seccomp/ + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + description: K8s annotations for the service account + type: object + serviceAnnotations: + additionalProperties: + type: string + description: |- + K8s annotations for the Service. + + See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + type: object + tag: + description: The container image tag to pull. Image will be + `Hub/Image:Tag-Variant`. + type: string + taint: + properties: + enabled: + description: |- + Enable the untaint controller for new nodes. This aims to solve a race for CNI installation on + new nodes. For this to work, the newly added nodes need to have the istio CNI taint as they are + added to the cluster. This is usually done by configuring the cluster infra provider. + type: boolean + namespace: + description: The namespace of the CNI daemonset, incase + it's not the same as istiod. + type: string + type: object + tolerations: + description: |- + The node tolerations to be applied to the Pilot deployment so that it can be + scheduled to particular nodes with matching taints. + More info: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling + + Deprecated: Marked as deprecated in pkg/apis/istio/v1alpha1/values_types.proto. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: The k8s topologySpreadConstraints for the Pilot + pods. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + traceSampling: + description: |- + Trace sampling fraction. + + Used to set the fraction of time that traces are sampled. Higher values are more accurate but add CPU overhead. + + Allowed values: 0.0 to 1.0 + type: number + trustedZtunnelNamespace: + description: |- + If set, `istiod` will allow connections from trusted node proxy ztunnels + in the provided namespace. + type: string + variant: + description: The container image variant to pull. Options + are "debug" or "distroless". Unset will use the default + for the given version. + type: string + volumeMounts: + description: Additional volumeMounts to add to the Pilot container. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Additional volumes to add to the Pilot Pod. + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name, + namespace and uid are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name, namespace and uid + are supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + profile: + description: Specifies which installation configuration profile + to apply. + type: string + revision: + description: Identifies the revision this installation is associated + with. + type: string + revisionTags: + description: |- + Specifies the aliases for the Istio control plane revision. A MutatingWebhookConfiguration + is created for each alias. + items: + type: string + type: array + sidecarInjectorWebhook: + description: Configuration for the sidecar injector webhook. + properties: + alwaysInjectSelector: + description: See NeverInjectSelector. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + defaultTemplates: + description: 'defaultTemplates: ["sidecar", "hello"]' + items: + type: string + type: array + enableNamespacesByDefault: + description: Enables sidecar auto-injection in namespaces + by default. + type: boolean + injectedAnnotations: + additionalProperties: + type: string + description: |- + injectedAnnotations are additional annotations that will be added to the pod spec after injection + This is primarily to support PSP annotations. + type: object + injectionURL: + description: Configure the injection url for sidecar injector + webhook + type: string + neverInjectSelector: + description: |- + Instructs Istio to not inject the sidecar on those pods, based on labels that are present in those pods. + + Annotations in the pods have higher precedence than the label selectors. + Order of evaluation: Pod Annotations → NeverInjectSelector → AlwaysInjectSelector → Default Policy. + See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + reinvocationPolicy: + description: 'Setting this to `IfNeeded` will result in the + sidecar injector being run again if additional mutations + occur. Default: Never' + type: string + rewriteAppHTTPProbe: + description: If true, webhook or istioctl injector will rewrite + PodSpec for liveness health check to redirect request to + sidecar. This makes liveness check work even when mTLS is + enabled. + type: boolean + templates: + additionalProperties: + type: string + description: "Templates defines a set of custom injection + templates that can be used. For example, defining:\n\ntemplates:\n\n\thello: + |\n\t metadata:\n\t labels:\n\t hello: world\n\nThen + starting a pod with the `inject.istio.io/templates: hello` + annotation, will result in the pod\nbeing injected with + the hello=world labels.\nThis is intended for advanced configuration + only; most users should use the built in template" + type: object + type: object + telemetry: + description: Controls whether telemetry is exported for Pilot. + properties: + enabled: + description: Controls whether telemetry is exported for Pilot. + type: boolean + v2: + description: Configuration for Telemetry v2. + properties: + enabled: + description: Controls whether pilot will configure telemetry + v2. + type: boolean + prometheus: + description: Telemetry v2 settings for prometheus. + properties: + enabled: + description: Controls whether stats envoyfilter would + be enabled or not. + type: boolean + type: object + stackdriver: + description: Telemetry v2 settings for stackdriver. + properties: + enabled: + type: boolean + type: object + type: object + type: object + type: object + version: + default: v1.23.0 + description: |- + Defines the version of Istio to install. + Must be one of: v1.23.0, v1.22.4. + enum: + - v1.23.0 + - v1.22.4 + type: string + required: + - namespace + - version + type: object + x-kubernetes-validations: + - message: spec.values.global.istioNamespace must match spec.namespace + rule: '!has(self.values) || !has(self.values.global) || !has(self.values.global.istioNamespace) + || self.values.global.istioNamespace == self.__namespace__' + status: + description: RemoteIstioStatus defines the observed state of RemoteIstio + properties: + conditions: + description: Represents the latest available observations of the object's + current state. + items: + description: RemoteIstioCondition represents a specific observation + of the RemoteIstioCondition object's state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + the last transition. + type: string + reason: + description: Unique, single-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: The status of this condition. Can be True, False + or Unknown. + type: string + type: + description: The type of this condition. + type: string + type: object + type: array + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this + RemoteIstio object. It corresponds to the object's generation, which is + updated on mutation by the API Server. The information in the status + pertains to this particular generation of the object. + format: int64 + type: integer + revisions: + description: Reports information about the underlying IstioRevisions. + properties: + inUse: + description: Number of IstioRevisions that are currently in use. + format: int32 + type: integer + ready: + description: Number of IstioRevisions that are Ready. + format: int32 + type: integer + total: + description: Total number of IstioRevisions currently associated + with this Istio. + format: int32 + type: integer + required: + - inUse + - ready + - total + type: object + state: + description: Reports the current state of the object. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/security.istio.io_authorizationpolicies.yaml b/operators/sailoperator/0.1.0/manifests/security.istio.io_authorizationpolicies.yaml new file mode 100644 index 00000000000..c7aef487fd9 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/security.istio.io_authorizationpolicies.yaml @@ -0,0 +1,731 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + istio: security + release: istio + name: authorizationpolicies.security.istio.io +spec: + group: security.istio.io + names: + categories: + - istio-io + - security-istio-io + kind: AuthorizationPolicy + listKind: AuthorizationPolicyList + plural: authorizationpolicies + shortNames: + - ap + singular: authorizationpolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The operation to take. + jsonPath: .spec.action + name: Action + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration for access control on workloads. See more + details at: https://istio.io/docs/reference/config/security/authorization-policy.html' + oneOf: + - not: + anyOf: + - required: + - provider + - required: + - provider + properties: + action: + description: |- + Optional. + + Valid Options: ALLOW, DENY, AUDIT, CUSTOM + enum: + - ALLOW + - DENY + - AUDIT + - CUSTOM + type: string + provider: + description: Specifies detailed configuration of the CUSTOM action. + properties: + name: + description: Specifies the name of the extension provider. + type: string + type: object + rules: + description: Optional. + items: + properties: + from: + description: Optional. + items: + properties: + source: + description: Source specifies the source of a request. + properties: + ipBlocks: + description: Optional. + items: + type: string + type: array + namespaces: + description: Optional. + items: + type: string + type: array + notIpBlocks: + description: Optional. + items: + type: string + type: array + notNamespaces: + description: Optional. + items: + type: string + type: array + notPrincipals: + description: Optional. + items: + type: string + type: array + notRemoteIpBlocks: + description: Optional. + items: + type: string + type: array + notRequestPrincipals: + description: Optional. + items: + type: string + type: array + principals: + description: Optional. + items: + type: string + type: array + remoteIpBlocks: + description: Optional. + items: + type: string + type: array + requestPrincipals: + description: Optional. + items: + type: string + type: array + type: object + type: object + type: array + to: + description: Optional. + items: + properties: + operation: + description: Operation specifies the operation of a request. + properties: + hosts: + description: Optional. + items: + type: string + type: array + methods: + description: Optional. + items: + type: string + type: array + notHosts: + description: Optional. + items: + type: string + type: array + notMethods: + description: Optional. + items: + type: string + type: array + notPaths: + description: Optional. + items: + type: string + type: array + notPorts: + description: Optional. + items: + type: string + type: array + paths: + description: Optional. + items: + type: string + type: array + ports: + description: Optional. + items: + type: string + type: array + type: object + type: object + type: array + when: + description: Optional. + items: + properties: + key: + description: The name of an Istio attribute. + type: string + notValues: + description: Optional. + items: + type: string + type: array + values: + description: Optional. + items: + type: string + type: array + required: + - key + type: object + type: array + type: object + type: array + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + targetRef: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + targetRefs: + description: Optional. + items: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The operation to take. + jsonPath: .spec.action + name: Action + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration for access control on workloads. See more + details at: https://istio.io/docs/reference/config/security/authorization-policy.html' + oneOf: + - not: + anyOf: + - required: + - provider + - required: + - provider + properties: + action: + description: |- + Optional. + + Valid Options: ALLOW, DENY, AUDIT, CUSTOM + enum: + - ALLOW + - DENY + - AUDIT + - CUSTOM + type: string + provider: + description: Specifies detailed configuration of the CUSTOM action. + properties: + name: + description: Specifies the name of the extension provider. + type: string + type: object + rules: + description: Optional. + items: + properties: + from: + description: Optional. + items: + properties: + source: + description: Source specifies the source of a request. + properties: + ipBlocks: + description: Optional. + items: + type: string + type: array + namespaces: + description: Optional. + items: + type: string + type: array + notIpBlocks: + description: Optional. + items: + type: string + type: array + notNamespaces: + description: Optional. + items: + type: string + type: array + notPrincipals: + description: Optional. + items: + type: string + type: array + notRemoteIpBlocks: + description: Optional. + items: + type: string + type: array + notRequestPrincipals: + description: Optional. + items: + type: string + type: array + principals: + description: Optional. + items: + type: string + type: array + remoteIpBlocks: + description: Optional. + items: + type: string + type: array + requestPrincipals: + description: Optional. + items: + type: string + type: array + type: object + type: object + type: array + to: + description: Optional. + items: + properties: + operation: + description: Operation specifies the operation of a request. + properties: + hosts: + description: Optional. + items: + type: string + type: array + methods: + description: Optional. + items: + type: string + type: array + notHosts: + description: Optional. + items: + type: string + type: array + notMethods: + description: Optional. + items: + type: string + type: array + notPaths: + description: Optional. + items: + type: string + type: array + notPorts: + description: Optional. + items: + type: string + type: array + paths: + description: Optional. + items: + type: string + type: array + ports: + description: Optional. + items: + type: string + type: array + type: object + type: object + type: array + when: + description: Optional. + items: + properties: + key: + description: The name of an Istio attribute. + type: string + notValues: + description: Optional. + items: + type: string + type: array + values: + description: Optional. + items: + type: string + type: array + required: + - key + type: object + type: array + type: object + type: array + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + targetRef: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + targetRefs: + description: Optional. + items: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/security.istio.io_peerauthentications.yaml b/operators/sailoperator/0.1.0/manifests/security.istio.io_peerauthentications.yaml new file mode 100644 index 00000000000..0d9ad5524a5 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/security.istio.io_peerauthentications.yaml @@ -0,0 +1,351 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + istio: security + release: istio + name: peerauthentications.security.istio.io +spec: + group: security.istio.io + names: + categories: + - istio-io + - security-istio-io + kind: PeerAuthentication + listKind: PeerAuthenticationList + plural: peerauthentications + shortNames: + - pa + singular: peerauthentication + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Defines the mTLS mode used for peer authentication. + jsonPath: .spec.mtls.mode + name: Mode + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Peer authentication configuration for workloads. See more + details at: https://istio.io/docs/reference/config/security/peer_authentication.html' + properties: + mtls: + description: Mutual TLS settings for workload. + properties: + mode: + description: |- + Defines the mTLS mode used for peer authentication. + + Valid Options: DISABLE, PERMISSIVE, STRICT + enum: + - UNSET + - DISABLE + - PERMISSIVE + - STRICT + type: string + type: object + portLevelMtls: + additionalProperties: + properties: + mode: + description: |- + Defines the mTLS mode used for peer authentication. + + Valid Options: DISABLE, PERMISSIVE, STRICT + enum: + - UNSET + - DISABLE + - PERMISSIVE + - STRICT + type: string + type: object + description: Port specific mutual TLS settings. + minProperties: 1 + type: object + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: self.all(key, 0 < int(key) && int(key) <= 65535) + selector: + description: The selector determines the workloads to apply the PeerAuthentication + on. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + type: object + x-kubernetes-validations: + - message: portLevelMtls requires selector + rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() + > 0) || !has(self.portLevelMtls) + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Defines the mTLS mode used for peer authentication. + jsonPath: .spec.mtls.mode + name: Mode + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Peer authentication configuration for workloads. See more + details at: https://istio.io/docs/reference/config/security/peer_authentication.html' + properties: + mtls: + description: Mutual TLS settings for workload. + properties: + mode: + description: |- + Defines the mTLS mode used for peer authentication. + + Valid Options: DISABLE, PERMISSIVE, STRICT + enum: + - UNSET + - DISABLE + - PERMISSIVE + - STRICT + type: string + type: object + portLevelMtls: + additionalProperties: + properties: + mode: + description: |- + Defines the mTLS mode used for peer authentication. + + Valid Options: DISABLE, PERMISSIVE, STRICT + enum: + - UNSET + - DISABLE + - PERMISSIVE + - STRICT + type: string + type: object + description: Port specific mutual TLS settings. + minProperties: 1 + type: object + x-kubernetes-validations: + - message: port must be between 1-65535 + rule: self.all(key, 0 < int(key) && int(key) <= 65535) + selector: + description: The selector determines the workloads to apply the PeerAuthentication + on. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + type: object + x-kubernetes-validations: + - message: portLevelMtls requires selector + rule: (has(self.selector) && has(self.selector.matchLabels) && self.selector.matchLabels.size() + > 0) || !has(self.portLevelMtls) + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/security.istio.io_requestauthentications.yaml b/operators/sailoperator/0.1.0/manifests/security.istio.io_requestauthentications.yaml new file mode 100644 index 00000000000..94dad1c0eba --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/security.istio.io_requestauthentications.yaml @@ -0,0 +1,605 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + istio: security + release: istio + name: requestauthentications.security.istio.io +spec: + group: security.istio.io + names: + categories: + - istio-io + - security-istio-io + kind: RequestAuthentication + listKind: RequestAuthenticationList + plural: requestauthentications + shortNames: + - ra + singular: requestauthentication + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Request authentication configuration for workloads. See + more details at: https://istio.io/docs/reference/config/security/request_authentication.html' + properties: + jwtRules: + description: Define the list of JWTs that can be validated at the + selected workloads' proxy. + items: + properties: + audiences: + description: The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) + that are allowed to access. + items: + minLength: 1 + type: string + type: array + forwardOriginalToken: + description: If set to true, the original token will be kept + for the upstream request. + type: boolean + fromCookies: + description: List of cookie names from which JWT is expected. + items: + minLength: 1 + type: string + type: array + fromHeaders: + description: List of header locations from which JWT is expected. + items: + properties: + name: + description: The HTTP header name. + minLength: 1 + type: string + prefix: + description: The prefix that should be stripped before + decoding the token. + type: string + required: + - name + type: object + type: array + fromParams: + description: List of query parameters from which JWT is expected. + items: + minLength: 1 + type: string + type: array + issuer: + description: Identifies the issuer that issued the JWT. + minLength: 1 + type: string + jwks: + description: JSON Web Key Set of public keys to validate signature + of the JWT. + type: string + jwks_uri: + description: URL of the provider's public key set to validate + signature of the JWT. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: url must have scheme http:// or https:// + rule: url(self).getScheme() in ['http', 'https'] + jwksUri: + description: URL of the provider's public key set to validate + signature of the JWT. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: url must have scheme http:// or https:// + rule: url(self).getScheme() in ['http', 'https'] + outputClaimToHeaders: + description: This field specifies a list of operations to copy + the claim to HTTP headers on a successfully verified token. + items: + properties: + claim: + description: The name of the claim to be copied from. + minLength: 1 + type: string + header: + description: The name of the header to be created. + minLength: 1 + pattern: ^[-_A-Za-z0-9]+$ + type: string + required: + - header + - claim + type: object + type: array + outputPayloadToHeader: + description: This field specifies the header name to output + a successfully verified JWT payload to the backend. + type: string + timeout: + description: The maximum amount of time that the resolver, determined + by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, + will spend waiting for the JWKS to be fetched. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + required: + - issuer + type: object + x-kubernetes-validations: + - message: only one of jwks or jwksUri can be set + rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 + maxItems: 4096 + type: array + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + targetRef: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + targetRefs: + description: Optional. + items: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + type: array + type: object + x-kubernetes-validations: + - message: only one of targetRefs or workloadSelector can be set + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Request authentication configuration for workloads. See + more details at: https://istio.io/docs/reference/config/security/request_authentication.html' + properties: + jwtRules: + description: Define the list of JWTs that can be validated at the + selected workloads' proxy. + items: + properties: + audiences: + description: The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) + that are allowed to access. + items: + minLength: 1 + type: string + type: array + forwardOriginalToken: + description: If set to true, the original token will be kept + for the upstream request. + type: boolean + fromCookies: + description: List of cookie names from which JWT is expected. + items: + minLength: 1 + type: string + type: array + fromHeaders: + description: List of header locations from which JWT is expected. + items: + properties: + name: + description: The HTTP header name. + minLength: 1 + type: string + prefix: + description: The prefix that should be stripped before + decoding the token. + type: string + required: + - name + type: object + type: array + fromParams: + description: List of query parameters from which JWT is expected. + items: + minLength: 1 + type: string + type: array + issuer: + description: Identifies the issuer that issued the JWT. + minLength: 1 + type: string + jwks: + description: JSON Web Key Set of public keys to validate signature + of the JWT. + type: string + jwks_uri: + description: URL of the provider's public key set to validate + signature of the JWT. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: url must have scheme http:// or https:// + rule: url(self).getScheme() in ['http', 'https'] + jwksUri: + description: URL of the provider's public key set to validate + signature of the JWT. + maxLength: 2048 + minLength: 1 + type: string + x-kubernetes-validations: + - message: url must have scheme http:// or https:// + rule: url(self).getScheme() in ['http', 'https'] + outputClaimToHeaders: + description: This field specifies a list of operations to copy + the claim to HTTP headers on a successfully verified token. + items: + properties: + claim: + description: The name of the claim to be copied from. + minLength: 1 + type: string + header: + description: The name of the header to be created. + minLength: 1 + pattern: ^[-_A-Za-z0-9]+$ + type: string + required: + - header + - claim + type: object + type: array + outputPayloadToHeader: + description: This field specifies the header name to output + a successfully verified JWT payload to the backend. + type: string + timeout: + description: The maximum amount of time that the resolver, determined + by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, + will spend waiting for the JWKS to be fetched. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + required: + - issuer + type: object + x-kubernetes-validations: + - message: only one of jwks or jwksUri can be set + rule: (has(self.jwksUri)?1:0)+(has(self.jwks_uri)?1:0)+(has(self.jwks)?1:0)<=1 + maxItems: 4096 + type: array + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + targetRef: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + targetRefs: + description: Optional. + items: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + type: array + type: object + x-kubernetes-validations: + - message: only one of targetRefs or workloadSelector can be set + rule: (has(self.selector)?1:0)+(has(self.targetRef)?1:0)+(has(self.targetRefs)?1:0)<=1 + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/manifests/telemetry.istio.io_telemetries.yaml b/operators/sailoperator/0.1.0/manifests/telemetry.istio.io_telemetries.yaml new file mode 100644 index 00000000000..2839a146718 --- /dev/null +++ b/operators/sailoperator/0.1.0/manifests/telemetry.istio.io_telemetries.yaml @@ -0,0 +1,921 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + helm.sh/resource-policy: keep + creationTimestamp: null + labels: + app: istio-pilot + chart: istio + heritage: Tiller + istio: telemetry + release: istio + name: telemetries.telemetry.istio.io +spec: + group: telemetry.istio.io + names: + categories: + - istio-io + - telemetry-istio-io + kind: Telemetry + listKind: TelemetryList + plural: telemetries + shortNames: + - telemetry + singular: telemetry + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Telemetry configuration for workloads. See more details + at: https://istio.io/docs/reference/config/telemetry.html' + properties: + accessLogging: + description: Optional. + items: + properties: + disabled: + description: Controls logging. + nullable: true + type: boolean + filter: + description: Optional. + properties: + expression: + description: CEL expression for selecting when requests/connections + should be logged. + type: string + type: object + match: + description: Allows tailoring of logging behavior to specific + conditions. + properties: + mode: + description: |- + This determines whether or not to apply the access logging configuration based on the direction of traffic relative to the proxied workload. + + Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER + enum: + - CLIENT_AND_SERVER + - CLIENT + - SERVER + type: string + type: object + providers: + description: Optional. + items: + properties: + name: + description: Required. + minLength: 1 + type: string + required: + - name + type: object + type: array + type: object + type: array + metrics: + description: Optional. + items: + properties: + overrides: + description: Optional. + items: + properties: + disabled: + description: Optional. + nullable: true + type: boolean + match: + description: Match allows providing the scope of the override. + oneOf: + - not: + anyOf: + - required: + - metric + - required: + - customMetric + - required: + - metric + - required: + - customMetric + properties: + customMetric: + description: Allows free-form specification of a metric. + minLength: 1 + type: string + metric: + description: |- + One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/). + + Valid Options: ALL_METRICS, REQUEST_COUNT, REQUEST_DURATION, REQUEST_SIZE, RESPONSE_SIZE, TCP_OPENED_CONNECTIONS, TCP_CLOSED_CONNECTIONS, TCP_SENT_BYTES, TCP_RECEIVED_BYTES, GRPC_REQUEST_MESSAGES, GRPC_RESPONSE_MESSAGES + enum: + - ALL_METRICS + - REQUEST_COUNT + - REQUEST_DURATION + - REQUEST_SIZE + - RESPONSE_SIZE + - TCP_OPENED_CONNECTIONS + - TCP_CLOSED_CONNECTIONS + - TCP_SENT_BYTES + - TCP_RECEIVED_BYTES + - GRPC_REQUEST_MESSAGES + - GRPC_RESPONSE_MESSAGES + type: string + mode: + description: |- + Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, or `CLIENT_AND_SERVER`. + + Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER + enum: + - CLIENT_AND_SERVER + - CLIENT + - SERVER + type: string + type: object + tagOverrides: + additionalProperties: + properties: + operation: + description: |- + Operation controls whether or not to update/add a tag, or to remove it. + + Valid Options: UPSERT, REMOVE + enum: + - UPSERT + - REMOVE + type: string + value: + description: Value is only considered if the operation + is `UPSERT`. + type: string + type: object + x-kubernetes-validations: + - message: value must be set when operation is UPSERT + rule: '((has(self.operation) ? self.operation : '''') + == ''UPSERT'') ? self.value != '''' : true' + - message: value must not be set when operation is REMOVE + rule: '((has(self.operation) ? self.operation : '''') + == ''REMOVE'') ? !has(self.value) : true' + description: Optional. + type: object + type: object + type: array + providers: + description: Optional. + items: + properties: + name: + description: Required. + minLength: 1 + type: string + required: + - name + type: object + type: array + reportingInterval: + description: Optional. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: array + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + targetRef: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + targetRefs: + description: Optional. + items: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + type: array + tracing: + description: Optional. + items: + properties: + customTags: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - literal + - required: + - environment + - required: + - header + - required: + - literal + - required: + - environment + - required: + - header + properties: + environment: + description: Environment adds the value of an environment + variable to each span. + properties: + defaultValue: + description: Optional. + type: string + name: + description: Name of the environment variable from + which to extract the tag value. + minLength: 1 + type: string + required: + - name + type: object + header: + description: RequestHeader adds the value of an header + from the request to each span. + properties: + defaultValue: + description: Optional. + type: string + name: + description: Name of the header from which to extract + the tag value. + minLength: 1 + type: string + required: + - name + type: object + literal: + description: Literal adds the same, hard-coded value to + each span. + properties: + value: + description: The tag value to use. + minLength: 1 + type: string + required: + - value + type: object + type: object + description: Optional. + type: object + disableSpanReporting: + description: Controls span reporting. + nullable: true + type: boolean + match: + description: Allows tailoring of behavior to specific conditions. + properties: + mode: + description: |- + This determines whether or not to apply the tracing configuration based on the direction of traffic relative to the proxied workload. + + Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER + enum: + - CLIENT_AND_SERVER + - CLIENT + - SERVER + type: string + type: object + providers: + description: Optional. + items: + properties: + name: + description: Required. + minLength: 1 + type: string + required: + - name + type: object + type: array + randomSamplingPercentage: + description: Controls the rate at which traffic will be selected + for tracing if no prior sampling decision has been made. + format: double + maximum: 100 + minimum: 0 + nullable: true + type: number + useRequestIdForTraceSampling: + nullable: true + type: boolean + type: object + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Telemetry configuration for workloads. See more details + at: https://istio.io/docs/reference/config/telemetry.html' + properties: + accessLogging: + description: Optional. + items: + properties: + disabled: + description: Controls logging. + nullable: true + type: boolean + filter: + description: Optional. + properties: + expression: + description: CEL expression for selecting when requests/connections + should be logged. + type: string + type: object + match: + description: Allows tailoring of logging behavior to specific + conditions. + properties: + mode: + description: |- + This determines whether or not to apply the access logging configuration based on the direction of traffic relative to the proxied workload. + + Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER + enum: + - CLIENT_AND_SERVER + - CLIENT + - SERVER + type: string + type: object + providers: + description: Optional. + items: + properties: + name: + description: Required. + minLength: 1 + type: string + required: + - name + type: object + type: array + type: object + type: array + metrics: + description: Optional. + items: + properties: + overrides: + description: Optional. + items: + properties: + disabled: + description: Optional. + nullable: true + type: boolean + match: + description: Match allows providing the scope of the override. + oneOf: + - not: + anyOf: + - required: + - metric + - required: + - customMetric + - required: + - metric + - required: + - customMetric + properties: + customMetric: + description: Allows free-form specification of a metric. + minLength: 1 + type: string + metric: + description: |- + One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/). + + Valid Options: ALL_METRICS, REQUEST_COUNT, REQUEST_DURATION, REQUEST_SIZE, RESPONSE_SIZE, TCP_OPENED_CONNECTIONS, TCP_CLOSED_CONNECTIONS, TCP_SENT_BYTES, TCP_RECEIVED_BYTES, GRPC_REQUEST_MESSAGES, GRPC_RESPONSE_MESSAGES + enum: + - ALL_METRICS + - REQUEST_COUNT + - REQUEST_DURATION + - REQUEST_SIZE + - RESPONSE_SIZE + - TCP_OPENED_CONNECTIONS + - TCP_CLOSED_CONNECTIONS + - TCP_SENT_BYTES + - TCP_RECEIVED_BYTES + - GRPC_REQUEST_MESSAGES + - GRPC_RESPONSE_MESSAGES + type: string + mode: + description: |- + Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, or `CLIENT_AND_SERVER`. + + Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER + enum: + - CLIENT_AND_SERVER + - CLIENT + - SERVER + type: string + type: object + tagOverrides: + additionalProperties: + properties: + operation: + description: |- + Operation controls whether or not to update/add a tag, or to remove it. + + Valid Options: UPSERT, REMOVE + enum: + - UPSERT + - REMOVE + type: string + value: + description: Value is only considered if the operation + is `UPSERT`. + type: string + type: object + x-kubernetes-validations: + - message: value must be set when operation is UPSERT + rule: '((has(self.operation) ? self.operation : '''') + == ''UPSERT'') ? self.value != '''' : true' + - message: value must not be set when operation is REMOVE + rule: '((has(self.operation) ? self.operation : '''') + == ''REMOVE'') ? !has(self.value) : true' + description: Optional. + type: object + type: object + type: array + providers: + description: Optional. + items: + properties: + name: + description: Required. + minLength: 1 + type: string + required: + - name + type: object + type: array + reportingInterval: + description: Optional. + type: string + x-kubernetes-validations: + - message: must be a valid duration greater than 1ms + rule: duration(self) >= duration('1ms') + type: object + type: array + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + maxLength: 63 + type: string + x-kubernetes-validations: + - message: wildcard not allowed in label value match + rule: '!self.contains(''*'')' + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + maxProperties: 4096 + type: object + x-kubernetes-validations: + - message: wildcard not allowed in label key match + rule: self.all(key, !key.contains('*')) + - message: key must not be empty + rule: self.all(key, key.size() != 0) + type: object + targetRef: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + targetRefs: + description: Optional. + items: + properties: + group: + description: group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: namespace is the namespace of the referent. + type: string + x-kubernetes-validations: + - message: cross namespace referencing is not currently supported + rule: self.size() == 0 + required: + - kind + - name + type: object + x-kubernetes-validations: + - message: Support kinds are core/Service, networking.istio.io/ServiceEntry, + gateway.networking.k8s.io/Gateway + rule: '[self.group, self.kind] in [[''core'',''Service''], ['''',''Service''], + [''gateway.networking.k8s.io'',''Gateway''], [''networking.istio.io'',''ServiceEntry'']]' + type: array + tracing: + description: Optional. + items: + properties: + customTags: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - literal + - required: + - environment + - required: + - header + - required: + - literal + - required: + - environment + - required: + - header + properties: + environment: + description: Environment adds the value of an environment + variable to each span. + properties: + defaultValue: + description: Optional. + type: string + name: + description: Name of the environment variable from + which to extract the tag value. + minLength: 1 + type: string + required: + - name + type: object + header: + description: RequestHeader adds the value of an header + from the request to each span. + properties: + defaultValue: + description: Optional. + type: string + name: + description: Name of the header from which to extract + the tag value. + minLength: 1 + type: string + required: + - name + type: object + literal: + description: Literal adds the same, hard-coded value to + each span. + properties: + value: + description: The tag value to use. + minLength: 1 + type: string + required: + - value + type: object + type: object + description: Optional. + type: object + disableSpanReporting: + description: Controls span reporting. + nullable: true + type: boolean + match: + description: Allows tailoring of behavior to specific conditions. + properties: + mode: + description: |- + This determines whether or not to apply the tracing configuration based on the direction of traffic relative to the proxied workload. + + Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER + enum: + - CLIENT_AND_SERVER + - CLIENT + - SERVER + type: string + type: object + providers: + description: Optional. + items: + properties: + name: + description: Required. + minLength: 1 + type: string + required: + - name + type: object + type: array + randomSamplingPercentage: + description: Controls the rate at which traffic will be selected + for tracing if no prior sampling decision has been made. + format: double + maximum: 100 + minimum: 0 + nullable: true + type: number + useRequestIdForTraceSampling: + nullable: true + type: boolean + type: object + type: array + type: object + status: + properties: + conditions: + description: Current service state of the resource. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + anyOf: + - type: integer + - type: string + description: Resource Generation to which the Reconciled Condition + refers. + x-kubernetes-int-or-string: true + validationMessages: + description: Includes any errors or warnings detected by Istio's analyzers. + items: + properties: + documentationUrl: + description: A url pointing to the Istio documentation for this + specific error type. + type: string + level: + description: |- + Represents how severe a message is. + + Valid Options: UNKNOWN, ERROR, WARNING, INFO + enum: + - UNKNOWN + - ERROR + - WARNING + - INFO + type: string + type: + properties: + code: + description: A 7 character code matching `^IST[0-9]{4}$` + intended to uniquely identify the message type. + type: string + name: + description: A human-readable name for the message type. + type: string + type: object + type: object + type: array + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sailoperator/0.1.0/metadata/annotations.yaml b/operators/sailoperator/0.1.0/metadata/annotations.yaml new file mode 100644 index 00000000000..f2edf294f52 --- /dev/null +++ b/operators/sailoperator/0.1.0/metadata/annotations.yaml @@ -0,0 +1,14 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: sailoperator + operators.operatorframework.io.bundle.channels.v1: "candidates" + operators.operatorframework.io.metrics.builder: operator-sdk-v1.36.1 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/sailoperator/0.1.0/tests/scorecard/config.yaml b/operators/sailoperator/0.1.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..798809dc7b2 --- /dev/null +++ b/operators/sailoperator/0.1.0/tests/scorecard/config.yaml @@ -0,0 +1,60 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {} diff --git a/operators/sn-operator/0.7.0-rc.13/bundle.Dockerfile b/operators/sn-operator/0.7.0-rc.13/bundle.Dockerfile new file mode 100644 index 00000000000..49721562292 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=sn-operator +LABEL operators.operatorframework.io.bundle.channels.v1=alpha,beta +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.31.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/bookkeeper.streamnative.io_bookkeeperclusters.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/bookkeeper.streamnative.io_bookkeeperclusters.yaml new file mode 100644 index 00000000000..9d86961201c --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/bookkeeper.streamnative.io_bookkeeperclusters.yaml @@ -0,0 +1,9859 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: bookkeeperclusters.bookkeeper.streamnative.io +spec: + group: bookkeeper.streamnative.io + names: + categories: + - pulsar + kind: BookKeeperCluster + listKind: BookKeeperClusterList + plural: bookkeeperclusters + shortNames: + - bk + singular: bookkeepercluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .status.readyReplicas + name: Ready Replicas + type: integer + - jsonPath: .spec.zkServers + name: ZkServers + type: string + - jsonPath: .spec.image + name: Desired Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BookKeeperCluster is the Schema for the bookkeeperclusters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BookKeeperClusterSpec defines the desired state of BookKeeperCluster + properties: + apiObjects: + description: APIObjects allows precise control over how components + (services, statefulset and so on) should be managed + properties: + autoRecoveryConfigMap: + description: AutoRecoveryConfigMap defines the autoRecovery configmap + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + autoRecoveryHPA: + description: AutoRecoveryHPA defines the horizontalPodAutoscaler + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + autoRecoveryHeadlessService: + description: AutoRecoveryHeadlessService defines the service resource + template for autoRecovery headless service. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + autoRecoveryStatefulSet: + description: |- + AutoRecoveryStatefulSet defines the statefulset resource template + for adopting existing autoRecovery statefulset. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize the name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + replaceEnabled: + description: Enable replace if needed when ReplaceEnabled + is true + type: boolean + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + volumeClaimTemplates: + description: |- + VolumeClaimTemplates is a list of claims that pods are allowed to reference. + If a non-empty list is specified, the original values in the desired STS will be replaced. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the + volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller + with a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing + the volume but further resizing of\n\t\tvolume + is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState + set when kubelet starts resizing the volume.\n\t- + NodeResizeFailed:\n\t\tState set when resizing + has failed in kubelet with a terminal error. Transient + errors don't set\n\t\tNodeResizeFailed.\nFor example: + if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not + set, it means that no resize operation is in progress + for the given PVC.\n\n\nA controller that receives + PVC update with previously unknown resourceName + or ClaimResourceStatus\nshould ignore the update + for the purpose it was designed. For example - + a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates + that change other valid\nresources associated + with PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nCapacity reported + here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used.\nIf allocatedResources + is not set, PVC.spec.resources alone is used for + quota calculation.\nIf a volume expansion capacity + request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress + and if the actual volume capacity\nis equal or + lower than the requested capacity.\n\n\nA controller + that receives PVC update with previously unknown + resourceName\nshould ignore the update for the + purpose it was designed. For example - a controller + that\nonly is responsible for resizing capacity + of the volume, should ignore PVC updates that + change other valid\nresources associated with + PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, + such as\n the specified VolumeAttributesClass + not existing.\n - InProgress\n InProgress + indicates that the volume is being modified.\n + - Infeasible\n Infeasible indicates that + the request has been rejected as invalid by + the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be + specified.\nNote: New statuses can be added + in the future. Consumers should check for + unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass the + PVC currently being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + volumeExpansionEnabled: + description: Expand volume size automatically if needed when + VolumeExpansionEnabled is true + type: boolean + volumeMounts: + description: |- + VolumeMounts is a list of volumes to mount into the container's filesystem. + If a non-empty list is specified, the original values of the main container in the desired STS will be replaced. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + bookieStatefulSet: + description: BookieStatefulSet defines the statefulset resource + template for bookie cluster. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize the name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + replaceEnabled: + description: Enable replace if needed when ReplaceEnabled + is true + type: boolean + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + volumeClaimTemplates: + description: |- + VolumeClaimTemplates is a list of claims that pods are allowed to reference. + If a non-empty list is specified, the original values in the desired STS will be replaced. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the + volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller + with a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing + the volume but further resizing of\n\t\tvolume + is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState + set when kubelet starts resizing the volume.\n\t- + NodeResizeFailed:\n\t\tState set when resizing + has failed in kubelet with a terminal error. Transient + errors don't set\n\t\tNodeResizeFailed.\nFor example: + if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not + set, it means that no resize operation is in progress + for the given PVC.\n\n\nA controller that receives + PVC update with previously unknown resourceName + or ClaimResourceStatus\nshould ignore the update + for the purpose it was designed. For example - + a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates + that change other valid\nresources associated + with PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nCapacity reported + here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used.\nIf allocatedResources + is not set, PVC.spec.resources alone is used for + quota calculation.\nIf a volume expansion capacity + request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress + and if the actual volume capacity\nis equal or + lower than the requested capacity.\n\n\nA controller + that receives PVC update with previously unknown + resourceName\nshould ignore the update for the + purpose it was designed. For example - a controller + that\nonly is responsible for resizing capacity + of the volume, should ignore PVC updates that + change other valid\nresources associated with + PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, + such as\n the specified VolumeAttributesClass + not existing.\n - InProgress\n InProgress + indicates that the volume is being modified.\n + - Infeasible\n Infeasible indicates that + the request has been rejected as invalid by + the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be + specified.\nNote: New statuses can be added + in the future. Consumers should check for + unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass the + PVC currently being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + volumeExpansionEnabled: + description: Expand volume size automatically if needed when + VolumeExpansionEnabled is true + type: boolean + volumeMounts: + description: |- + VolumeMounts is a list of volumes to mount into the container's filesystem. + If a non-empty list is specified, the original values of the main container in the desired STS will be replaced. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + clientService: + description: ClientService defines the Bookkeeper Client Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + configMap: + description: ConfigMap defines the configmap resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + headlessService: + description: HeadlessService defines the Bookkeeper Headless Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + hpa: + description: HPA defines the horizontalPodAutoscaler resource + template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + pdb: + description: PDB defines the podDisruptionBudget resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + type: object + autoRecovery: + description: AutoRecovery defines configurations of auto recovery + properties: + allLedgerCheckTaskInterval: + description: AllLedgerCheckTaskInterval is the interval to trigger + all ledger check task, default to 1 week + type: string + autoScalingPolicy: + description: AutoScalingPolicy defines how BookKeeperCluster will + be scaled up/down with given metrics and threshold + nullable: true + properties: + behavior: + description: |- + Behavior configures the scaling behavior of the target + in both Up and Down directions (scaleUp and scaleDown fields respectively). + If not set, the default HPAScalingRules for scale up and scale down are used. + properties: + scaleDown: + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + scaleUp: + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy + which must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + type: object + maxReplicas: + format: int32 + type: integer + metrics: + description: |- + Metrics contains the specifications for which to use to calculate the + desired replica count (the maximum replica count across all metrics will be used). + More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#metricspec-v2beta2-autoscaling + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of + the referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric + by name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in + question. + type: string + target: + description: target specifies the target value for + the given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the + metric (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + minReplicas: + format: int32 + type: integer + required: + - maxReplicas + type: object + bookieCheckTaskInterval: + description: BookieCheckTaskInterval is the interval to trigger + bookie check task, default to 24h + type: string + conf: + additionalProperties: + type: string + description: Conf defines the configuration of auto recovery bookies + nullable: true + type: object + decommissionDelayTime: + description: |- + DecommissionDelayTime is the delay time to decommission a bookie, wait for data expired + we will set pod to readonly, and wait DecommissionDelayTime then start decommission + type: string + image: + description: Image is the container image used to run bookie autorecovery + pods. + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + lostCheckDelayTime: + description: LostCheckDelayTime is the delay time to trigger bookie + check task after a pod is in a unhealthy state + type: string + pod: + description: Pod defines the policy for creating an auto recovery + pod for the cluster + properties: + affinity: + description: Affinity specifies the scheduling constraints + of a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach + to pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a + shell. + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has + successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed to + the container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod + the operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements + of containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required secrets + into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether + the container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running alongside + with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a + shell. + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has + successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy of + the pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs to + delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables of a + Pod + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should + populate this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + description: |- + Replicas defines the number of replicas of auto recovery bookies, defaults to 1, + a value less or equal to 0 implies auto recovery is disabled for the cluster + format: int32 + minimum: 0 + type: integer + type: object + autoScalingPolicy: + description: AutoScalingPolicy defines how Bookie will be scaled up/down + with given metrics and threshold + nullable: true + properties: + behavior: + description: |- + Behavior configures the scaling behavior of the target + in both Up and Down directions (scaleUp and scaleDown fields respectively). + If not set, the default HPAScalingRules for scale up and scale down are used. + properties: + scaleDown: + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy which + must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + scaleUp: + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy which + must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + type: object + maxReplicas: + format: int32 + type: integer + metrics: + description: |- + Metrics contains the specifications for which to use to calculate the + desired replica count (the maximum replica count across all metrics will be used). + More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#metricspec-v2beta2-autoscaling + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of the + referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + minReplicas: + format: int32 + type: integer + required: + - maxReplicas + type: object + conf: + additionalProperties: + type: string + description: |- + Conf defines the bookkeeper configuration. It will be used for generating + the configuration file used by bookie process. + Deprecated: use `config` + nullable: true + type: object + config: + description: Config defines the bookkeeper configuration + nullable: true + properties: + bookieIDPolicy: + description: |- + BookieIDPolicy defines how should the bookieID be generated + For backward compatibility, the operator will just set `useHostNameAsBookieID` to `true` when `bookieIDPolicy` + is an empty string or set to `UseHostNameAsBookieID`. + When `bookieIDPolicy` is set to `HostNamePort`, the operator will set `bookieId` as `{{HostName}}:{{Port}}` + which should be able be compatible with `useHostNameAsBookieID` but decouples the bookie physical address from + the logical address. + The default value might be changed in the future. + See https://bookkeeper.apache.org/bps/BP-41-bookieid/ for more details + type: string + compactionRateByBytes: + description: |- + CompactionRateByBytes is the rate at which compaction will read entries. + The unit is adds per second. + + + The default value is 52428800. + format: int64 + minimum: 0 + type: integer + custom: + additionalProperties: + type: string + description: Custom accepts other configurations + nullable: true + type: object + fileInfoFormatVersionToWrite: + description: |- + FileInfoFormatVersionToWrite is the fileinfo format version to write. + Available formats are 0 and 1. + + + The default value is 1 + format: int32 + maximum: 1 + minimum: 0 + type: integer + gcWaitTime: + description: |- + GCWaitTime is the interval to trigger next garbage collection, in milliseconds. + + + The default value is 300000 + format: int32 + minimum: 0 + type: integer + isThrottleByBytes: + description: |- + IsThrottleByBytes defines the throttle compaction by bytes or by entries. + + + The default value is true. + type: boolean + journalFormatVersionToWrite: + description: |- + JournalFormatVersionToWrite is the journal format version to write. + Available value are from 0 to 6. + The default value is 6. + format: int32 + maximum: 6 + minimum: 0 + type: integer + journalMaxBackups: + description: |- + JournalMaxBackups is the max number of old journal file to kept. + + + The default value is 0. + format: int32 + minimum: 0 + type: integer + persistBookieStatusEnabled: + description: |- + PersistBookieStatusEnabled persists the bookie status locally on the disks. + TODO: enable this after https://github.com/apache/bookkeeper/issues/2374 is fixed. + + + The default value is false. + type: boolean + rackAwareTopologyLabels: + description: |- + RackAwareTopologyLabels defines the topology labels to propagate from nodes for rack-aware settings. + The operator controller will propagate these labels automatically from nodes to pods, and ensure + their values are available as environment variables when bookie container starts. The name of the environment + variable will be the upper case form of the substring after the last "`/`" in the label. + These values will be combined as the rack name. And the start script of the bookie container will set + the rack name automatically. + When there are multiple labels specified in the list, their value will be joined with "`/`" as the rack name. + For example: + If the list is specified as `[topology.kubernetes.io/zone]`, the environment variable will be `ZONE: `, + and the rack will be `/`. + If the list is specified as `[topology.kubernetes.io/region, topology.kubernetes.io/zone]`, the environment + variables will be `REGION: ` and `ZONE: `, and the rack will be `//`. + items: + type: string + type: array + streamStorage: + description: StreamStorage + nullable: true + type: boolean + useTransactionalCompaction: + description: |- + UseTransactionalCompaction is the flag to enable/disable transactional compaction. + If it is set to true, it will use transactional compaction, + which uses new entry log files to store entries after compaction. + + + The default value is true. + type: boolean + type: object + customization: + description: Customization allows the desired manifests of operator + managed resources to be customized. + items: + properties: + manifest: + description: Manifest defines the patch to apply to customize + the desired resource + type: string + match: + description: Match defines what resource should be customized + by this customization layer + nullable: true + properties: + groupVersionKinds: + description: Matches the group, version, and kind of the + resource. + items: + properties: + group: + description: |- + Group is the group of the resource. + Matches all groups if it's empty or `*`. + type: string + kind: + description: |- + Kind is the kind of the resource. + Matches all kinds if it's `*`. + type: string + version: + description: |- + Version is the version of the resource. + Matches all versions if it's empty or `*`. + type: string + required: + - kind + type: object + nullable: true + type: array + name: + description: |- + Name matches the resource name defined in the metadata. + It could be defined as a Regex pattern, like `^.*-bk$`. + type: string + type: object + required: + - manifest + type: object + nullable: true + type: array + image: + description: |- + Image is the container image used to run bookie pods. + default is apachepulsar/pulsar:latest + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + initialized: + description: Initialized determines whether to create the job to initialize + the cluster metadata. + type: boolean + istio: + description: Istio defines the configurations for istio + properties: + authRules: + description: AuthRules define the AuthorizationPolicies + items: + properties: + fromSource: + items: + properties: + principals: + items: + type: string + type: array + type: object + type: array + toOperation: + description: ToOperation defines the ports that the rule + applies to + items: + properties: + ports: + description: Ports defines the ports that the rule + applies to + items: + type: string + type: array + type: object + type: array + type: object + type: array + enabled: + description: Enabled defines whether to enable Istio + type: boolean + gateway: + description: |- + Gateway defines the gateway configuration, Gateway will be ignored if Gateways is not empty + The operator could either create a gateway automatically or use an existing one + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used to + detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record from + wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines the + name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should be\n + \ name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of the + secret in the Broker workload namespace.\nRequired in + both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + gateways: + description: Gateways define a list of gateway configurations, + Gateway will be used if Gateways is empty + items: + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used + to detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record + from wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines + the name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should + be\n name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of + the secret in the Broker workload namespace.\nRequired + in both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + default: default + description: Revision defines which Istio control plane inject + sidecar + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + labels: + additionalProperties: + type: string + description: |- + Labels specifies the labels to attach to the stateful set the operator creates for + the bookkeeper cluster. + nullable: true + type: object + logConfig: + description: LogConfig defines the log configuration + properties: + format: + default: text + description: Format is the log format, value is 'json' or 'text' + enum: + - json + - text + type: string + level: + default: INFO + description: Level is the log level + enum: + - INFO + - DEBUG + - TRACE + - WARN + - ERROR + - FATAL + - ALL + - "OFF" + type: string + template: + description: Template is the log Configuration content, can use + golang template syntax + type: string + type: object + metadataServiceUri: + description: MetadataServiceUri is the uri of the metadata service + nullable: true + type: string + pod: + description: Pod defines the policy for creating a bookkeeper pod + for the cluster + properties: + affinity: + description: Affinity specifies the scheduling constraints of + a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed to the + container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod the + operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements of + containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required secrets + into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether the + container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running alongside + with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy of the + pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs to delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables of a Pod + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should populate + this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + default: 3 + description: |- + Replicas is the expected size of the bookkeeper cluster. + The bookkeeper operator will eventually make the size of the running cluster + equal to the expected size. + Use a pointer to distinguish between a specified zero or unspecified. + If unspecified, defaults to 3. + format: int32 + minimum: 0 + type: integer + storage: + description: Persistence defines the persistent volume used for the + bookie pod + properties: + journal: + description: Journal is the spec to define journal storage + properties: + numDirsPerVolume: + description: NumDirsPerVolume defines the number of directories + provisioned for this type of storage. + format: int32 + type: integer + numVolumes: + description: NumVolumes defines the number of volumes provisioned + for this type of storage. + format: int32 + type: integer + volumeClaimTemplate: + description: VolumeClaimSpec is the spec to define PVC for + the storage + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + required: + - volumeClaimTemplate + type: object + ledger: + description: Ledger is the spec to define the ledger storage + properties: + numDirsPerVolume: + description: NumDirsPerVolume defines the number of directories + provisioned for this type of storage. + format: int32 + type: integer + numVolumes: + description: NumVolumes defines the number of volumes provisioned + for this type of storage. + format: int32 + type: integer + volumeClaimTemplate: + description: VolumeClaimSpec is the spec to define PVC for + the storage + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + required: + - volumeClaimTemplate + type: object + reclaimPolicy: + description: VolumeReclaimPolicy defines how to reclaim PV. + type: string + type: object + zkServers: + description: Zookeeper server list + type: string + type: object + status: + description: BookKeeperClusterStatus defines the observed state of BookKeeperCluster + properties: + conditions: + description: Conditions is the current conditions of the cluster + items: + description: |- + Condition represents an observation of an object's state. Conditions are an + extension mechanism intended to be used when the details of an observation + are not a priori known or would not apply to all instances of a given Kind. + + + Conditions should be added to explicitly convey properties that users and + components care about rather than requiring those properties to be inferred + from other observations. Once defined, the meaning of a Condition can not be + changed arbitrarily - it becomes part of the API, and has the same + backwards- and forwards-compatibility concerns of any other part of the API. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: |- + ConditionReason is intended to be a one-word, CamelCase representation of + the category of cause of the current status. It is intended to be used in + concise output, such as one-line kubectl get output, and in summarizing + occurrences of causes. + type: string + status: + type: string + type: + description: |- + ConditionType is the type of the condition and is typically a CamelCased + word or short phrase. + + + Condition types should indicate state in the "abnormal-true" polarity. For + example, if the condition indicates when a policy is invalid, the "is valid" + case is probably the norm, so the condition should be called "Invalid". + type: string + required: + - status + - type + type: object + type: array + currentVersion: + description: CurrentVersion is the current cluster version + type: string + labelSelector: + description: Label selector for scaling + type: string + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this cluster. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + onMeshReplicas: + description: OnMeshReplicas is the number of Pods with service mesh + enabled + format: int32 + type: integer + pendingChanges: + description: PendingChanges shows the skipped changes when the rollout + is paused + items: + properties: + action: + type: string + apiVersion: + type: string + diff: + type: string + kind: + type: string + name: + type: string + required: + - action + - apiVersion + - diff + - kind + - name + type: object + nullable: true + type: array + readyReplicas: + description: ReadyReplicas is the number of ready servers in the cluster + format: int32 + type: integer + replicas: + description: Replicas + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of servers that has been + updated to the latest configuration + format: int32 + type: integer + required: + - conditions + - labelSelector + - replicas + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_apikeys.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_apikeys.yaml new file mode 100644 index 00000000000..80a9f426de2 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_apikeys.yaml @@ -0,0 +1,611 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: apikeys.k8s.streamnative.io +spec: + group: k8s.streamnative.io + names: + kind: ApiKeys + listKind: ApiKeysList + plural: apikeys + singular: apikeys + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ApiKeys is the Schema for the apikeys API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ApiKeysSpec defines the desired state of ApiKeys + properties: + brokerServiceUrl: + description: brokerServiceUrl defines the service url of pulsar cluster. + type: string + config: + description: Config is the configuration of the api keys svc + properties: + authenticator: + description: Authenticator is the configuration of the api keys + authenticator + properties: + acceptedAudience: + description: AcceptedAudience Only tokens with aud to this + value would be authenticated to this service. + type: string + enabled: + description: Enabled is the enable of the authenticator. + type: boolean + issuers: + description: Issuers only tokens with such issuers will be + authenticated to this service. + items: + type: string + type: array + jwksFetchInterval: + description: JwksFetchInterval is the interval of the jwks + fetch, unit is second. + format: int64 + type: integer + type: object + backend: + description: Backend is the configuration of the api keys backend + properties: + pulsarClient: + additionalProperties: + type: string + description: PulsarClient is the client of the pulsar. + type: object + pulsarTopic: + description: PulsarTopic is the topic of the pulsar. + type: string + retryInterval: + description: RetryInterval is the retry interval of the backend, + unit is second. + format: int64 + type: integer + type: object + customAuthenticators: + description: |- + CustomAuthenticators is the custom oidc authenticators, currently only support issuer and audience + we can expand it in the future + items: + properties: + audience: + type: string + issuer: + type: string + type: object + type: array + loadCustomOIDCConfig: + description: |- + LoadCustomOIDCConfig is the custom configuration of the api keys svc + if this is set to true, the api keys svc will load the custom oidc configuration file + type: boolean + server: + description: Server is the configuration of the api keys server + properties: + audience: + description: Audience aud the token issued for. Should be + the pulsar instance id. + type: string + claimsToCopy: + description: ClaimsToCopy These claims from the request token + would be copied to the issued tokens. + items: + type: string + type: array + currentKid: + description: CurrentKid is the current kid of the server. + type: string + logLevel: + description: LogLevel is the log level of the server. + enum: + - panic + - fatal + - error + - warn + - info + - debug + - trace + type: string + maxKeys: + default: 10000 + description: MaxKeys is the max keys of the server. + type: integer + maxRevoked: + default: 10000 + description: MaxRevoked is the max revoked of the server. + type: integer + type: object + type: object + hostname: + description: The external host exposed by istio or ingress + type: string + image: + description: |- + Image is the container image used to run api keys pods. + default is docker.cloudsmith.io/streamnative/sn-api-keys-svc:latest + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + issuerPathPrefix: + description: IssuerPathPrefix defines the issuer path prefix of the + api keys svc + type: string + istio: + description: Istio defines Istio configuration of components + properties: + authRules: + description: AuthRules define the AuthorizationPolicies + items: + properties: + fromSource: + items: + properties: + principals: + items: + type: string + type: array + type: object + type: array + toOperation: + description: ToOperation defines the ports that the rule + applies to + items: + properties: + ports: + description: Ports defines the ports that the rule + applies to + items: + type: string + type: array + type: object + type: array + type: object + type: array + enabled: + description: Enabled defines whether to enable Istio + type: boolean + gateway: + description: |- + Gateway defines the gateway configuration, Gateway will be ignored if Gateways is not empty + The operator could either create a gateway automatically or use an existing one + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used to + detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record from + wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines the + name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should be\n + \ name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of the + secret in the Broker workload namespace.\nRequired in + both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + gateways: + description: Gateways define a list of gateway configurations, + Gateway will be used if Gateways is empty + items: + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used + to detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record + from wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines + the name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should + be\n name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of + the secret in the Broker workload namespace.\nRequired + in both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + default: default + description: Revision defines which Istio control plane inject + sidecar + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + oxiaServiceUrl: + description: |- + OxiaServiceUrl defines the service url of oxia. + It includes oxia namespace on the url. + for example: oxiacluster-example-oxia.default.svc.cluster.local:6648/ns-test + oxiacluster-example-oxia.default.svc.cluster.local:6648 is the service address, ns-test is the oxia namespace + type: string + pod: + description: Pod defines the policy for creating api key pod for the + cluster + properties: + labels: + additionalProperties: + type: string + nullable: true + type: object + nodeSelector: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is the resource requirement of api key + service + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + nullable: true + type: array + type: object + replicas: + default: 2 + description: |- + Replicas is the expected size of the api keys svc + If unspecified, defaults to 2. + format: int32 + minimum: 0 + type: integer + type: object + status: + description: ApiKeysStatus defines the observed state of ApiKeys + properties: + conditions: + description: Conditions is an array of current observed conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + customAuthenticators: + description: |- + CustomAuthenticators is the custom oidc authenticators, currently only support issuer and audience + we can expand it in the future + items: + properties: + audience: + type: string + issuer: + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this api keys service. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_connectorcatalogs.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_connectorcatalogs.yaml new file mode 100644 index 00000000000..ad4ea9bbf08 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_connectorcatalogs.yaml @@ -0,0 +1,151 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: sn-operator-system/sn-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: connectorcatalogs.k8s.streamnative.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: sn-operator-webhook-service + namespace: sn-operator-system + path: /convert + conversionReviewVersions: + - v1 + group: k8s.streamnative.io + names: + kind: ConnectorCatalog + listKind: ConnectorCatalogList + plural: connectorcatalogs + singular: connectorcatalog + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ConnectorCatalog is the Schema for the connectorcatalogs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConnectorCatalogSpec defines the desired state of ConnectorCatalog + properties: + connectorDefinitions: + items: + properties: + defaultSchemaType: + type: string + defaultSerdeClassName: + type: string + description: + type: string + iconLink: + type: string + id: + type: string + imageRegistry: + type: string + imageRepository: + type: string + imageTag: + type: string + jarFullName: + type: string + name: + type: string + sinkClass: + type: string + sinkConfigClass: + type: string + sinkConfigFieldDefinitions: + items: + properties: + attributes: + additionalProperties: + type: string + type: object + fieldName: + type: string + typeName: + type: string + required: + - fieldName + - typeName + type: object + type: array + sinkDocLink: + type: string + sinkTypeClassName: + type: string + sourceClass: + type: string + sourceConfigClass: + type: string + sourceConfigFieldDefinitions: + items: + properties: + attributes: + additionalProperties: + type: string + type: object + fieldName: + type: string + typeName: + type: string + required: + - fieldName + - typeName + type: object + type: array + sourceDocLink: + type: string + sourceTypeClassName: + type: string + typeClassName: + type: string + version: + type: string + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + required: + - connectorDefinitions + type: object + status: + description: ConnectorCatalogStatus defines the observed state of ConnectorCatalog + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_consoles.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_consoles.yaml new file mode 100644 index 00000000000..42881826989 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_consoles.yaml @@ -0,0 +1,228 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: consoles.k8s.streamnative.io +spec: + group: k8s.streamnative.io + names: + kind: Console + listKind: ConsoleList + plural: consoles + singular: console + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Console is the Schema for the consoles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConsoleSpec defines the desired state of Console + properties: + config: + description: Config defines the config of console, + properties: + authentication: + description: Authentication defines console authentication + properties: + apiKey: + description: ApiKeys authentication configuration + properties: + secretName: + description: SecretName The secret that provides the super + token + type: string + serviceUrl: + description: ServiceUrl The service url of API Keys service + type: string + subjectClaim: + default: sub + description: SubjectClaim JWT claim to use as the user + name, by default sub. + type: string + superRole: + default: admin + description: SuperRole The default value is `sub` + type: string + type: object + type: object + type: object + customization: + description: Customization allows the desired manifests of operator + managed resources to be customized. + items: + properties: + manifest: + description: Manifest defines the patch to apply to customize + the desired resource + type: string + match: + description: Match defines what resource should be customized + by this customization layer + nullable: true + properties: + groupVersionKinds: + description: Matches the group, version, and kind of the + resource. + items: + properties: + group: + description: |- + Group is the group of the resource. + Matches all groups if it's empty or `*`. + type: string + kind: + description: |- + Kind is the kind of the resource. + Matches all kinds if it's `*`. + type: string + version: + description: |- + Version is the version of the resource. + Matches all versions if it's empty or `*`. + type: string + required: + - kind + type: object + nullable: true + type: array + name: + description: |- + Name matches the resource name defined in the metadata. + It could be defined as a Regex pattern, like `^.*-bk$`. + type: string + type: object + required: + - manifest + type: object + nullable: true + type: array + image: + description: Image is the container image used to run sn console pods. + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + kopServiceUrl: + description: KopServiceUrl defines the kop service url of pulsar cluster, + type: string + webServiceUrl: + description: WebServiceUrl defines the web service url of pulsar cluster, + type: string + required: + - webServiceUrl + type: object + status: + description: ConsoleStatus defines the observed state of Console + properties: + conditions: + description: Conditions is an array of current observed conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this api keys service. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_kafkaconnects.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_kafkaconnects.yaml new file mode 100644 index 00000000000..5b70b881e81 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_kafkaconnects.yaml @@ -0,0 +1,7890 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: kafkaconnects.k8s.streamnative.io +spec: + group: k8s.streamnative.io + names: + kind: KafkaConnect + listKind: KafkaConnectList + plural: kafkaconnects + singular: kafkaconnect + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: KafkaConnect is the Schema for the apikeys API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KafkaConnectSpec defines the desired state of KafkaConnect + properties: + autoAck: + type: boolean + className: + type: string + cleanupImage: + description: the image used to clean up subscription, if empty, the + runner image will be used + type: string + cleanupSubscription: + type: boolean + clusterName: + type: string + connectWorkerConfig: + description: ConnectWorkerConfig connect specific configurations + properties: + additionalConfigs: + description: Additional configs that are not present in the KafkaConnectConfig + yet + type: object + x-kubernetes-preserve-unknown-fields: true + bootstrapServers: + description: KafkaConnect servers, can be leave empty and got + from the `KafkaMessaging.BootstrapServers` + type: string + clientDNSLookup: + description: Controls how the client uses DNS lookups. + enum: + - use_all_dns_ips + - resolve_canonical_bootstrap_servers_only + type: string + clientId: + description: An id string to pass to the kafka when making requests + type: string + configProviders: + description: Comma-separated names of org.apache.kafka.common.config.provider.ConfigProvider + classes + type: string + connectionsMaxIdleMs: + description: Close idle connections after the number of milliseconds + specified by this config + format: int64 + type: integer + connectorClientConfigOverridePolicy: + description: Defines what client configurations can be overridden + by the connector + type: string + exactlyOnceSourceSupport: + description: Whether to enable exactly-once support for source + connectors, valid values are DISABLED, PREPARING, ENABLED + enum: + - DISABLED + - PREPARING + - ENABLED + type: string + groupId: + description: The group id of the connect cluster + type: string + headerConverter: + description: Class used to convert between KafkaConnect Connect + format and the serialized form that is written to KafkaConnect + type: string + keyConverter: + description: Converter class used to convert between KafkaConnect + Connect format and the serialized form that is written to KafkaConnect + type: string + metricsNumSample: + description: The number of samples maintained to compute metrics + type: integer + metricsRecordingLevel: + description: The highest recording level for metrics + enum: + - INFO + - DEBUG + type: string + metricsReporter: + description: A list of classes to use as metrics reporters + type: string + metricsSampleWindowMs: + description: The window of time a metrics sample is computed over + format: int64 + type: integer + offsetCommitIntervalMs: + description: Interval at which to try committing offsets for tasks + format: int64 + type: integer + offsetCommitTimeoutMs: + description: |- + Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset + storage before cancelling the process and restoring the offset data to be committed in a future attempt + format: int64 + type: integer + offsetStoragePartitions: + description: Replication factor used when creating the offset + storage topic + format: int32 + type: integer + offsetStorageReplicationFactor: + description: The number of partitions used when creating the offset + storage topic + type: integer + offsetStorageTopic: + description: The name of the KafkaConnect topic where source connector + offsets are stored + type: string + pluginDiscovery: + description: Method to use to discover plugins present in the + classpath and plugin.path configuration. + enum: + - only_scan + - hybrid_warn + - hybrid_fail + - service_load + type: string + pluginPath: + description: List of paths separated by commas (,) that contain + plugins (connectors, converters, transformations) + type: string + receiveBuffer: + description: The size of the TCP receive buffer (SO_RCVBUF) to + use when reading data + type: integer + reconnectBackoffMaxMs: + description: The maximum amount of time in milliseconds to wait + when reconnecting to a broker that has repeatedly failed to + connect + format: int64 + type: integer + reconnectBackoffMs: + description: The base amount of time to wait before attempting + to reconnect to a given hosts + format: int64 + type: integer + requestTimeoutMs: + description: The maximum amount of time the client will wait for + the response of a request + format: int64 + type: integer + retryBackoffMs: + description: The amount of time to wait before attempting to retry + a failed request to a given topic partition + format: int64 + type: integer + securityProtocol: + description: 'Protocol used to communicate with brokers. Valid + values are: PLAINTEXT, SSL, SASL_PLAIN, SASL_SSL' + enum: + - PLAINTEXT + - SSL + - SASL_PLAIN + - SASL_SSL + type: string + sendBuffer: + description: The size of the TCP send buffer (SO_SNDBUF) to use + when sending data + type: integer + socketConnectionSetupTimeoutMaxMs: + description: The maximum amount of time the client will wait for + the socket connection to be established + format: int64 + type: integer + socketConnectionSetupTimeoutMs: + description: The amount of time the client will wait for the socket + connection to be established + format: int64 + type: integer + taskShutdownGracefulTimeoutMs: + description: Amount of time to wait for tasks to shut down gracefully. + format: int64 + type: integer + topicCreationEnable: + description: Whether to allow automatic creation of topics used + by source connectors + type: boolean + valueConverter: + description: Converter class used to convert between KafkaConnect + Connect format and the serialized form that is written to KafkaConnect. + type: string + type: object + deadLetterTopic: + type: string + downloaderImage: + type: string + filebeatImage: + type: string + forwardSourceMessageProperty: + type: boolean + funcConfig: + description: Config represents untyped YAML configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + genericRuntime: + description: GenericRuntime contains the generic runtime configs + properties: + functionFile: + type: string + functionFileLocation: + type: string + language: + type: string + required: + - functionFile + - language + type: object + golang: + description: GoRuntime contains the golang runtime configs + properties: + go: + type: string + goLocation: + type: string + log: + properties: + format: + enum: + - json + - text + type: string + javaLog4JConfigFileType: + enum: + - yaml + - xml + - ini + type: string + level: + description: LogLevel describes the level of the logging + enum: + - "off" + - trace + - debug + - info + - warn + - error + - fatal + - all + - panic + type: string + logConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + rotatePolicy: + description: TriggeringPolicy is using to determine if a rollover + should occur. + enum: + - TimedPolicyWithDaily + - TimedPolicyWithWeekly + - TimedPolicyWithMonthly + - SizedPolicyWith10MB + - SizedPolicyWith50MB + - SizedPolicyWith100MB + type: string + type: object + required: + - go + type: object + image: + description: |- + Image is the container image used to run function pods. + default is streamnative/pulsar-functions-java-runner + type: string + imageHasGet: + description: Image which has wget will use wget to download http package + type: boolean + imageHasPulsarctl: + description: Image which has pulsarctl will use pulsarctl to download + package and do cleanup + type: boolean + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to IfNotPresent. + type: string + input: + properties: + customSchemaSources: + additionalProperties: + type: string + type: object + customSerdeSources: + additionalProperties: + type: string + type: object + sourceSpecs: + additionalProperties: + properties: + consumerProperties: + additionalProperties: + type: string + type: object + cryptoConfig: + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + cryptoSecrets: + items: + properties: + asVolume: + type: string + secretKey: + type: string + secretName: + type: string + required: + - secretKey + - secretName + type: object + type: array + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + isRegexPattern: + type: boolean + receiverQueueSize: + format: int32 + type: integer + schemaProperties: + additionalProperties: + type: string + type: object + schemaType: + type: string + serdeClassname: + type: string + type: object + type: object + topicPattern: + type: string + topics: + items: + type: string + type: array + typeClassName: + type: string + type: object + java: + description: JavaRuntime contains the java runtime configs + properties: + extraDependenciesDir: + type: string + jar: + type: string + jarLocation: + type: string + javaOpts: + items: + type: string + type: array + log: + properties: + format: + enum: + - json + - text + type: string + javaLog4JConfigFileType: + enum: + - yaml + - xml + - ini + type: string + level: + description: LogLevel describes the level of the logging + enum: + - "off" + - trace + - debug + - info + - warn + - error + - fatal + - all + - panic + type: string + logConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + rotatePolicy: + description: TriggeringPolicy is using to determine if a rollover + should occur. + enum: + - TimedPolicyWithDaily + - TimedPolicyWithWeekly + - TimedPolicyWithMonthly + - SizedPolicyWith10MB + - SizedPolicyWith50MB + - SizedPolicyWith100MB + type: string + type: object + required: + - jar + type: object + kafka: + properties: + authConfig: + properties: + genericAuth: + properties: + clientAuthenticationParameters: + type: string + clientAuthenticationPlugin: + type: string + required: + - clientAuthenticationParameters + - clientAuthenticationPlugin + type: object + oauth2Config: + properties: + audience: + type: string + issuerUrl: + type: string + keySecretKey: + description: the secret key of the OAuth2 private key + file, such as `auth.json` + type: string + keySecretName: + description: the secret name of the OAuth2 private key + file + type: string + scope: + type: string + required: + - audience + - issuerUrl + - keySecretKey + - keySecretName + type: object + type: object + bootstrapServers: + description: A list of host/port pairs to use for establishing + the initial connection to the KafkaConnect cluster + type: string + tlsConfig: + properties: + enabled: + type: boolean + type: object + type: object + logTopic: + type: string + logTopicAgent: + description: LogTopicAgent enum type + enum: + - runtime + - sidecar + type: string + maxMessageRetry: + format: int32 + type: integer + maxPendingAsyncRequests: + format: int32 + type: integer + maxReplicas: + description: |- + MaxReplicas indicates the maximum number of replicas and enables the HorizontalPodAutoscaler + If provided, a default HPA with CPU at average of 80% will be used. + For complex HPA strategies, please refer to Pod.HPAutoscaler. + format: int32 + type: integer + minReplicas: + default: 1 + format: int32 + minimum: 0 + type: integer + name: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + namespace: + type: string + output: + properties: + customSchemaSinks: + additionalProperties: + type: string + type: object + producerConf: + properties: + batchBuilder: + type: string + compressionType: + description: CompressionType enum type + enum: + - NONE + - LZ4 + - ZLIB + - ZSTD + - SNAPPY + type: string + cryptoConfig: + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + cryptoSecrets: + items: + properties: + asVolume: + type: string + secretKey: + type: string + secretName: + type: string + required: + - secretKey + - secretName + type: object + type: array + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + maxPendingMessages: + format: int32 + type: integer + maxPendingMessagesAcrossPartitions: + format: int32 + type: integer + useThreadLocalProducers: + type: boolean + type: object + sinkSchemaType: + type: string + sinkSerdeClassName: + type: string + topic: + type: string + typeClassName: + type: string + type: object + persistentVolumeClaimRetentionPolicy: + description: |- + StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs + created from the StatefulSet VolumeClaimTemplates. + properties: + whenDeleted: + description: |- + WhenDeleted specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is deleted. The default policy + of `Retain` causes PVCs to not be affected by StatefulSet deletion. The + `Delete` policy causes those PVCs to be deleted. + type: string + whenScaled: + description: |- + WhenScaled specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is scaled down. The default + policy of `Retain` causes PVCs to not be affected by a scaledown. The + `Delete` policy causes the associated PVCs for any excess pods above + the replica count to be deleted. + type: string + type: object + pod: + properties: + affinity: + description: Affinity specifies the scheduling constraints of + a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pods the operator creates + type: object + autoScalingBehavior: + description: |- + AutoScalingBehavior configures the scaling behavior of the target + in both Up and Down directions (scaleUp and scaleDown fields respectively). + If not set, the default HPAScalingRules for scale up and scale down are used. + properties: + scaleDown: + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy which + must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + scaleUp: + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy which + must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + type: object + autoScalingMetrics: + description: |- + AutoScalingMetrics contains the specifications for which to use to calculate the + desired replica count (the maximum replica count across all metrics will + be used). + More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#metricspec-v2-autoscaling + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of the + referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + builtinAutoscaler: + description: |- + BuiltinAutoscaler refers to the built-in autoscaling rules + Available values: AverageUtilizationCPUPercent80, AverageUtilizationCPUPercent50, AverageUtilizationCPUPercent20 + AverageUtilizationMemoryPercent80, AverageUtilizationMemoryPercent50, AverageUtilizationMemoryPercent20 + TODO: validate the rules, user may provide duplicate rules, should check with webhook + items: + type: string + type: array + env: + description: Env Environment variables to expose on the pulsar-function + containers + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same + namespace to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + Init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + items: + description: A single application container that you want to + run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in + a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a raw + block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod the + operator creates for the cluster. + type: object + liveness: + properties: + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + initialDelaySeconds: + description: some functions may take a long time to start + up(like download packages), so we need to set the initial + delay + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + type: object + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run this pod. + type: string + sidecars: + description: |- + Sidecar containers running alongside with the main function container in the + pod. + items: + description: A single application container that you want to + run within a pod. + properties: + args: + description: |- + Arguments to the entrypoint. + The container image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + command: + description: |- + Entrypoint array. Not executed within a shell. + The container image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + items: + type: string + type: array + env: + description: |- + List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: |- + List of sources to populate environment variables in the container. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Container image name. + More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default or override + container images in workload controllers like Deployments and StatefulSets. + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to container lifecycle events. + Cannot be updated. + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + sleep: + description: Sleep represents the duration that + the container should sleep before being terminated. + properties: + seconds: + description: Seconds is the number of seconds + to sleep. + format: int64 + type: integer + required: + - seconds + type: object + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for the backward compatibility. There are no validation of this field and + lifecycle hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: |- + Periodic probe of container liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the container. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Modifying this array with strategic merge patch may corrupt the data. + For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in + a single container. + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + format: int32 + type: integer + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + default: TCP + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource + resize policy for the container. + properties: + resourceName: + description: |- + Name of the resource to which this resource resize policy applies. + Supported values: cpu, memory. + type: string + restartPolicy: + description: |- + Restart policy to apply when specified resource is resized. + If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: |- + Compute Resources required by this container. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + restartPolicy: + description: |- + RestartPolicy defines the restart behavior of individual containers in a pod. + This field may only be set for init containers, and the only allowed value is "Always". + For non-init containers or when this field is not specified, + the restart behavior is defined by the Pod's restart policy and the container type. + Setting the RestartPolicy as "Always" for the init container will have the following effect: + this init container will be continually restarted on + exit until all regular containers have terminated. Once all regular + containers have completed, all init containers with restartPolicy "Always" + will be shut down. This lifecycle differs from normal init containers and + is often referred to as a "sidecar" container. Although this init + container still starts in the init container sequence, it does not wait + for the container to complete before proceeding to the next init + container. Instead, the next init container starts immediately after this + init container is started, or after any startupProbe has successfully + completed. + type: string + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: |- + StartupProbe indicates that the Pod has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + stdin: + description: |- + Whether this container should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the container's termination message + will be written is mounted into the container's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the container status message on both success and failure. + FallbackToLogsOnError will use the last chunk of container log output if the termination + message file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a raw + block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: |- + Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: |- + Container's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in + the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the + blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure managed + data disk (only in managed availability set). defaults + to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must not + be absolute or contain the ''..'' path. Must + be utf-8 encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use + for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: |- + name of the volume. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume + root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + required: + - path + type: object + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the + downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute or + contain the ''..'' path. Must be utf-8 + encoded. The first item of the relative + path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool + associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + vpa: + description: VPA indicates whether to enable the VerticalPodAutoscaler, + it should not be used with HPA + properties: + resourcePolicy: + description: Controls how the autoscaler computes recommended + resources. + properties: + containerPolicies: + description: Per-container resource policies. + items: + description: |- + ContainerResourcePolicy controls how autoscaler computes the recommended + resources for a specific container. + properties: + containerName: + description: |- + Name of the container or DefaultContainerResourcePolicy, in which + case the policy is used by the containers that don't have their own + policy specified. + type: string + controlledResources: + description: |- + Specifies the type of recommendations that will be computed + (and possibly applied) by VPA. + If not specified, the default of [ResourceCPU, ResourceMemory] will be used. + items: + description: ResourceName is the name identifying + various resources in a ResourceList. + type: string + type: array + controlledValues: + description: |- + Specifies which resource values should be controlled. + The default is "RequestsAndLimits". + enum: + - RequestsAndLimits + - RequestsOnly + type: string + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the maximum amount of resources that will be recommended + for the container. The default is no maximum. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Specifies the minimal amount of resources that will be recommended + for the container. The default is no minimum. + type: object + mode: + description: Whether autoscaler is enabled for the + container. The default is "Auto". + enum: + - Auto + - "Off" + type: string + type: object + type: array + type: object + updatePolicy: + description: |- + Describes the rules on how changes are applied to the pods. + If not specified, all fields in the `PodUpdatePolicy` are set to their + default values. + properties: + minReplicas: + description: |- + Minimal number of replicas which need to be alive for Updater to attempt + pod eviction (pending other checks like PDB). Only positive values are + allowed. Overrides global '--min-replicas' flag. + format: int32 + type: integer + updateMode: + description: |- + Controls when autoscaler applies changes to the pod resources. + The default is 'Auto'. + enum: + - "Off" + - Initial + - Recreate + - Auto + type: string + type: object + type: object + type: object + processingGuarantee: + description: ProcessGuarantee enum type + enum: + - atleast_once + - atmost_once + - effectively_once + - manual + type: string + pulsar: + properties: + authConfig: + description: To replace the AuthSecret + properties: + genericAuth: + properties: + clientAuthenticationParameters: + type: string + clientAuthenticationPlugin: + type: string + required: + - clientAuthenticationParameters + - clientAuthenticationPlugin + type: object + oauth2Config: + properties: + audience: + type: string + issuerUrl: + type: string + keySecretKey: + description: the secret key of the OAuth2 private key + file, such as `auth.json` + type: string + keySecretName: + description: the secret name of the OAuth2 private key + file + type: string + scope: + type: string + required: + - audience + - issuerUrl + - keySecretKey + - keySecretName + type: object + type: object + authSecret: + description: |- + The auth secret should contain the following fields + clientAuthenticationPlugin + clientAuthenticationParameters + type: string + cleanupAuthConfig: + properties: + genericAuth: + properties: + clientAuthenticationParameters: + type: string + clientAuthenticationPlugin: + type: string + required: + - clientAuthenticationParameters + - clientAuthenticationPlugin + type: object + oauth2Config: + properties: + audience: + type: string + issuerUrl: + type: string + keySecretKey: + description: the secret key of the OAuth2 private key + file, such as `auth.json` + type: string + keySecretName: + description: the secret name of the OAuth2 private key + file + type: string + scope: + type: string + required: + - audience + - issuerUrl + - keySecretKey + - keySecretName + type: object + type: object + pulsarConfig: + description: |- + The config map need to contain the following fields + webServiceURL + brokerServiceURL + type: string + tlsConfig: + description: To replace the TLSSecret + properties: + allowInsecure: + type: boolean + certSecretKey: + type: string + certSecretName: + type: string + enabled: + type: boolean + hostnameVerification: + type: boolean + type: object + tlsSecret: + description: |- + The TLS secret should contain the following fields + use_tls + tls_allow_insecure + hostname_verification_enabled + tls_trust_cert_path + type: string + type: object + python: + description: PythonRuntime contains the python runtime configs + properties: + log: + properties: + format: + enum: + - json + - text + type: string + javaLog4JConfigFileType: + enum: + - yaml + - xml + - ini + type: string + level: + description: LogLevel describes the level of the logging + enum: + - "off" + - trace + - debug + - info + - warn + - error + - fatal + - all + - panic + type: string + logConfig: + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + rotatePolicy: + description: TriggeringPolicy is using to determine if a rollover + should occur. + enum: + - TimedPolicyWithDaily + - TimedPolicyWithWeekly + - TimedPolicyWithMonthly + - SizedPolicyWith10MB + - SizedPolicyWith50MB + - SizedPolicyWith100MB + type: string + type: object + py: + type: string + pyLocation: + type: string + required: + - py + type: object + replicas: + format: int32 + minimum: 0 + type: integer + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + retainKeyOrdering: + type: boolean + retainOrdering: + type: boolean + runtimeFlags: + type: string + secretsMap: + additionalProperties: + properties: + key: + type: string + path: + type: string + type: object + type: object + showPreciseParallelism: + description: |- + Whether show the precise parallelism, if true, the `Parallelism` will be equal to the `Replicas`, + in such case, update the `Replicas` will cause all pods being recreated since the command of pod is updated. + else, the `Parallelism` will be 1, default to false. + It just affects the result of context.getNumInstances, there will be only 1 process and 1 thread in each pod in any cases. + type: boolean + skipToLatest: + type: boolean + statefulConfig: + properties: + pulsar: + properties: + javaProvider: + description: The state store config for Java runtime + properties: + className: + description: |- + The java class name of the state store provider implementation + The class must implement `org.apache.pulsar.functions.instance.state.StateStoreProvider` interface + If not set, `org.apache.pulsar.functions.instance.state.BKStateStoreProviderImpl` will be used + type: string + config: + description: The configmap of the configuration for the + state store provider + type: object + required: + - className + type: object + serviceUrl: + description: |- + The service url points to the state store service + By default, the state store service is bookkeeper table service + type: string + required: + - serviceUrl + type: object + type: object + subscriptionName: + type: string + subscriptionPosition: + description: SubscribePosition enum type + enum: + - latest + - earliest + type: string + tenant: + type: string + timeout: + format: int32 + type: integer + volumeClaimTemplates: + items: + description: PersistentVolumeClaim is a user's request for and claim + to a persistent volume + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status of + resource being resized for the given PVC.\nKey names follow + standard Kubernetes label syntax. Valid values are either:\n\t* + Un-prefixed keys:\n\t\t- storage - the capacity of the + volume.\n\t* Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have kubernetes.io + prefix are considered\nreserved and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the volume + in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller with a + terminal error.\n\t- NodeResizePending:\n\t\tState set + when resize controller has finished resizing the volume + but further resizing of\n\t\tvolume is needed on the node.\n\t- + NodeResizeInProgress:\n\t\tState set when kubelet starts + resizing the volume.\n\t- NodeResizeFailed:\n\t\tState + set when resizing has failed in kubelet with a terminal + error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor + example: if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not set, it + means that no resize operation is in progress for the + given PVC.\n\n\nA controller that receives PVC update + with previously unknown resourceName or ClaimResourceStatus\nshould + ignore the update for the purpose it was designed. For + example - a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates that + change other valid\nresources associated with PVC.\n\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources allocated + to a PVC including its capacity.\nKey names follow standard + Kubernetes label syntax. Valid values are either:\n\t* + Un-prefixed keys:\n\t\t- storage - the capacity of the + volume.\n\t* Custom resources must use implementation-defined + prefixed names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or have kubernetes.io + prefix are considered\nreserved and hence may not be used.\n\n\nCapacity + reported here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor storage + quota, the larger value from allocatedResources and PVC.spec.resources + is used.\nIf allocatedResources is not set, PVC.spec.resources + alone is used for quota calculation.\nIf a volume expansion + capacity request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress and if + the actual volume capacity\nis equal or lower than the + requested capacity.\n\n\nA controller that receives PVC + update with previously unknown resourceName\nshould ignore + the update for the purpose it was designed. For example + - a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates that + change other valid\nresources associated with PVC.\n\n\nThis + is an alpha field and requires enabling RecoverVolumeExpansionFailure + feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources of + the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains details + about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed the + condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType is + a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, such + as\n the specified VolumeAttributesClass not existing.\n + - InProgress\n InProgress indicates that the volume + is being modified.\n - Infeasible\n Infeasible indicates + that the request has been rejected as invalid by the + CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass + needs to be specified.\nNote: New statuses can be + added in the future. Consumers should check for unknown + statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName is the + name of the VolumeAttributesClass the PVC currently + being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + volumeMounts: + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + windowConfig: + properties: + actualWindowFunctionClassName: + type: string + lateDataTopic: + type: string + maxLagMs: + format: int64 + type: integer + slidingIntervalCount: + format: int32 + type: integer + slidingIntervalDurationMs: + format: int64 + type: integer + timestampExtractorClassName: + type: string + watermarkEmitIntervalMs: + format: int64 + type: integer + windowLengthCount: + format: int32 + type: integer + windowLengthDurationMs: + format: int64 + type: integer + required: + - actualWindowFunctionClassName + type: object + required: + - kafka + type: object + status: + description: KafkaConnectStatus defines the observed state of ApiKeys + properties: + conditions: + description: Conditions is an array of current observed conditions. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: ObservedGeneration is the most recent generation observed + for this api keys service. + format: int64 + type: integer + type: object + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_oxiaclusters.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_oxiaclusters.yaml new file mode 100644 index 00000000000..90e6b7dc43b --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_oxiaclusters.yaml @@ -0,0 +1,3882 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: oxiaclusters.k8s.streamnative.io +spec: + group: k8s.streamnative.io + names: + kind: OxiaCluster + listKind: OxiaClusterList + plural: oxiaclusters + singular: oxiacluster + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OxiaCluster is the Schema for the oxiaclusters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OxiaClusterSpec defines the desired state of OxiaCluster + properties: + coordinator: + description: Coordinator contains configuration specific to the coordinator + component + properties: + resources: + description: Resources is the resource requirement of coordinator + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + image: + description: Image contains configuration specific to the image being + used + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + istio: + description: Istio defines the configurations for istio + properties: + authRules: + description: AuthRules define the AuthorizationPolicies + items: + properties: + fromSource: + items: + properties: + principals: + items: + type: string + type: array + type: object + type: array + toOperation: + description: ToOperation defines the ports that the rule + applies to + items: + properties: + ports: + description: Ports defines the ports that the rule + applies to + items: + type: string + type: array + type: object + type: array + type: object + type: array + enabled: + description: Enabled defines whether to enable Istio + type: boolean + gateway: + description: |- + Gateway defines the gateway configuration, Gateway will be ignored if Gateways is not empty + The operator could either create a gateway automatically or use an existing one + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used to + detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record from + wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines the + name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should be\n + \ name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of the + secret in the Broker workload namespace.\nRequired in + both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + gateways: + description: Gateways define a list of gateway configurations, + Gateway will be used if Gateways is empty + items: + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used + to detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record + from wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines + the name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should + be\n name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of + the secret in the Broker workload namespace.\nRequired + in both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + default: default + description: Revision defines which Istio control plane inject + sidecar + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + labels: + additionalProperties: + type: string + description: Labels contains the labels assigned for all the component + type: object + monitoringEnabled: + description: MonitoringEnabled determines whether a Prometheus ServiceMonitor + should be created + type: boolean + pprofEnabled: + description: PprofEnabled determines whether the pprof HTTP service + will be enabled + type: boolean + server: + description: Server contains configuration specific to the server + component + properties: + blockCacheSize: + anyOf: + - type: integer + - type: string + description: BlockCacheSize is the max size of the shared DB cache. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + blockCacheSizeMB: + description: |- + BlockCacheSizeMB is the max size of the shared DB cache. + Deprecate: Use BlockCacheSize instead. + format: int32 + type: integer + persistentVolumeClaimRetentionPolicy: + description: PersistentVolumeClaimRetentionPolicy is the policy + to retain the persistent volume claim + properties: + whenDeleted: + description: |- + WhenDeleted specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is deleted. The default policy + of `Retain` causes PVCs to not be affected by StatefulSet deletion. The + `Delete` policy causes those PVCs to be deleted. + type: string + whenScaled: + description: |- + WhenScaled specifies what happens to PVCs created from StatefulSet + VolumeClaimTemplates when the StatefulSet is scaled down. The default + policy of `Retain` causes PVCs to not be affected by a scaledown. The + `Delete` policy causes the associated PVCs for any excess pods above + the replica count to be deleted. + type: string + type: object + pod: + description: Pod defines the policy for creating a server pod + for the cluster + properties: + affinity: + description: Affinity specifies the scheduling constraints + of a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach + to pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a + shell. + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has + successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed to + the container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod + the operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements + of containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required secrets + into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether + the container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running alongside + with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a + shell. + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has + successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy of + the pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs to + delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables of a + Pod + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should + populate this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + default: 3 + description: Replicas is the number of server pods that should + be running + format: int32 + minimum: 0 + type: integer + resources: + description: Resources is the resource requirement of coordinator + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + volumeClaimSpec: + description: VolumeClaimSpec is the specification of the persistent + volume claim + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + type: object + type: object + status: + description: OxiaClusterStatus defines the observed state of OxiaCluster + properties: + conditions: + description: Conditions is the current conditions of the cluster + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + namespaces: + description: Namespaces is the status of the namespaces in the oxia + cluster + items: + description: OxiaNamespaceCondition is the condition of one namespace + properties: + name: + description: Name of the namespace + type: string + ready: + type: string + shards: + items: + properties: + id: + type: string + state: + type: string + required: + - id + - state + type: object + type: array + required: + - name + - ready + - shards + type: object + type: array + serverStatus: + description: ServerStatus is the current server status of the cluster + properties: + readyReplicas: + format: int32 + type: integer + replica: + format: int32 + type: integer + required: + - readyReplicas + - replica + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_oxianamespaces.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_oxianamespaces.yaml new file mode 100644 index 00000000000..c63839fc33c --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_oxianamespaces.yaml @@ -0,0 +1,172 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: oxianamespaces.k8s.streamnative.io +spec: + group: k8s.streamnative.io + names: + kind: OxiaNamespace + listKind: OxiaNamespaceList + plural: oxianamespaces + singular: oxianamespace + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: OxiaNamespace is the Schema for the oxianamespaces API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OxiaNamespaceSpec defines the desired state of OxiaNamespace + properties: + clusterRef: + description: ClusterRef defines the reference to the oxia cluster + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + namespaceConfig: + properties: + initialShardCount: + default: 3 + format: int32 + minimum: 0 + type: integer + name: + type: string + replicationFactor: + default: 1 + format: int32 + minimum: 0 + type: integer + required: + - name + type: object + required: + - clusterRef + - namespaceConfig + type: object + status: + description: OxiaNamespaceStatus defines the observed state of OxiaNamespace + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + shards: + items: + properties: + id: + type: string + state: + type: string + required: + - id + - state + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_pfsqlclusters.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_pfsqlclusters.yaml new file mode 100644 index 00000000000..4a5acce0e61 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_pfsqlclusters.yaml @@ -0,0 +1,614 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pfsqlclusters.k8s.streamnative.io +spec: + group: k8s.streamnative.io + names: + kind: PFSQLCluster + listKind: PFSQLClusterList + plural: pfsqlclusters + singular: pfsqlcluster + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PFSQLCluster is the Schema for the pfsqlclusters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PFSQLClusterSpec defines the desired state of PFSQLCluster + properties: + gateway: + properties: + auth: + properties: + oauth2: + properties: + audience: + type: string + authURL: + type: string + issuerUrl: + type: string + subjectClaim: + type: string + required: + - audience + - authURL + - issuerUrl + - subjectClaim + type: object + provider: + type: string + required: + - provider + type: object + image: + type: string + imagePullPolicy: + type: string + type: object + hostname: + description: The external host exposed by istio or ingress + type: string + ingressConfig: + properties: + path: + type: string + tls: + properties: + enabled: + type: boolean + secretName: + type: string + required: + - enabled + - secretName + type: object + type: object + istio: + properties: + authRules: + description: AuthRules define the AuthorizationPolicies + items: + properties: + fromSource: + items: + properties: + principals: + items: + type: string + type: array + type: object + type: array + toOperation: + description: ToOperation defines the ports that the rule + applies to + items: + properties: + ports: + description: Ports defines the ports that the rule + applies to + items: + type: string + type: array + type: object + type: array + type: object + type: array + enabled: + description: Enabled defines whether to enable Istio + type: boolean + gateway: + description: |- + Gateway defines the gateway configuration, Gateway will be ignored if Gateways is not empty + The operator could either create a gateway automatically or use an existing one + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used to + detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record from + wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines the + name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should be\n + \ name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of the + secret in the Broker workload namespace.\nRequired in + both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + gateways: + description: Gateways define a list of gateway configurations, + Gateway will be used if Gateways is empty + items: + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used + to detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record + from wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines + the name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should + be\n name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of + the secret in the Broker workload namespace.\nRequired + in both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + default: default + description: Revision defines which Istio control plane inject + sidecar + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + labels: + additionalProperties: + type: string + type: object + pod: + description: Pod defines the policy for creating api key pod for the + cluster + properties: + labels: + additionalProperties: + type: string + nullable: true + type: object + nodeSelector: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is the resource requirement of api key + service + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + nullable: true + type: array + type: object + pulsarClusterConfig: + properties: + auth: + properties: + oauth2: + properties: + audience: + type: string + issuerUrl: + type: string + keySecretName: + type: string + scope: + type: string + required: + - audience + - issuerUrl + - keySecretName + - scope + type: object + provider: + type: string + required: + - provider + type: object + builtinFunctions: + items: + properties: + bindStatements: + items: + type: string + type: array + className: + type: string + customRuntimeOptions: + additionalProperties: + type: string + type: object + description: + type: string + filename: + type: string + managed: + type: boolean + name: + type: string + packageFileUrl: + type: string + packageUrl: + type: string + required: + - bindStatements + - className + - filename + - name + - packageUrl + type: object + type: array + metadataCompactionThreshold: + type: string + metadataTopic: + type: string + metadataTopicSubscriptionName: + type: string + serviceUrl: + type: string + stateStorageEnabled: + type: boolean + tls: + properties: + tlsAllowInsecureConnection: + type: boolean + tlsCertificateFilePath: + type: string + tlsEnableHostnameVerification: + type: boolean + tlsKeyFilePath: + type: string + tlsRequireTrustedClientCertOnConnect: + type: boolean + type: object + webServiceUrl: + type: string + required: + - serviceUrl + - webServiceUrl + type: object + replicas: + default: 1 + format: int32 + type: integer + serviceAccountName: + description: ServiceAccountName The service account assigned to Gateway + Pod. If empty, the default service account in the namespace will + be used. + type: string + type: object + status: + description: PFSQLClusterStatus defines the observed state of PFSQLCluster + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to reSqlGatewayComponentgenerate code after modifying this file + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + format: int64 + type: integer + required: + - observedGeneration + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_pulsarcoordinators.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_pulsarcoordinators.yaml new file mode 100644 index 00000000000..be0ecce77c3 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/k8s.streamnative.io_pulsarcoordinators.yaml @@ -0,0 +1,753 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: sn-operator-system/sn-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarcoordinators.k8s.streamnative.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: sn-operator-webhook-service + namespace: sn-operator-system + path: /convert + conversionReviewVersions: + - v1 + group: k8s.streamnative.io + names: + categories: + - pulsar + kind: PulsarCoordinator + listKind: PulsarCoordinatorList + plural: pulsarcoordinators + shortNames: + - pcoord + singular: pulsarcoordinator + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.image + name: IMAGE + type: string + - jsonPath: .spec.placement.availabilityPolicy + name: AVAILABILITY_POLICY + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarCoordinator is the Schema for the pulsarcoordinators API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarCoordinatorSpec defines the desired state of PulsarCoordinator + properties: + auditLog: + description: AuditLog is the custom configuration of audit log. + properties: + categories: + default: + - Management + description: |- + Categories indicate the captured categories of audit log events. Default is [Management] + More details in https://github.com/streamnative/sn-pulsar-plugins/tree/master/pulsar-audit-log#pulsar-audit-log + items: + type: string + type: array + type: object + authentication: + description: Authentication defines the configuration of authentication + properties: + apiKey: + description: ApiKey defines the configuration flag of api key + authentication + properties: + authzAdminRole: + description: AuthzAdminRole Authz Role to operate as a Pulsar + superuser. + type: string + authzRoleClaim: + description: AuthzRoleClaim JWT claim to use for Authz roles. + type: string + enabled: + description: Enabled defines whether ApiKey is enabled + type: boolean + subjectClaim: + default: sub + description: SubjectClaim JWT claim to use as the user name, + by default sub. + type: string + type: object + type: object + autoScalingPolicy: + description: AutoScalingPolicy is simply a flag for now indicating + if sn-operator manages hpa on components. + type: object + detector: + description: |- + Detector defines the configuration of SLA detector + Detector will be enabled when the field is not nil + properties: + image: + description: |- + Image is the container image used to pulsar detector pods. + The default should be same as broker image + nullable: true + type: string + kafka: + nullable: true + properties: + authParam: + type: string + authPlugin: + type: string + schemaRegistryURL: + type: string + securityProtocol: + type: string + serviceURL: + type: string + type: object + pod: + description: CommonPodPolicy defines the common pod data + nullable: true + properties: + labels: + additionalProperties: + type: string + nullable: true + type: object + nodeSelector: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-map-type: atomic + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + nullable: true + type: array + type: object + serviceEndpoint: + description: |- + ServiceEndpoint represents custom service endpoint for pulsar service and web service + If it is specified, it will override the service endpoint from pulsarbroker + properties: + pulsarServiceURL: + type: string + webServiceURL: + type: string + type: object + type: object + image: + description: Image is the container image used to run pods in the + pulsar cluster. + type: string + istio: + description: Istio defines Istio configuration of components + properties: + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + kafkaConnect: + description: KafkaConnectServlet defines the configuration of Kafka + Connect servlet + nullable: true + properties: + defaultNamespace: + description: Default namespace for KSN Connect, if not provide, + will use the default namespace. + type: string + defaultTenant: + description: Default tenant for KSN Connect, if not provide, will + use the default tenant. + type: string + enabled: + description: Enabled indicates whether to deploy the Kafka Connect. + nullable: true + type: boolean + kafkaBootstrapServersTLS: + description: KafkaBootstrapServersTLS + type: boolean + offsetStorageTopic: + description: OffsetStorageTopic is the offset storage topic for + the KSN Connect, if not provide, will use the default offset + storage topic `kafka-connect-offset-storage`. + type: string + pod: + description: Pod defines the policy for creating kafka connect + pods + properties: + labels: + additionalProperties: + type: string + nullable: true + type: object + nodeSelector: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-map-type: atomic + resources: + description: Resources is the resource requirement of api + key service + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run the kafka connect. + type: string + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + nullable: true + type: array + type: object + type: object + pfsql: + description: Pfsql defines the configuration of PFSQLCluster + properties: + labels: + additionalProperties: + type: string + description: Labels is a set of key/value pairs that will be added + to the pfsql cluster pods. + type: object + metadataCompactionThreshold: + description: MetadataCompactionThreshold is the threshold of metadata + compaction. + nullable: true + type: string + metadataTopicName: + description: MetadataTopicName is the name of the metadata topic. + type: string + metadataTopicSubscriptionName: + description: MetadataTopicSubscriptionName is the name of the + metadata topic subscription. + nullable: true + type: string + pod: + description: CommonPodPolicy defines the common pod data + nullable: true + properties: + labels: + additionalProperties: + type: string + nullable: true + type: object + nodeSelector: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-map-type: atomic + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + nullable: true + type: array + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run the pfsql cluster. + type: string + stateStorageEnabled: + description: StateStorageEnabled is the flag to enable state storage. + nullable: true + type: boolean + type: object + placement: + description: Placement determines the distribution of pods and data. + properties: + availabilityPolicy: + description: AvailabilityPolicy determines the distribution of + pods and data. + enum: + - Zonal + - Regional + type: string + type: object + pod: + description: Pod defines the common metadata of the pod that will + be used on components + properties: + labels: + additionalProperties: + type: string + nullable: true + type: object + nodeSelector: + additionalProperties: + type: string + nullable: true + type: object + x-kubernetes-map-type: atomic + tolerations: + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + nullable: true + type: array + type: object + toolSet: + description: |- + ToolSet defines the configuration of the tool set pod + ToolSet is enabled by default when the field is defined even if it is empty + properties: + enabled: + description: Enabled defines whether toolset is enabled + type: boolean + replicas: + description: Replicas is the desired replicas of the toolset. + format: int32 + minimum: 0 + type: integer + type: object + troubleshootings: + description: |- + Troubleshootings defines a list of troubleshooting commands to be executed. + Each item represents a troubleshooting command. + items: + description: TroubleshootingSpec defines a troubleshooting command + to be executed. + properties: + action: + description: Action is the specific command to be executed. + Options include but are not limited to 'heapDump', 'threadDump', + 'hotThread'. + type: string + id: + description: ID is the unique identifier for the command, used + to differentiate between multiple commands. + type: string + inputs: + description: List of parameters to be used when executing the + command. + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + message: + description: Field for setting messages to indicate the reason + for performing this action, notes, and other remarks. + type: string + name: + description: Name of the command. In this context, it is the + name of the pod to which the command will be applied. + type: string + s3PresignedUrl: + description: Pre-signed S3 URL for uploading the output files + generated after the command execution. If not configured, + the upload step will be ignored. + type: string + scope: + description: Scope of the command. Currently, only the 'pods' + option is supported. + enum: + - pods + type: string + split: + description: Configuration for splitting a log file. + properties: + number: + description: Number indicates the target number of parts + that the log file should be split into. + type: integer + size: + description: Size indicates the target size for each part + after the log file is split. + type: string + type: object + required: + - action + - id + - name + - scope + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + type: object + status: + description: PulsarCoordinatorStatus defines the observed state of PulsarCoordinator + properties: + computeUnit: + anyOf: + - type: integer + - type: string + description: ComputeUnit defines all compute units under this coordinator + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + conditions: + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this cluster. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + storageUnit: + anyOf: + - type: integer + - type: string + description: StorageUnit defines all storage units under this coordinator + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + troubleshootings: + description: |- + Troubleshootings defines a list of troubleshooting commands along with their execution status. + Each item represents a troubleshooting status. + items: + description: TroubleshootingStatus defines a troubleshooting command + along with its execution status. + properties: + commands: + description: Actual commands executed(including split command). + items: + type: string + type: array + id: + description: Unique identifier for the command, used to differentiate + between multiple commands. + type: string + message: + description: Additional information about the execution status + of the command. + type: string + outputs: + description: List of the paths of output files generated after + the command execution. The wildcard field indicates whether + the path includes wildcards. + items: + description: TroubleshootingOutput represents the path of + an output file generated after the command execution. + properties: + path: + description: Path of the output file. + type: string + wildcard: + description: Indicates whether the path includes wildcards. + type: boolean + type: object + type: array + phase: + description: Phase of execution of the command. + type: string + required: + - id + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarbrokerrevisions.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarbrokerrevisions.yaml new file mode 100644 index 00000000000..095b22a40ec --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarbrokerrevisions.yaml @@ -0,0 +1,8263 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarbrokerrevisions.pulsar.streamnative.io +spec: + group: pulsar.streamnative.io + names: + categories: + - pulsar + kind: PulsarBrokerRevision + listKind: PulsarBrokerRevisionList + plural: pulsarbrokerrevisions + shortNames: + - pbv + - brokerrevision + singular: pulsarbrokerrevision + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .status.readyReplicas + name: Ready Replicas + type: integer + - jsonPath: .spec.image + name: Desired Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarBrokerRevision is the Schema for the pulsarbrokers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarBrokerRevisionSpec defines the desired state of PulsarBrokerRevision + properties: + apiObjects: + description: APIObjects allows precise control over how components + (services, statefulset and so on) should be managed + properties: + brokerConfigMap: + description: BrokerConfigMap defines the broker ConfigMap resource + template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + externalService: + description: ExternalService defines the Pulsar External Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + functionMeshConfigMap: + description: FunctionMeshConfigMap defines the FunctionMesh ConfigMap + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + functionWorkerConfigMap: + description: FunctionWorkerConfigMap defines the function worker + ConfigMap resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + headlessService: + description: HeadlessService defines the Pulsar Headless Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + hpa: + description: HPA defines the horizontalPodAutoscaler resource + template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + interceptorConfigMap: + description: InterceptorConfigMap defines the interceptor ConfigMap + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + internalService: + description: InternalService defines the Pulsar Client Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + pdb: + description: PDB defines the PodDisruptionBudget resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + statefulSet: + description: StatefulSet defines the broker StatefulSet resource + template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize the name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + replaceEnabled: + description: Enable replace if needed when ReplaceEnabled + is true + type: boolean + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + volumeClaimTemplates: + description: |- + VolumeClaimTemplates is a list of claims that pods are allowed to reference. + If a non-empty list is specified, the original values in the desired STS will be replaced. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the + volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller + with a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing + the volume but further resizing of\n\t\tvolume + is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState + set when kubelet starts resizing the volume.\n\t- + NodeResizeFailed:\n\t\tState set when resizing + has failed in kubelet with a terminal error. Transient + errors don't set\n\t\tNodeResizeFailed.\nFor example: + if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not + set, it means that no resize operation is in progress + for the given PVC.\n\n\nA controller that receives + PVC update with previously unknown resourceName + or ClaimResourceStatus\nshould ignore the update + for the purpose it was designed. For example - + a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates + that change other valid\nresources associated + with PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nCapacity reported + here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used.\nIf allocatedResources + is not set, PVC.spec.resources alone is used for + quota calculation.\nIf a volume expansion capacity + request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress + and if the actual volume capacity\nis equal or + lower than the requested capacity.\n\n\nA controller + that receives PVC update with previously unknown + resourceName\nshould ignore the update for the + purpose it was designed. For example - a controller + that\nonly is responsible for resizing capacity + of the volume, should ignore PVC updates that + change other valid\nresources associated with + PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, + such as\n the specified VolumeAttributesClass + not existing.\n - InProgress\n InProgress + indicates that the volume is being modified.\n + - Infeasible\n Infeasible indicates that + the request has been rejected as invalid by + the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be + specified.\nNote: New statuses can be added + in the future. Consumers should check for + unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass the + PVC currently being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + volumeExpansionEnabled: + description: Expand volume size automatically if needed when + VolumeExpansionEnabled is true + type: boolean + volumeMounts: + description: |- + VolumeMounts is a list of volumes to mount into the container's filesystem. + If a non-empty list is specified, the original values of the main container in the desired STS will be replaced. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + type: object + bkMetadataServiceUri: + description: |- + BkMetadataServiceURI defines the metadata service uri that bookkeeper is used for loading corresponding + metadata driver and resolving its metadata service location. + type: string + config: + description: Config defines configurations for brokers + nullable: true + properties: + additionalServlets: + description: AdditionalServlets defines additional servlet list + items: + type: string + nullable: true + type: array + advertisedDomain: + description: AdvertisedDomain defines a root domain of the services + to advertise to the outside world. + type: string + authentication: + description: Authentication defines broker authentication + properties: + apiKey: + description: ApiKeys authentication configuration + properties: + oidcIssuers: + description: OIDCIssuers OpenID Connect configuration + for API keys + items: + properties: + adminScope: + default: admin + description: AdminScope Scope to operate as a Pulsar + superuser, by default admin. + type: string + audience: + description: Audience The expected audience for + the OIDC token. This field is required. + type: string + authzAdminRole: + description: AuthzAdminRole Authz Role to operate + as a Pulsar superuser. + type: string + authzRoleClaim: + description: AuthzRoleClaim JWT claim to use for + Authz roles. + type: string + issuerUrl: + description: IssuerUrl of the provider which allows + Pulsar to discover public signing keys. Required. + type: string + requiredScope: + description: RequiredScope to require in a JWT token + used for authentication, optional. + type: string + scopeClaim: + default: scope + description: ScopeClaim JWT claim to use as the + scope claim, by default scope. + type: string + subjectClaim: + default: sub + description: SubjectClaim JWT claim to use as the + user name, by default sub. + type: string + required: + - audience + - issuerUrl + type: object + type: array + x-kubernetes-list-map-keys: + - issuerUrl + x-kubernetes-list-type: map + revocationListLoadIntervalInSecs: + description: RevocationListLoadIntervalInSecs Interval + to load the revocation list from api keys service + format: int32 + type: integer + revocationListUrl: + description: RevocationListUrl URL to fetch the revocation + list from api keys service + type: string + skipRevocationListValidationOnRevocationListInitFailure: + description: SkipRevocationListValidationOnRevocationListInitFailure + Skip validation of revocation list if the revocation + list + type: boolean + type: object + jwt: + description: JWT enabled jwt authentication + properties: + tokenAuthClaim: + default: sub + description: |- + TokenAuthClaim The token "claim" that will be interpreted as the authentication "role" or "principal" by + AuthenticationProviderToken (defaults to "sub" if blank) + type: string + tokenPublicKey: + description: |- + Asymmetric public/private key pair + TokenPublicKey Configure the public key to be used to validate auth tokens + The key can be specified like: + tokenPublicKey: data:;base64,xxxxxxxxx + tokenPublicKey: file:///my/public.key ( Note: key file must be DER-encoded ) + tokenPublicKey: your-secret-name, the secret should contain the `secret-key` field + type: string + tokenSecretKey: + description: |- + Symmetric key + TokenSecretKey Configure the secret key to be used to validate auth tokens + The key can be specified like: + tokenSecretKey: data:;base64,xxxxxxxxx + tokenSecretKey: file:///my/secret.key ( Note: key file must be DER-encoded ) + tokenSecretKey: your-secret-name, the secret should contain the `public-key` field + type: string + type: object + type: object + authorization: + description: Authorization defines broker authorization + properties: + proxyRoles: + description: |- + Role names that are treated as "proxy roles". If the broker sees a request with + role as proxyRoles - it will demand to see a valid original principal. + type: string + rbac: + nullable: true + type: object + superUserRoles: + description: |- + SuperUserRoles Role names that are treated as "super-user", meaning they will be able to do all admin + operations and publish/consume from all topics + type: string + type: object + clientAuth: + description: ClientAuth authentication configuration for client + connections + properties: + generic: + description: Generic Client Generic authentication configuration + properties: + authParams: + description: |- + Parameters passed to authentication plugin. + A comma separated list of key:value pairs. + Keys depend on the configured authPlugin. + e.g. for TLS + authParams: tlsCertFile:/my/cert/file,tlsKeyFile:/my/key/file + AuthParams This parameter is required if using a generic configuration + type: string + authPlugin: + description: |- + Authentication plugin to authenticate with servers + e.g. for TLS + authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls + AuthPlugin This parameter is required if using a generic configuration + type: string + custom: + additionalProperties: + type: string + description: Custom parameters for the client authentication + type: object + required: + - authParams + - authPlugin + type: object + jwt: + description: JWT Client JWT authentication configuration + properties: + secret: + description: Secret name to fetch the token from, this + secret should contain the `token` field + type: string + token: + description: |- + Token passed to authentication plugin. + A comma separated list of key:value pairs. + Keys depend on the configured authPlugin. + Token + type: string + type: object + type: object + clusterName: + description: ClusterName defines name of the Pulsar cluster. + type: string + compactionScheduler: + description: CompactionScheduler defines the configuration of + compaction scheduler + properties: + config: + description: Config is the configuration of the compaction + scheduler + properties: + backendStorageType: + default: S3 + description: BackendStorageType is the backend storage + type + enum: + - S3 + - Local + type: string + compactedThreadNum: + description: CompactedThreadNum is the compacted thread + number + type: integer + compactionServiceClass: + description: CompactionServiceClass is the compaction + service class + type: string + custom: + additionalProperties: + type: string + description: Custom defines the customized configuration + for the compaction scheduler + type: object + localConfig: + description: Local defines local storage related configuration + properties: + storagePath: + type: string + type: object + s3Config: + description: S3 defines S3 related configuration + properties: + bucketName: + type: string + prefix: + type: string + type: object + type: object + enabled: + description: Enabled defines whether compaction scheduler + is enabled + type: boolean + image: + type: string + pod: + description: Pod defines the policy for compaction scheduler + pod + properties: + affinity: + description: Affinity specifies the scheduling constraints + of a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in + the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to + attach to pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within + a shell. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this + container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod + has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed + to the container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to + pod the operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements + of containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required + secrets into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether + the container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running + alongside with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within + a shell. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this + container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod + has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of + a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy + of the pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs + to delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables + of a Pod + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should + populate this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + default: 1 + description: Replicas is the desired replicas of the compaction + scheduler + format: int32 + minimum: 0 + type: integer + type: object + concurrentUnloadPerSecond: + description: control the unload speed of pulsar broker + format: int64 + type: integer + custom: + additionalProperties: + type: string + description: Custom allows to customize broker configurations + directly. + nullable: true + type: object + function: + description: FunctionConfig defines function worker configurations + properties: + custom: + additionalProperties: + type: string + description: Custom allows to custom functions worker's configuration + and will be written to the ConfigMap for `changeConfig` + nullable: true + type: object + customWorkerConfig: + description: |- + CustomWorkerConfig allows customizing function workers config. + The value should be a yaml with the configurations the user want to override + type: string + enabled: + description: Enabled defines whether to enable function in + the cluster + type: boolean + functionRunnerImages: + description: Function runner images + properties: + genericBase: + description: Image of GenericBase function runner. + type: string + genericNode: + description: Image of GenericNode function runner. + type: string + genericPython: + description: Image of GenericPython function runner. + type: string + go: + description: Image of Go function runner. + type: string + java: + description: Image of Java function runner. + type: string + python: + description: Image of Python function runner. + type: string + type: object + labels: + additionalProperties: + type: string + description: Labels defines custom labels for function pods + nullable: true + type: object + mesh: + description: Mesh defines configurations used in function + mesh + properties: + builtinConnectorsRef: + description: BuiltinConnectorsRef defines the reference + to the ConfigMap that contains a list of builtin-connector + definitions + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + disabledRuntimes: + description: DisabledRuntimes defines the list of disabled + runtimes + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + functionEnabled: + description: FunctionEnabled defines whether to enable + function APIs + type: boolean + insecureAuthEnabled: + description: |- + InsecureAuthEnabled defines whether to use insecure auth: + use a same superuser account got from config file in all functions/sinks/sources + type: boolean + sinkEnabled: + description: SinkEnabled defines whether to enable sink + APIs + type: boolean + sourceEnabled: + description: SourceEnabled defines whether to enable source + APIs + type: boolean + uploadEnabled: + description: UploadEnabled defines whether to enable user + code upload in APIs + type: boolean + type: object + resourceRequirements: + description: ResourceRequirements describes the resource requirements + properties: + max: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Max describes maximum compute resource could + request for each replica + type: object + min: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Min describes minimal compute resource should + request for each replica + type: object + type: object + serviceAccountName: + description: The name of the service account to run functions + and connectors. + type: string + type: + description: |- + Type defines the type of function worker service to run functions/sources/sinks + Function-mesh worker service is used if the value of type is FunctionMesh, + otherwise the builtin worker service is used + type: string + type: object + placementPolicy: + description: |- + PlacementPolicy defines the placement policy of the broker + https://github.com/streamnative/sn-pulsar-plugins/tree/master/pulsar-placement-policy#pulsar-placement-policy + enum: + - az-rack-aware + - az-region-aware + type: string + protocolHandlers: + description: ProtocolHandlers defines the configuration of protocol + handlers + properties: + aop: + description: AoP configurations + properties: + enabled: + description: Enabled defines whether to enable AoP + type: boolean + proxyEnabled: + description: |- + Whether to start AMQP proxy. + Deprecated: proxy will always be enabled + type: boolean + type: object + kop: + description: KoP defines KoP configurations + properties: + enabled: + description: Enabled defines whether to enable KoP + type: boolean + schemaRegistryEnabled: + description: SchemaRegistryEnabled define whether to enable + schema registry + type: boolean + tls: + description: TLS defines the TLS configuration on the + broker. + properties: + certSecretName: + description: |- + CertSecretName defines the name of the secret that contains the certificate to use + the value should be name of the secret that contains a valid certificate to use in the proxy + type: string + enabled: + description: |- + Enabled determines whether to enable TLS in proxies + TODO move other TLS related fields here + type: boolean + passwordSecretRef: + description: |- + PasswordSecretRef is a reference to a key in a Secret resource + containing the password used to encrypt the keystore. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. + type: string + name: + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + required: + - name + type: object + trustCertsEnabled: + description: TrustCertsEnabled defines whether to + enable trust store + type: boolean + type: object + type: object + mop: + description: MoP configurations + properties: + authenticationEnabled: + description: AuthenticationEnabled defines whether to + enable MoP authentication. + type: boolean + authenticationMethods: + description: AuthenticationMethods defines which authentication + method to use, only supports token now + type: string + authorizationEnabled: + description: AuthorizationEnabled defines whether to enable + MoP authorization. + type: boolean + enabled: + description: Enabled defines whether to enable MoP + type: boolean + proxyEnabled: + description: ProxyEnabled defines whether to enable MoP + proxy. + type: boolean + type: object + type: object + pulsarRestMessagingServiceEnabled: + description: PulsarRestMessagingServiceEnabled defines whether + Pulsar Rest Messaging will be enabled + type: boolean + readOnly: + description: ReadOnly Support for the broker to be read-only mode + nullable: true + properties: + enabled: + description: Enabled defines whether to enable read-only mode + nullable: true + type: boolean + zoneKeySuffix: + description: ZoneKeySuffix defines the zone key suffix that + are read-only broker + type: string + zoneMappings: + description: ZoneMappings defines the zone mappings + items: + properties: + id: + description: ID defines the zone id + type: string + name: + description: Zone defines the zone name + type: string + required: + - id + - name + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + type: object + serviceURLGenerationPolicy: + default: NameUIDPrefix + description: ServiceURLGenerationPolicy defines how the service + url should be generated + enum: + - NameUIDPrefix + - OrdinalPrefix + - FQDN + type: string + tieredStorageConfig: + description: TieredStorageConfig defines the configuration of + the tiered storage + nullable: true + properties: + customConfig: + additionalProperties: + type: string + description: CustomConfig defines the other configurations + want to apply. + type: object + enabled: + description: Enabled defines whether to enable tiered storage + or not. + type: boolean + storagePath: + description: StoragePath defines the store path of offloaded + data + type: string + type: + description: Type defines which type of the tiered storage + will be used. + enum: + - delta + - iceberg + - hdfs + type: string + type: object + transactionEnabled: + description: TransactionEnabled defines whether transaction support + is enabled in the brokers + type: boolean + usePodIPAsAdvertisedAddress: + description: UsePodIPAsAdvertisedAddress use pod ip as advertise + address. + type: boolean + webSocketServiceEnabled: + description: WebSocketServiceEnabled defines whether WebSocket + will be enabled + type: boolean + type: object + configs: + additionalProperties: + type: string + description: |- + Configs defines custom configurations for brokers + Deprecated: use Config instead + nullable: true + type: object + configurationMetadataStoreUrl: + description: ConfigurationMetadataStoreUrl defines the configuration + metadata store url + nullable: true + type: string + configurationStoreConfig: + description: ConfigurationStoreConfig defines the configuration store + configuration + properties: + zk: + properties: + certSecretName: + description: |- + CertSecretName is the name of the secret that contains the zk client certificate + if set this, client will use mutual tls, otherwise, client will use simple tls + type: string + clusterIndex: + description: |- + ClusterIndex is the index of the zookeeper cluster in the zookeeper clusters list + to check if the cluster is the client of shared zk + format: int32 + type: integer + domain: + description: Domain is the host of the shared zookeeper cluster + type: string + serverPort: + description: ServerPort is the port of the shared zookeeper + cluster + format: int32 + type: integer + type: object + type: object + configurationStoreServers: + description: ConfigurationStoreServers defines the address of the + configuration store + type: string + customization: + description: Customization allows the desired manifests of operator + managed resources to be customized. + items: + properties: + manifest: + description: Manifest defines the patch to apply to customize + the desired resource + type: string + match: + description: Match defines what resource should be customized + by this customization layer + nullable: true + properties: + groupVersionKinds: + description: Matches the group, version, and kind of the + resource. + items: + properties: + group: + description: |- + Group is the group of the resource. + Matches all groups if it's empty or `*`. + type: string + kind: + description: |- + Kind is the kind of the resource. + Matches all kinds if it's `*`. + type: string + version: + description: |- + Version is the version of the resource. + Matches all versions if it's empty or `*`. + type: string + required: + - kind + type: object + nullable: true + type: array + name: + description: |- + Name matches the resource name defined in the metadata. + It could be defined as a Regex pattern, like `^.*-bk$`. + type: string + type: object + required: + - manifest + type: object + nullable: true + type: array + dnsNames: + description: A list of service urls this pulsar broker advertise + items: + type: string + nullable: true + type: array + image: + description: |- + Image is the container image used to run pulsar broker pods. + default is apachepulsar/pulsar:latest + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + interceptors: + description: Interceptors defines a list of interceptors to enable + items: + properties: + configs: + additionalProperties: + type: string + description: Configs defines configs for the interceptor + nullable: true + type: object + mountedConfigs: + description: MountedConfigs defines configs whose value should + be put in a dedicated file + items: + description: The operator generates config files based on + the spec automatically + properties: + configName: + description: ConfigName defines the name of the config + type: string + fileName: + description: FileName defines the name of the file used + to store the value. Defaults to the ConfigName. + type: string + value: + description: Value defines the value of the config + type: string + required: + - configName + - value + type: object + nullable: true + type: array + name: + description: Name defines the name of the interceptor + type: string + required: + - name + type: object + nullable: true + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + istio: + description: Istio defines the configurations for istio + properties: + authRules: + description: AuthRules define the AuthorizationPolicies + items: + properties: + fromSource: + items: + properties: + principals: + items: + type: string + type: array + type: object + type: array + toOperation: + description: ToOperation defines the ports that the rule + applies to + items: + properties: + ports: + description: Ports defines the ports that the rule + applies to + items: + type: string + type: array + type: object + type: array + type: object + type: array + enabled: + description: Enabled defines whether to enable Istio + type: boolean + gateway: + description: |- + Gateway defines the gateway configuration, Gateway will be ignored if Gateways is not empty + The operator could either create a gateway automatically or use an existing one + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used to + detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record from + wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines the + name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should be\n + \ name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of the + secret in the Broker workload namespace.\nRequired in + both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + gateways: + description: Gateways define a list of gateway configurations, + Gateway will be used if Gateways is empty + items: + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used + to detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record + from wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines + the name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should + be\n name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of + the secret in the Broker workload namespace.\nRequired + in both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + default: default + description: Revision defines which Istio control plane inject + sidecar + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + logConfig: + description: LogConfig defines the log configuration + properties: + format: + default: text + description: Format is the log format, value is 'json' or 'text' + enum: + - json + - text + type: string + level: + default: INFO + description: Level is the log level + enum: + - INFO + - DEBUG + - TRACE + - WARN + - ERROR + - FATAL + - ALL + - "OFF" + type: string + template: + description: Template is the log Configuration content, can use + golang template syntax + type: string + type: object + metadataStoreUrl: + description: MetadataStoreUrl defines the metadata store url + nullable: true + type: string + pod: + description: Pod defines the policy for creating a broker pod + properties: + affinity: + description: Affinity specifies the scheduling constraints of + a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed to the + container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod the + operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements of + containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required secrets + into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether the + container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running alongside + with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy of the + pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs to delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables of a Pod + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should populate + this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + description: Replicas is the expected size of the pulsar broker revision + format: int32 + minimum: 0 + type: integer + tls: + description: TLS defines the TLS configuration on the broker. + properties: + certSecretName: + description: |- + CertSecretName defines the name of the secret that contains the certificate to use + the value should be name of the secret that contains a valid certificate to use in the proxy + type: string + enabled: + description: |- + Enabled determines whether to enable TLS in proxies + TODO move other TLS related fields here + type: boolean + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable trust + store + type: boolean + type: object + zkServers: + description: Zookeeper server list + nullable: true + type: string + type: object + status: + description: PulsarBrokerRevisionStatus defines the observed state of + PulsarBrokerRevision + properties: + conditions: + additionalProperties: + description: The `Status` of a given `Condition` and the `Action` + needed to reach the `Status` + properties: + action: + description: The action needed to advance components to ready + status + type: string + condition: + type: string + status: + type: string + required: + - action + - condition + - status + type: object + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of Broker + Important: Run "make" to regenerate code after modifying this file + type: object + dynamicConfig: + additionalProperties: + type: string + description: DynamicConfig display the dynamic configurations for + the broker + type: object + labelSelector: + description: Label selector for scaling + type: string + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this cluster. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + onMeshReplicas: + description: OnMeshReplicas is the number of Pods with service mesh + enabled + format: int32 + type: integer + pendingChanges: + description: PendingChanges shows the skipped changes when the rollout + is paused + items: + properties: + action: + type: string + apiVersion: + type: string + diff: + type: string + kind: + type: string + name: + type: string + required: + - action + - apiVersion + - diff + - kind + - name + type: object + nullable: true + type: array + readyReplicas: + description: ReadyReplicas is the number of ready servers in the cluster + format: int32 + type: integer + replicas: + description: Replicas is the number of servers in the cluster + format: int32 + type: integer + serviceEndpoints: + properties: + cluster: + properties: + pulsarServiceURL: + type: string + webServiceURL: + type: string + type: object + external: + properties: + pulsarServiceURL: + type: string + webServiceURL: + type: string + type: object + type: object + updatedReplicas: + description: UpdatedReplicas is the number of servers that has been + updated to the latest configuration + format: int32 + type: integer + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarbrokers.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarbrokers.yaml new file mode 100644 index 00000000000..93bdfe418ec --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarbrokers.yaml @@ -0,0 +1,11979 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarbrokers.pulsar.streamnative.io +spec: + group: pulsar.streamnative.io + names: + categories: + - pulsar + kind: PulsarBroker + listKind: PulsarBrokerList + plural: pulsarbrokers + shortNames: + - pb + - broker + singular: pulsarbroker + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .status.replicas + name: Ready Replicas + type: integer + - jsonPath: .spec.image + name: Desired Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarBroker is the Schema for the pulsarbrokers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarBrokerSpec defines the desired state of PulsarBroker + properties: + apiObjects: + description: APIObjects allows precise control over how components + (services, statefulset and so on) should be managed + properties: + brokerConfigMap: + description: BrokerConfigMap defines the broker ConfigMap resource + template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + externalService: + description: ExternalService defines the Pulsar External Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + functionMeshConfigMap: + description: FunctionMeshConfigMap defines the FunctionMesh ConfigMap + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + functionWorkerConfigMap: + description: FunctionWorkerConfigMap defines the function worker + ConfigMap resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + headlessService: + description: HeadlessService defines the Pulsar Headless Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + hpa: + description: HPA defines the horizontalPodAutoscaler resource + template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + interceptorConfigMap: + description: InterceptorConfigMap defines the interceptor ConfigMap + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + internalService: + description: InternalService defines the Pulsar Client Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + pdb: + description: PDB defines the PodDisruptionBudget resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + statefulSet: + description: StatefulSet defines the broker StatefulSet resource + template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize the name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + replaceEnabled: + description: Enable replace if needed when ReplaceEnabled + is true + type: boolean + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + volumeClaimTemplates: + description: |- + VolumeClaimTemplates is a list of claims that pods are allowed to reference. + If a non-empty list is specified, the original values in the desired STS will be replaced. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the + volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller + with a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing + the volume but further resizing of\n\t\tvolume + is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState + set when kubelet starts resizing the volume.\n\t- + NodeResizeFailed:\n\t\tState set when resizing + has failed in kubelet with a terminal error. Transient + errors don't set\n\t\tNodeResizeFailed.\nFor example: + if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not + set, it means that no resize operation is in progress + for the given PVC.\n\n\nA controller that receives + PVC update with previously unknown resourceName + or ClaimResourceStatus\nshould ignore the update + for the purpose it was designed. For example - + a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates + that change other valid\nresources associated + with PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nCapacity reported + here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used.\nIf allocatedResources + is not set, PVC.spec.resources alone is used for + quota calculation.\nIf a volume expansion capacity + request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress + and if the actual volume capacity\nis equal or + lower than the requested capacity.\n\n\nA controller + that receives PVC update with previously unknown + resourceName\nshould ignore the update for the + purpose it was designed. For example - a controller + that\nonly is responsible for resizing capacity + of the volume, should ignore PVC updates that + change other valid\nresources associated with + PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, + such as\n the specified VolumeAttributesClass + not existing.\n - InProgress\n InProgress + indicates that the volume is being modified.\n + - Infeasible\n Infeasible indicates that + the request has been rejected as invalid by + the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be + specified.\nNote: New statuses can be added + in the future. Consumers should check for + unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass the + PVC currently being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + volumeExpansionEnabled: + description: Expand volume size automatically if needed when + VolumeExpansionEnabled is true + type: boolean + volumeMounts: + description: |- + VolumeMounts is a list of volumes to mount into the container's filesystem. + If a non-empty list is specified, the original values of the main container in the desired STS will be replaced. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + type: object + autoScalingPolicy: + description: AutoScalingPolicy defines how BookKeeperCluster will + be scaled up/down with given metrics and threshold + nullable: true + properties: + behavior: + description: |- + Behavior configures the scaling behavior of the target + in both Up and Down directions (scaleUp and scaleDown fields respectively). + If not set, the default HPAScalingRules for scale up and scale down are used. + properties: + scaleDown: + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy which + must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + scaleUp: + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy which + must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + type: object + maxReplicas: + format: int32 + type: integer + metrics: + description: |- + Metrics contains the specifications for which to use to calculate the + desired replica count (the maximum replica count across all metrics will be used). + More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#metricspec-v2beta2-autoscaling + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of the + referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + minReplicas: + format: int32 + type: integer + required: + - maxReplicas + type: object + bkMetadataServiceUri: + description: |- + BkMetadataServiceURI defines the metadata service uri that bookkeeper is used for loading corresponding + metadata driver and resolving its metadata service location. + type: string + cleanUpPolicy: + description: CleanUpPolicy defines the behavior when the object is + being deleted + type: string + config: + description: Config defines configurations for brokers + nullable: true + properties: + additionalServlets: + description: AdditionalServlets defines additional servlet list + items: + type: string + nullable: true + type: array + advertisedDomain: + description: AdvertisedDomain defines a root domain of the services + to advertise to the outside world. + type: string + authentication: + description: Authentication defines broker authentication + properties: + apiKey: + description: ApiKeys authentication configuration + properties: + oidcIssuers: + description: OIDCIssuers OpenID Connect configuration + for API keys + items: + properties: + adminScope: + default: admin + description: AdminScope Scope to operate as a Pulsar + superuser, by default admin. + type: string + audience: + description: Audience The expected audience for + the OIDC token. This field is required. + type: string + authzAdminRole: + description: AuthzAdminRole Authz Role to operate + as a Pulsar superuser. + type: string + authzRoleClaim: + description: AuthzRoleClaim JWT claim to use for + Authz roles. + type: string + issuerUrl: + description: IssuerUrl of the provider which allows + Pulsar to discover public signing keys. Required. + type: string + requiredScope: + description: RequiredScope to require in a JWT token + used for authentication, optional. + type: string + scopeClaim: + default: scope + description: ScopeClaim JWT claim to use as the + scope claim, by default scope. + type: string + subjectClaim: + default: sub + description: SubjectClaim JWT claim to use as the + user name, by default sub. + type: string + required: + - audience + - issuerUrl + type: object + type: array + x-kubernetes-list-map-keys: + - issuerUrl + x-kubernetes-list-type: map + revocationListLoadIntervalInSecs: + description: RevocationListLoadIntervalInSecs Interval + to load the revocation list from api keys service + format: int32 + type: integer + revocationListUrl: + description: RevocationListUrl URL to fetch the revocation + list from api keys service + type: string + skipRevocationListValidationOnRevocationListInitFailure: + description: SkipRevocationListValidationOnRevocationListInitFailure + Skip validation of revocation list if the revocation + list + type: boolean + type: object + jwt: + description: JWT enabled jwt authentication + properties: + tokenAuthClaim: + default: sub + description: |- + TokenAuthClaim The token "claim" that will be interpreted as the authentication "role" or "principal" by + AuthenticationProviderToken (defaults to "sub" if blank) + type: string + tokenPublicKey: + description: |- + Asymmetric public/private key pair + TokenPublicKey Configure the public key to be used to validate auth tokens + The key can be specified like: + tokenPublicKey: data:;base64,xxxxxxxxx + tokenPublicKey: file:///my/public.key ( Note: key file must be DER-encoded ) + tokenPublicKey: your-secret-name, the secret should contain the `secret-key` field + type: string + tokenSecretKey: + description: |- + Symmetric key + TokenSecretKey Configure the secret key to be used to validate auth tokens + The key can be specified like: + tokenSecretKey: data:;base64,xxxxxxxxx + tokenSecretKey: file:///my/secret.key ( Note: key file must be DER-encoded ) + tokenSecretKey: your-secret-name, the secret should contain the `public-key` field + type: string + type: object + type: object + authorization: + description: Authorization defines broker authorization + properties: + proxyRoles: + description: |- + Role names that are treated as "proxy roles". If the broker sees a request with + role as proxyRoles - it will demand to see a valid original principal. + type: string + rbac: + nullable: true + type: object + superUserRoles: + description: |- + SuperUserRoles Role names that are treated as "super-user", meaning they will be able to do all admin + operations and publish/consume from all topics + type: string + type: object + clientAuth: + description: ClientAuth authentication configuration for client + connections + properties: + generic: + description: Generic Client Generic authentication configuration + properties: + authParams: + description: |- + Parameters passed to authentication plugin. + A comma separated list of key:value pairs. + Keys depend on the configured authPlugin. + e.g. for TLS + authParams: tlsCertFile:/my/cert/file,tlsKeyFile:/my/key/file + AuthParams This parameter is required if using a generic configuration + type: string + authPlugin: + description: |- + Authentication plugin to authenticate with servers + e.g. for TLS + authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls + AuthPlugin This parameter is required if using a generic configuration + type: string + custom: + additionalProperties: + type: string + description: Custom parameters for the client authentication + type: object + required: + - authParams + - authPlugin + type: object + jwt: + description: JWT Client JWT authentication configuration + properties: + secret: + description: Secret name to fetch the token from, this + secret should contain the `token` field + type: string + token: + description: |- + Token passed to authentication plugin. + A comma separated list of key:value pairs. + Keys depend on the configured authPlugin. + Token + type: string + type: object + type: object + clusterName: + description: ClusterName defines name of the Pulsar cluster. + type: string + compactionScheduler: + description: CompactionScheduler defines the configuration of + compaction scheduler + properties: + config: + description: Config is the configuration of the compaction + scheduler + properties: + backendStorageType: + default: S3 + description: BackendStorageType is the backend storage + type + enum: + - S3 + - Local + type: string + compactedThreadNum: + description: CompactedThreadNum is the compacted thread + number + type: integer + compactionServiceClass: + description: CompactionServiceClass is the compaction + service class + type: string + custom: + additionalProperties: + type: string + description: Custom defines the customized configuration + for the compaction scheduler + type: object + localConfig: + description: Local defines local storage related configuration + properties: + storagePath: + type: string + type: object + s3Config: + description: S3 defines S3 related configuration + properties: + bucketName: + type: string + prefix: + type: string + type: object + type: object + enabled: + description: Enabled defines whether compaction scheduler + is enabled + type: boolean + image: + type: string + pod: + description: Pod defines the policy for compaction scheduler + pod + properties: + affinity: + description: Affinity specifies the scheduling constraints + of a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in + the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to + attach to pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within + a shell. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this + container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod + has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed + to the container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to + pod the operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements + of containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required + secrets into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether + the container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running + alongside with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within + a shell. + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a + C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this + container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod + has successfully initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a + Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of + a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy + of the pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs + to delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables + of a Pod + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that + should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should + populate this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + default: 1 + description: Replicas is the desired replicas of the compaction + scheduler + format: int32 + minimum: 0 + type: integer + type: object + concurrentUnloadPerSecond: + description: control the unload speed of pulsar broker + format: int64 + type: integer + custom: + additionalProperties: + type: string + description: Custom allows to customize broker configurations + directly. + nullable: true + type: object + function: + description: FunctionConfig defines function worker configurations + properties: + custom: + additionalProperties: + type: string + description: Custom allows to custom functions worker's configuration + and will be written to the ConfigMap for `changeConfig` + nullable: true + type: object + customWorkerConfig: + description: |- + CustomWorkerConfig allows customizing function workers config. + The value should be a yaml with the configurations the user want to override + type: string + enabled: + description: Enabled defines whether to enable function in + the cluster + type: boolean + functionRunnerImages: + description: Function runner images + properties: + genericBase: + description: Image of GenericBase function runner. + type: string + genericNode: + description: Image of GenericNode function runner. + type: string + genericPython: + description: Image of GenericPython function runner. + type: string + go: + description: Image of Go function runner. + type: string + java: + description: Image of Java function runner. + type: string + python: + description: Image of Python function runner. + type: string + type: object + labels: + additionalProperties: + type: string + description: Labels defines custom labels for function pods + nullable: true + type: object + mesh: + description: Mesh defines configurations used in function + mesh + properties: + builtinConnectorsRef: + description: BuiltinConnectorsRef defines the reference + to the ConfigMap that contains a list of builtin-connector + definitions + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + disabledRuntimes: + description: DisabledRuntimes defines the list of disabled + runtimes + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + functionEnabled: + description: FunctionEnabled defines whether to enable + function APIs + type: boolean + insecureAuthEnabled: + description: |- + InsecureAuthEnabled defines whether to use insecure auth: + use a same superuser account got from config file in all functions/sinks/sources + type: boolean + sinkEnabled: + description: SinkEnabled defines whether to enable sink + APIs + type: boolean + sourceEnabled: + description: SourceEnabled defines whether to enable source + APIs + type: boolean + uploadEnabled: + description: UploadEnabled defines whether to enable user + code upload in APIs + type: boolean + type: object + resourceRequirements: + description: ResourceRequirements describes the resource requirements + properties: + max: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Max describes maximum compute resource could + request for each replica + type: object + min: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Min describes minimal compute resource should + request for each replica + type: object + type: object + serviceAccountName: + description: The name of the service account to run functions + and connectors. + type: string + type: + description: |- + Type defines the type of function worker service to run functions/sources/sinks + Function-mesh worker service is used if the value of type is FunctionMesh, + otherwise the builtin worker service is used + type: string + type: object + placementPolicy: + description: |- + PlacementPolicy defines the placement policy of the broker + https://github.com/streamnative/sn-pulsar-plugins/tree/master/pulsar-placement-policy#pulsar-placement-policy + enum: + - az-rack-aware + - az-region-aware + type: string + protocolHandlers: + description: ProtocolHandlers defines the configuration of protocol + handlers + properties: + aop: + description: AoP configurations + properties: + enabled: + description: Enabled defines whether to enable AoP + type: boolean + proxyEnabled: + description: |- + Whether to start AMQP proxy. + Deprecated: proxy will always be enabled + type: boolean + type: object + kop: + description: KoP defines KoP configurations + properties: + enabled: + description: Enabled defines whether to enable KoP + type: boolean + schemaRegistryEnabled: + description: SchemaRegistryEnabled define whether to enable + schema registry + type: boolean + tls: + description: TLS defines the TLS configuration on the + broker. + properties: + certSecretName: + description: |- + CertSecretName defines the name of the secret that contains the certificate to use + the value should be name of the secret that contains a valid certificate to use in the proxy + type: string + enabled: + description: |- + Enabled determines whether to enable TLS in proxies + TODO move other TLS related fields here + type: boolean + passwordSecretRef: + description: |- + PasswordSecretRef is a reference to a key in a Secret resource + containing the password used to encrypt the keystore. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. + type: string + name: + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + required: + - name + type: object + trustCertsEnabled: + description: TrustCertsEnabled defines whether to + enable trust store + type: boolean + type: object + type: object + mop: + description: MoP configurations + properties: + authenticationEnabled: + description: AuthenticationEnabled defines whether to + enable MoP authentication. + type: boolean + authenticationMethods: + description: AuthenticationMethods defines which authentication + method to use, only supports token now + type: string + authorizationEnabled: + description: AuthorizationEnabled defines whether to enable + MoP authorization. + type: boolean + enabled: + description: Enabled defines whether to enable MoP + type: boolean + proxyEnabled: + description: ProxyEnabled defines whether to enable MoP + proxy. + type: boolean + type: object + type: object + pulsarRestMessagingServiceEnabled: + description: PulsarRestMessagingServiceEnabled defines whether + Pulsar Rest Messaging will be enabled + type: boolean + readOnly: + description: ReadOnly Support for the broker to be read-only mode + nullable: true + properties: + enabled: + description: Enabled defines whether to enable read-only mode + nullable: true + type: boolean + zoneKeySuffix: + description: ZoneKeySuffix defines the zone key suffix that + are read-only broker + type: string + zoneMappings: + description: ZoneMappings defines the zone mappings + items: + properties: + id: + description: ID defines the zone id + type: string + name: + description: Zone defines the zone name + type: string + required: + - id + - name + type: object + type: array + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map + type: object + serviceURLGenerationPolicy: + default: NameUIDPrefix + description: ServiceURLGenerationPolicy defines how the service + url should be generated + enum: + - NameUIDPrefix + - OrdinalPrefix + - FQDN + type: string + tieredStorageConfig: + description: TieredStorageConfig defines the configuration of + the tiered storage + nullable: true + properties: + customConfig: + additionalProperties: + type: string + description: CustomConfig defines the other configurations + want to apply. + type: object + enabled: + description: Enabled defines whether to enable tiered storage + or not. + type: boolean + storagePath: + description: StoragePath defines the store path of offloaded + data + type: string + type: + description: Type defines which type of the tiered storage + will be used. + enum: + - delta + - iceberg + - hdfs + type: string + type: object + transactionEnabled: + description: TransactionEnabled defines whether transaction support + is enabled in the brokers + type: boolean + usePodIPAsAdvertisedAddress: + description: UsePodIPAsAdvertisedAddress use pod ip as advertise + address. + type: boolean + webSocketServiceEnabled: + description: WebSocketServiceEnabled defines whether WebSocket + will be enabled + type: boolean + type: object + configs: + additionalProperties: + type: string + description: |- + Configs defines custom configurations for brokers + Deprecated: use Config instead + nullable: true + type: object + configurationMetadataStoreUrl: + description: ConfigurationMetadataStoreUrl defines the configuration + metadata store url + nullable: true + type: string + configurationStoreConfig: + description: ConfigurationStoreConfig defines the configuration store + configuration + properties: + zk: + properties: + certSecretName: + description: |- + CertSecretName is the name of the secret that contains the zk client certificate + if set this, client will use mutual tls, otherwise, client will use simple tls + type: string + clusterIndex: + description: |- + ClusterIndex is the index of the zookeeper cluster in the zookeeper clusters list + to check if the cluster is the client of shared zk + format: int32 + type: integer + domain: + description: Domain is the host of the shared zookeeper cluster + type: string + serverPort: + description: ServerPort is the port of the shared zookeeper + cluster + format: int32 + type: integer + type: object + type: object + configurationStoreServers: + description: ConfigurationStoreServers defines the address of the + configuration store + type: string + customization: + description: Customization allows the desired manifests of operator + managed resources to be customized. + items: + properties: + manifest: + description: Manifest defines the patch to apply to customize + the desired resource + type: string + match: + description: Match defines what resource should be customized + by this customization layer + nullable: true + properties: + groupVersionKinds: + description: Matches the group, version, and kind of the + resource. + items: + properties: + group: + description: |- + Group is the group of the resource. + Matches all groups if it's empty or `*`. + type: string + kind: + description: |- + Kind is the kind of the resource. + Matches all kinds if it's `*`. + type: string + version: + description: |- + Version is the version of the resource. + Matches all versions if it's empty or `*`. + type: string + required: + - kind + type: object + nullable: true + type: array + name: + description: |- + Name matches the resource name defined in the metadata. + It could be defined as a Regex pattern, like `^.*-bk$`. + type: string + type: object + required: + - manifest + type: object + nullable: true + type: array + dnsNames: + description: A list of service urls this pulsar broker advertise + items: + type: string + nullable: true + type: array + image: + description: |- + Image is the container image used to run pulsar broker pods. + default is apachepulsar/pulsar:latest + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + initJobPod: + description: InitJobPod defines the policy for creating a pod for + init job + properties: + affinity: + description: Affinity specifies the scheduling constraints of + a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed to the + container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod the + operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements of + containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required secrets + into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether the + container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running alongside + with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy of the + pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs to delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables of a Pod + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should populate + this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + initialized: + description: Initialized determines whether to create the job to initialize + the cluster metadata. + type: boolean + interceptors: + description: Interceptors defines a list of interceptors to enable + items: + properties: + configs: + additionalProperties: + type: string + description: Configs defines configs for the interceptor + nullable: true + type: object + mountedConfigs: + description: MountedConfigs defines configs whose value should + be put in a dedicated file + items: + description: The operator generates config files based on + the spec automatically + properties: + configName: + description: ConfigName defines the name of the config + type: string + fileName: + description: FileName defines the name of the file used + to store the value. Defaults to the ConfigName. + type: string + value: + description: Value defines the value of the config + type: string + required: + - configName + - value + type: object + nullable: true + type: array + name: + description: Name defines the name of the interceptor + type: string + required: + - name + type: object + nullable: true + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + istio: + description: Istio defines the configurations for istio + properties: + authRules: + description: AuthRules define the AuthorizationPolicies + items: + properties: + fromSource: + items: + properties: + principals: + items: + type: string + type: array + type: object + type: array + toOperation: + description: ToOperation defines the ports that the rule + applies to + items: + properties: + ports: + description: Ports defines the ports that the rule + applies to + items: + type: string + type: array + type: object + type: array + type: object + type: array + enabled: + description: Enabled defines whether to enable Istio + type: boolean + gateway: + description: |- + Gateway defines the gateway configuration, Gateway will be ignored if Gateways is not empty + The operator could either create a gateway automatically or use an existing one + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used to + detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record from + wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines the + name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should be\n + \ name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of the + secret in the Broker workload namespace.\nRequired in + both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + gateways: + description: Gateways define a list of gateway configurations, + Gateway will be used if Gateways is empty + items: + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used + to detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record + from wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines + the name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should + be\n name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of + the secret in the Broker workload namespace.\nRequired + in both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + default: default + description: Revision defines which Istio control plane inject + sidecar + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + labels: + additionalProperties: + type: string + description: |- + Labels specifies the labels to attach to the stateful set created by operator + for pulsar broker + nullable: true + type: object + logConfig: + description: LogConfig defines the log configuration + properties: + format: + default: text + description: Format is the log format, value is 'json' or 'text' + enum: + - json + - text + type: string + level: + default: INFO + description: Level is the log level + enum: + - INFO + - DEBUG + - TRACE + - WARN + - ERROR + - FATAL + - ALL + - "OFF" + type: string + template: + description: Template is the log Configuration content, can use + golang template syntax + type: string + type: object + metadataStoreUrl: + description: MetadataStoreUrl defines the metadata store url + nullable: true + type: string + pod: + description: Pod defines the policy for creating a broker pod + properties: + affinity: + description: Affinity specifies the scheduling constraints of + a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed to the + container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod the + operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements of + containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required secrets + into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether the + container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running alongside + with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy of the + pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs to delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables of a Pod + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should populate + this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + default: 3 + description: |- + Replicas is the expected size of the pulsar broker + If unspecified, defaults to 3. + format: int32 + minimum: 0 + type: integer + tls: + description: TLS defines the TLS configuration on the broker. + properties: + certSecretName: + description: |- + CertSecretName defines the name of the secret that contains the certificate to use + the value should be name of the secret that contains a valid certificate to use in the proxy + type: string + enabled: + description: |- + Enabled determines whether to enable TLS in proxies + TODO move other TLS related fields here + type: boolean + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable trust + store + type: boolean + type: object + updateStrategy: + description: UpdateStrategy defines the strategy to apply when upgrading + the broker + nullable: true + properties: + partition: + description: ordinal >= partition will be updated, default is + 0 + format: int32 + minimum: 0 + type: integer + revisionHistoryLimit: + default: 3 + minimum: 1 + type: integer + type: object + zkServers: + description: Zookeeper server list + nullable: true + type: string + type: object + status: + description: PulsarBrokerStatus defines the observed state of PulsarBroker + properties: + conditions: + additionalProperties: + description: The `Status` of a given `Condition` and the `Action` + needed to reach the `Status` + properties: + action: + description: The action needed to advance components to ready + status + type: string + condition: + type: string + status: + type: string + required: + - action + - condition + - status + type: object + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of Broker + Important: Run "make" to regenerate code after modifying this file + type: object + dynamicConfig: + additionalProperties: + type: string + description: DynamicConfig display the dynamic configurations for + the broker + type: object + labelSelector: + description: Label selector for scaling + type: string + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this cluster. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + onMeshReplicas: + description: OnMeshReplicas is the number of Pods with service mesh + enabled + format: int32 + type: integer + pendingChanges: + description: PendingChanges shows the skipped changes when the rollout + is paused + items: + properties: + action: + type: string + apiVersion: + type: string + diff: + type: string + kind: + type: string + name: + type: string + required: + - action + - apiVersion + - diff + - kind + - name + type: object + nullable: true + type: array + readyReplicas: + description: ReadyReplicas is the number of ready servers in the cluster + format: int32 + type: integer + replicas: + description: Replicas is the number of servers in the cluster + format: int32 + type: integer + serviceEndpoints: + properties: + cluster: + properties: + pulsarServiceURL: + type: string + webServiceURL: + type: string + type: object + external: + properties: + pulsarServiceURL: + type: string + webServiceURL: + type: string + type: object + type: object + updatedReplicas: + description: UpdatedReplicas is the number of servers that has been + updated to the latest configuration + format: int32 + type: integer + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarproxies.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarproxies.yaml new file mode 100644 index 00000000000..1d5ff621480 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/pulsar.streamnative.io_pulsarproxies.yaml @@ -0,0 +1,5229 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarproxies.pulsar.streamnative.io +spec: + group: pulsar.streamnative.io + names: + categories: + - pulsar + kind: PulsarProxy + listKind: PulsarProxyList + plural: pulsarproxies + shortNames: + - pp + - proxy + singular: pulsarproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .status.replicas + name: Ready Replicas + type: integer + - jsonPath: .spec.image + name: Desired Image + type: string + - jsonPath: .spec.dnsNames[0] + name: Endpoint + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarProxy is the Schema for the pulsarproxies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarProxySpec defines the desired state of PulsarProxy + properties: + apiObjects: + description: APIObjects allows precise control over how components + (services, statefulset and so on) should be managed + properties: + externalService: + description: ExternalService defines the Pulsar Proxy external + service resource template. + properties: + exposeSSLPort: + description: |- + ExposeSSLPort will be used to export SSL service port even when proxy tls is disabled, + it's useful when we want to terminate tls at external load balancer and forward + plain text request to proxy + If it is true, the service port will be 443, 6651 + otherwise, the service port will be 8080, 6650 + type: boolean + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + ports: + description: |- + Ports will be used to replace existing port or create new port + The default non tls service port is 6650, 8080 + when the type is NodePort, if you want to to expose proxy port 6650 and 8080 + to a specific node port + items: + description: ServicePort contains information on service's + port. + properties: + name: + description: The name of this port within the service. + type: string + nodePort: + description: |- + The port on each node on which this service is exposed when type is + NodePort + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + targetPort: + description: |- + Number or name of the port to access on the pods targeted by the service. + When add new service port, it shouldn't be empty + format: int32 + type: integer + type: object + type: array + type: + description: |- + Type indicates the external service type, LoadBalancer, NodePort, ClusterIP + default is LoadBalancer for backward compatibility + type: string + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + headlessService: + description: HeadlessService defines the Pulsar Proxy headless + service resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + hpa: + description: HPA defines the horizontalPodAutoscaler resource + template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + pdb: + description: PDB defines the PodDisruptionBudget resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + proxyConfigMap: + description: ProxyConfigMap defines the Pulsar proxy ConfigMap + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + statefulSet: + description: StatefulSet defines the StatefulSet resource template + for broker. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize the name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + replaceEnabled: + description: Enable replace if needed when ReplaceEnabled + is true + type: boolean + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + volumeClaimTemplates: + description: |- + VolumeClaimTemplates is a list of claims that pods are allowed to reference. + If a non-empty list is specified, the original values in the desired STS will be replaced. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the + volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller + with a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing + the volume but further resizing of\n\t\tvolume + is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState + set when kubelet starts resizing the volume.\n\t- + NodeResizeFailed:\n\t\tState set when resizing + has failed in kubelet with a terminal error. Transient + errors don't set\n\t\tNodeResizeFailed.\nFor example: + if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not + set, it means that no resize operation is in progress + for the given PVC.\n\n\nA controller that receives + PVC update with previously unknown resourceName + or ClaimResourceStatus\nshould ignore the update + for the purpose it was designed. For example - + a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates + that change other valid\nresources associated + with PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nCapacity reported + here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used.\nIf allocatedResources + is not set, PVC.spec.resources alone is used for + quota calculation.\nIf a volume expansion capacity + request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress + and if the actual volume capacity\nis equal or + lower than the requested capacity.\n\n\nA controller + that receives PVC update with previously unknown + resourceName\nshould ignore the update for the + purpose it was designed. For example - a controller + that\nonly is responsible for resizing capacity + of the volume, should ignore PVC updates that + change other valid\nresources associated with + PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, + such as\n the specified VolumeAttributesClass + not existing.\n - InProgress\n InProgress + indicates that the volume is being modified.\n + - Infeasible\n Infeasible indicates that + the request has been rejected as invalid by + the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be + specified.\nNote: New statuses can be added + in the future. Consumers should check for + unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass the + PVC currently being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + volumeExpansionEnabled: + description: Expand volume size automatically if needed when + VolumeExpansionEnabled is true + type: boolean + volumeMounts: + description: |- + VolumeMounts is a list of volumes to mount into the container's filesystem. + If a non-empty list is specified, the original values of the main container in the desired STS will be replaced. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + websocketConfigMap: + description: WebSocketConfigMap defines the Pulsar WebSocket ConfigMap + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + type: object + autoScalingPolicy: + description: AutoScalingPolicy defines how BookKeeperCluster will + be scaled up/down with given metrics and threshold + properties: + behavior: + description: |- + Behavior configures the scaling behavior of the target + in both Up and Down directions (scaleUp and scaleDown fields respectively). + If not set, the default HPAScalingRules for scale up and scale down are used. + properties: + scaleDown: + description: |- + scaleDown is scaling policy for scaling Down. + If not set, the default value is to allow to scale down to minReplicas pods, with a + 300 second stabilization window (i.e., the highest recommendation for + the last 300sec is used). + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy which + must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + scaleUp: + description: |- + scaleUp is scaling policy for scaling Up. + If not set, the default value is the higher of: + * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds + No stabilization is used. + properties: + policies: + description: |- + policies is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single policy which + must hold true for a specified past interval. + properties: + periodSeconds: + description: |- + periodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: type is used to specify the scaling + policy. + type: string + value: + description: |- + value contains the amount of change which is permitted by the policy. + It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: |- + selectPolicy is used to specify which policy should be used. + If not set, the default value Max is used. + type: string + stabilizationWindowSeconds: + description: |- + stabilizationWindowSeconds is the number of seconds for which past recommendations should be + considered while scaling up or scaling down. + StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization is done). + - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + format: int32 + type: integer + type: object + type: object + maxReplicas: + format: int32 + type: integer + metrics: + description: |- + Metrics contains the specifications for which to use to calculate the + desired replica count (the maximum replica count across all metrics will be used). + More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#metricspec-v2beta2-autoscaling + items: + description: |- + MetricSpec specifies how to scale based on a single metric + (only `type` and one other matching field should be set at once). + properties: + containerResource: + description: |- + containerResource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing a single container in + each pod of the current scale target (e.g. CPU or memory). Such metrics are + built in to Kubernetes, and have special scaling options on top of those + available to normal per-pod metrics using the "pods" source. + This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object + external: + description: |- + external refers to a global metric that is not associated + with any Kubernetes object. It allows autoscaling based on information + coming from components running outside of cluster + (for example length of queue in cloud messaging service, or + QPS from loadbalancer running outside of cluster). + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + object: + description: |- + object refers to a metric describing a single kubernetes object + (for example, hits-per-second on an Ingress object). + properties: + describedObject: + description: describedObject specifies the descriptions + of a object,such as kind,name apiVersion + properties: + apiVersion: + description: apiVersion is the API version of the + referent + type: string + kind: + description: 'kind is the kind of the referent; + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - describedObject + - metric + - target + type: object + pods: + description: |- + pods refers to a metric describing each pod in the current scale target + (for example, transactions-processed-per-second). The values will be + averaged together before being compared to the target value. + properties: + metric: + description: metric identifies the target metric by + name and selector + properties: + name: + description: name is the name of the given metric + type: string + selector: + description: |- + selector is the string-encoded form of a standard kubernetes label selector for the given metric + When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + When unset, just the metricName will be used to gather metrics. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - metric + - target + type: object + resource: + description: |- + resource refers to a resource metric (such as those specified in + requests and limits) known to Kubernetes describing each pod in the + current scale target (e.g. CPU or memory). Such metrics are built in to + Kubernetes, and have special scaling options on top of those available + to normal per-pod metrics using the "pods" source. + properties: + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: |- + averageUtilization is the target value of the average of the + resource metric across all relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: |- + averageValue is the target value of the average of the + metric across all relevant pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - name + - target + type: object + type: + description: |- + type is the type of metric source. It should be one of "ContainerResource", "External", + "Object", "Pods" or "Resource", each mapping to a matching field in the object. + Note: "ContainerResource" type is available on when the feature-gate + HPAContainerMetrics is enabled + type: string + required: + - type + type: object + type: array + minReplicas: + format: int32 + type: integer + required: + - maxReplicas + type: object + brokerAddress: + description: The address of the broker + type: string + certSecretName: + description: |- + CertSecretName defines the name of the secret that contains the certificate to use in the proxy + if the value is not set, then the operator create an certificate automatically + if the value is set to be an empty string, then the proxy will not use a certificate + otherwise the value should be name of the secret that contains a valid certificate to use in the proxy + type: string + config: + description: Config defines configurations for proxies + nullable: true + properties: + authentication: + description: Authentication defines proxy authentication + properties: + apiKey: + description: ApiKeys authentication configuration + properties: + oidcIssuers: + description: OIDCIssuers OpenID Connect configuration + for API keys + items: + properties: + adminScope: + default: admin + description: AdminScope Scope to operate as a Pulsar + superuser, by default admin. + type: string + audience: + description: Audience The expected audience for + the OIDC token. This field is required. + type: string + authzAdminRole: + description: AuthzAdminRole Authz Role to operate + as a Pulsar superuser. + type: string + authzRoleClaim: + description: AuthzRoleClaim JWT claim to use for + Authz roles. + type: string + issuerUrl: + description: IssuerUrl of the provider which allows + Pulsar to discover public signing keys. Required. + type: string + requiredScope: + description: RequiredScope to require in a JWT token + used for authentication, optional. + type: string + scopeClaim: + default: scope + description: ScopeClaim JWT claim to use as the + scope claim, by default scope. + type: string + subjectClaim: + default: sub + description: SubjectClaim JWT claim to use as the + user name, by default sub. + type: string + required: + - audience + - issuerUrl + type: object + type: array + x-kubernetes-list-map-keys: + - issuerUrl + x-kubernetes-list-type: map + revocationListLoadIntervalInSecs: + description: RevocationListLoadIntervalInSecs Interval + to load the revocation list from api keys service + format: int32 + type: integer + revocationListUrl: + description: RevocationListUrl URL to fetch the revocation + list from api keys service + type: string + skipRevocationListValidationOnRevocationListInitFailure: + description: SkipRevocationListValidationOnRevocationListInitFailure + Skip validation of revocation list if the revocation + list + type: boolean + type: object + jwt: + description: JWT enabled jwt authentication + properties: + tokenAuthClaim: + default: sub + description: |- + TokenAuthClaim The token "claim" that will be interpreted as the authentication "role" or "principal" by + AuthenticationProviderToken (defaults to "sub" if blank) + type: string + tokenPublicKey: + description: |- + Asymmetric public/private key pair + TokenPublicKey Configure the public key to be used to validate auth tokens + The key can be specified like: + tokenPublicKey: data:;base64,xxxxxxxxx + tokenPublicKey: file:///my/public.key ( Note: key file must be DER-encoded ) + tokenPublicKey: your-secret-name, the secret should contain the `secret-key` field + type: string + tokenSecretKey: + description: |- + Symmetric key + TokenSecretKey Configure the secret key to be used to validate auth tokens + The key can be specified like: + tokenSecretKey: data:;base64,xxxxxxxxx + tokenSecretKey: file:///my/secret.key ( Note: key file must be DER-encoded ) + tokenSecretKey: your-secret-name, the secret should contain the `public-key` field + type: string + type: object + type: object + authorization: + description: Authorization defines proxy authorization + properties: + rbac: + nullable: true + type: object + superUserRoles: + description: |- + SuperUserRoles Role names that are treated as "super-user", meaning they will be able to do all admin + operations and publish/consume from all topics + type: string + type: object + clientAuth: + description: ClientAuth authentication configuration for client + connections + properties: + generic: + description: Generic Client Generic authentication configuration + properties: + authParams: + description: |- + Parameters passed to authentication plugin. + A comma separated list of key:value pairs. + Keys depend on the configured authPlugin. + e.g. for TLS + authParams: tlsCertFile:/my/cert/file,tlsKeyFile:/my/key/file + AuthParams This parameter is required if using a generic configuration + type: string + authPlugin: + description: |- + Authentication plugin to authenticate with servers + e.g. for TLS + authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls + AuthPlugin This parameter is required if using a generic configuration + type: string + custom: + additionalProperties: + type: string + description: Custom parameters for the client authentication + type: object + required: + - authParams + - authPlugin + type: object + jwt: + description: JWT Client JWT authentication configuration + properties: + secret: + description: Secret name to fetch the token from, this + secret should contain the `token` field + type: string + token: + description: |- + Token passed to authentication plugin. + A comma separated list of key:value pairs. + Keys depend on the configured authPlugin. + Token + type: string + type: object + type: object + clusterName: + description: ClusterName defines name of the Pulsar cluster. + type: string + custom: + additionalProperties: + type: string + description: Custom allows to customize broker configurations + directly. + nullable: true + type: object + kopProxy: + description: The kop configuration + properties: + enabled: + description: Enabled defines whether kop extension will be + enabled for proxy + type: boolean + kafkaAdvertisedListener: + description: KafkaAdvertisedListener will be the kafkaAdvertisedListeners + address + type: string + kafkaBootstrapServers: + description: |- + KafkaBootstrapServers will be the kafka bootstrap servers address + default is :9092 + type: string + type: object + prometheusPlugin: + description: |- + PrometheusPlugin defines the configuration of the Prometheus servlet plugin which could be used to query + the Prometheus cluster deployed alongside the proxy cluster. + properties: + host: + description: Host defines the host of the Prometheus service + type: string + type: object + tls: + description: TLS defines the configuration of TLS in proxies + properties: + certSecretName: + description: |- + CertSecretName defines the name of the secret that contains the certificate to use + the value should be name of the secret that contains a valid certificate to use in the proxy + type: string + enabled: + description: |- + Enabled determines whether to enable TLS in proxies + TODO move other TLS related fields here + type: boolean + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable trust + store + type: boolean + type: object + usePodIPAsAdvertisedAddress: + description: UsePodIPAsAdvertisedAddress use pod ip as advertise + address. + type: boolean + type: object + configs: + additionalProperties: + type: string + description: Configs defines custom configurations for proxies + nullable: true + type: object + configurationStoreServers: + description: ConfigurationStoreServers defines the configuration store + servers address + type: string + customization: + description: Customization allows the desired manifests of operator + managed resources to be customized. + items: + properties: + manifest: + description: Manifest defines the patch to apply to customize + the desired resource + type: string + match: + description: Match defines what resource should be customized + by this customization layer + nullable: true + properties: + groupVersionKinds: + description: Matches the group, version, and kind of the + resource. + items: + properties: + group: + description: |- + Group is the group of the resource. + Matches all groups if it's empty or `*`. + type: string + kind: + description: |- + Kind is the kind of the resource. + Matches all kinds if it's `*`. + type: string + version: + description: |- + Version is the version of the resource. + Matches all versions if it's empty or `*`. + type: string + required: + - kind + type: object + nullable: true + type: array + name: + description: |- + Name matches the resource name defined in the metadata. + It could be defined as a Regex pattern, like `^.*-bk$`. + type: string + type: object + required: + - manifest + type: object + nullable: true + type: array + dnsNames: + description: A list of service urls this pulsar proxy advertise + items: + type: string + type: array + image: + description: |- + Image is the container image used to run pulsar proxy pods. + default is apachepulsar/pulsar:latest + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + issuerRef: + description: |- + IssuerRef is a reference to the issuer for the TLS endpoint. If + the 'kind' field is not set, or set to 'Issuer', an Issuer resource with + the given name in the same namespace as the PulsarProxy will be + used. If the 'kind' field is set to 'ClusterIssuer', a ClusterIssuer with + the provided name will be used. The 'name' field in this stanza is + required at all times. The group field refers to the API group of the + issuer which defaults to 'cert-manager.io' if empty. + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - name + type: object + istio: + description: Istio defines the configurations for istio + properties: + authRules: + description: AuthRules define the AuthorizationPolicies + items: + properties: + fromSource: + items: + properties: + principals: + items: + type: string + type: array + type: object + type: array + toOperation: + description: ToOperation defines the ports that the rule + applies to + items: + properties: + ports: + description: Ports defines the ports that the rule + applies to + items: + type: string + type: array + type: object + type: array + type: object + type: array + enabled: + description: Enabled defines whether to enable Istio + type: boolean + gateway: + description: |- + Gateway defines the gateway configuration, Gateway will be ignored if Gateways is not empty + The operator could either create a gateway automatically or use an existing one + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used to + detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record from + wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines the + name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should be\n + \ name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of the + secret in the Broker workload namespace.\nRequired in + both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + gateways: + description: Gateways define a list of gateway configurations, + Gateway will be used if Gateways is empty + items: + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used + to detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record + from wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines + the name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should + be\n name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of + the secret in the Broker workload namespace.\nRequired + in both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + default: default + description: Revision defines which Istio control plane inject + sidecar + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + labels: + additionalProperties: + type: string + description: |- + Labels specifies the labels to attach to the stateful set created by operator + for pulsar proxy + nullable: true + type: object + logConfig: + description: LogConfig defines the log configuration for pulsar proxy + properties: + format: + default: text + description: Format is the log format, value is 'json' or 'text' + enum: + - json + - text + type: string + level: + default: INFO + description: Level is the log level + enum: + - INFO + - DEBUG + - TRACE + - WARN + - ERROR + - FATAL + - ALL + - "OFF" + type: string + template: + description: Template is the log Configuration content, can use + golang template syntax + type: string + type: object + pod: + description: Pod defines the policy for creating a proxy pod + properties: + affinity: + description: Affinity specifies the scheduling constraints of + a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed to the + container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod the + operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements of + containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required secrets + into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether the + container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running alongside + with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy of the + pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs to delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables of a Pod + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should populate + this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + default: 3 + description: |- + Replicas is the expected size of the pulsar proxy + If unspecified, defaults to 3. + format: int32 + minimum: 0 + type: integer + webSocketServiceEnabled: + description: WebSocketServiceEnabled defines whether WebSocket will + be enabled + type: boolean + required: + - brokerAddress + type: object + status: + description: PulsarProxyStatus defines the observed state of PulsarProxy + properties: + conditions: + additionalProperties: + description: The `Status` of a given `Condition` and the `Action` + needed to reach the `Status` + properties: + action: + description: The action needed to advance components to ready + status + type: string + condition: + type: string + status: + type: string + required: + - action + - condition + - status + type: object + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + type: object + labelSelector: + description: Label selector for scaling + type: string + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this cluster. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + onMeshReplicas: + description: OnMeshReplicas is the number of Pods with service mesh + enabled + format: int32 + type: integer + pendingChanges: + description: PendingChanges shows the skipped changes when the rollout + is paused + items: + properties: + action: + type: string + apiVersion: + type: string + diff: + type: string + kind: + type: string + name: + type: string + required: + - action + - apiVersion + - diff + - kind + - name + type: object + nullable: true + type: array + readyReplicas: + description: ReadyReplicas is the number of ready servers in the cluster + format: int32 + type: integer + replicas: + description: Replicas is the number of servers in the cluster + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of servers that has been + updated to the latest configuration + format: int32 + type: integer + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-controller-manager-metrics-service_v1_service.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..373bd73d3d5 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app: sn-operator + control-plane: controller-manager + name: sn-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + app: sn-operator + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-global-config_v1_configmap.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-global-config_v1_configmap.yaml new file mode 100644 index 00000000000..ada4ff77b6d --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-global-config_v1_configmap.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +data: + imageCapabilities: "runAsNonRoot:\n imagePatterns:\n # all 2.x versions starting + from 2.10\n - '.*?:2\\.1[0-9]\\..*'\n # all versions starting from 3.0\n - + '.*?:([3-9]|[1-9][0-9]+)\\..*'\nrestMessageAPI:\n imagePatterns:\n # all 2.9 + versions starting from 2.9.3.21\n - '.*?:2\\.9\\.(3\\.(2[1-9]|[3-9][0-9])|[4-9]\\..*)'\n + \ # all 2.10 versions starting from 2.10.2.1\n - '.*?:2\\.10\\.[2-9]\\..*'\n + \ # all 2.x versions starting from 2.11\n - '.*?:2\\.1[1-9]\\..*'\n # all versions + starting from 3.0\n - '.*?:([3-9]|[1-9][0-9]+)\\..*'\nkopSchemaRegistry:\n imagePatterns:\n + \ # all 2.11 versions starting from 2.11.0.5\n - '.*?:2\\.11\\.(0\\.([5-9]|[1-9][0-9])|[1-9]\\..*)'\n + \ # all versions starting from 3.0\n - '.*?:([3-9]|[1-9][0-9]+)\\..*'\nnewLoadBalancer:\n + \ imagePatterns: []\nnewDelayedMessage:\n imagePatterns: []\ndirectIO:\n imagePatterns: + [] \nprivateCloudConsole:\n imagePatterns:\n # all versions starting from + 2.1.1\n - '.*?:v2\\.([1-9]|[1-9][0-9])\\.([1-9]|[1-9][0-9]).*'\n # all versions + starting from 2.2.0\n - '.*?:v2\\.([2-9]|[1-9][0-9])\\.([0-9]|[1-9][0-9]).*'\n + \ # all versions starting from 3.0\n - '.*?:v([3-9]|[1-9][0-9]+)\\..*'\nkafkaDetector:\n + \ imagePatterns:\n # all 3.2.2 versions starting from 3.2.2.7+\n - '.*?:3\\.2\\.2\\.([7-9]|[1-9][0-9]+).*'\n + \ # all 3.2 version starting from 3.2.3+\n - '.*?:3\\.2\\.([3-9]|[1-9][0-9]+]).*'\n + \ # all 3.x version starting from 3.3.0+\n - '.*?:3\\.([3-9]|[1-9][0-9]+).*'\n + \ # all version starting from 4.0\n - '.*?:([4-9]|[1-9][0-9]+)\\..*'\nkafkaConnect:\n + \ imagePatterns:\n # all 3.0 versions starting from 3.0.5.5+\n - '.*?:3\\.0\\.5\\.([5-9]|[1-9][0-9]+).*'\n + \ # all 3.1 versions starting from 3.1.3.2+\n - '.*?:3\\.1\\.3\\.([2-9]|[1-9][0-9]+).*'\n + \ # all 3.2 versions starting from 3.2.3.4+\n - '.*?:3\\.2\\.3\\.([4-9]|[1-9][0-9]+).*'\n + \ # all 3.3 versions starting from 3.3.0.4+ and 3.3.1+\n - '.*?:3\\.3\\.0\\.([4-9]|[1-9][0-9]+).*'\n + \ - '.*?:3\\.3\\.1\\..*'\n # all version starting from 4.0\n - '.*?:([4-9]|[1-9][0-9]+)\\..*'\n" +kind: ConfigMap +metadata: + name: sn-operator-global-config diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-manager-config_v1_configmap.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..7a7da369166 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: fba09392.streamnative.io +kind: ConfigMap +metadata: + name: sn-operator-manager-config diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..9dee88a732b --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: sn-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-jvm_v1_configmap.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-jvm_v1_configmap.yaml new file mode 100644 index 00000000000..64da6a4b24a --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-jvm_v1_configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + heapDump: | + command: jmap -dump:live,format=b,file={{.logPath}} {{.process}} + inputs: + - name: process + value: 1 + - name: logPath + threadDump: | + command: jstack -l -e {{.process}} + inputs: + - name: process + value: 1 +kind: ConfigMap +metadata: + labels: + cloud.streamnative.io/troubleshooting-template: "" + name: sn-operator-troubleshooting-template-jvm diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-pulsar_v1_configmap.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-pulsar_v1_configmap.yaml new file mode 100644 index 00000000000..69bf3020dbb --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-pulsar_v1_configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + topicStats: | + command: pulsar-admin topics stats-internal {{.topic}} + inputs: + - name: topic +kind: ConfigMap +metadata: + labels: + cloud.streamnative.io/troubleshooting-template: "" + name: sn-operator-troubleshooting-template-pulsar diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-system_v1_configmap.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-system_v1_configmap.yaml new file mode 100644 index 00000000000..e8c6b19584a --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-troubleshooting-template-system_v1_configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + hotThread: | + command: top -Hp {{.process}} + inputs: + - name: process + value: 1 +kind: ConfigMap +metadata: + labels: + cloud.streamnative.io/troubleshooting-template: "" + name: sn-operator-troubleshooting-template-system diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-webhook-service_v1_service.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-webhook-service_v1_service.yaml new file mode 100644 index 00000000000..888d0d33581 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator-webhook-service_v1_service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: sn-operator-webhook-service +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + app: sn-operator + control-plane: controller-manager + service.istio.io/canonical-name: sn-operator +status: + loadBalancer: {} diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator.clusterserviceversion.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..8483c731477 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/sn-operator.clusterserviceversion.yaml @@ -0,0 +1,1518 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "bookkeeper.streamnative.io/v1alpha1", + "kind": "BookKeeperCluster", + "metadata": { + "labels": { + "k8s.streamnative.io/coordinator-name": "private-cloud" + }, + "name": "bookies", + "namespace": "pulsar" + }, + "spec": { + "image": "streamnative/private-cloud:3.0.1.4", + "pod": { + "resources": { + "requests": { + "cpu": "200m", + "memory": "512Mi" + } + }, + "securityContext": { + "runAsNonRoot": true + } + }, + "replicas": 3, + "storage": { + "journal": { + "numDirsPerVolume": 1, + "numVolumes": 1, + "volumeClaimTemplate": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "8Gi" + } + } + } + }, + "ledger": { + "numDirsPerVolume": 1, + "numVolumes": 1, + "volumeClaimTemplate": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "16Gi" + } + } + } + }, + "reclaimPolicy": "Delete" + }, + "zkServers": "zookeepers-zk:2181" + } + }, + { + "apiVersion": "k8s.streamnative.io/v1alpha1", + "kind": "ApiKeys", + "metadata": { + "labels": { + "cloud.streamnative.io/app": "pulsar", + "cloud.streamnative.io/cluster": "apikeys", + "cloud.streamnative.io/component": "apikeys", + "cloud.streamnative.io/location": "us-central1", + "cloud.streamnative.io/poolmember-name": "gcp-shared-gcp-usce1-whale-snc", + "cloud.streamnative.io/poolmember-namespace": "streamnative", + "cloud.streamnative.io/pulsar-cluster": "apikeys", + "cloud.streamnative.io/pulsar-instance": "apikeys", + "cloud.streamnative.io/role": "apikeys", + "istio.io/rev": "sn-stable", + "k8s.streamnative.io/coordinator-name": "apikeys" + }, + "name": "apikeys", + "namespace": "guangning" + }, + "spec": { + "brokerServiceUrl": "pulsar://apikeys-broker.guangning.svc.cluster.local:6650", + "config": { + "authenticator": { + "acceptedAudience": "urn:sn:pulsar:guangning:apikeys", + "enabled": true, + "issuers": [ + "https://auth.streamnative.cloud/", + "https://auth.sncloud-stg.dev/", + "https://auth.test.cloud.gcp.streamnative.dev/" + ] + }, + "backend": { + "pulsarTopic": "api_keys_api.example" + }, + "server": { + "audience": "urn:sn:pulsar:guangning:apikeys", + "claimsToCopy": [ + "sub", + "permissions", + "aud", + "scope", + "https://streamnative.io/username" + ], + "currentKid": "7007ddf9-beac-4e74-8e32-f03453fea3e0" + } + }, + "hostname": "apikeys-49c084ec-dfaa-4aed-a879-68ae5c2d1b30.usce1-whale.test.g.sn2.dev", + "image": "docker.cloudsmith.io/streamnative/sn-api-keys-svc/sn-api-keys-svc:latest", + "istio": { + "enabled": true, + "gateway": { + "gateways": [ + "apikeys-gateway" + ] + } + }, + "replicas": 1 + } + }, + { + "apiVersion": "k8s.streamnative.io/v1alpha1", + "kind": "ConnectorCatalog", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "sn-operator", + "app.kubernetes.io/instance": "connectorcatalog-sample", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "connectorcatalog", + "app.kubernetes.io/part-of": "sn-operator" + }, + "name": "connectorcatalog-sample" + }, + "spec": { + "connectorDefinitions": [ + { + "description": "Test data generator connector", + "id": "pulsar-io-data-generator", + "imageRepository": "streamnative/pulsar-io-data-generator", + "imageTag": "2.9.2.17", + "name": "data-generator", + "sinkClass": "org.apache.pulsar.io.datagenerator.DataGeneratorPrintSink", + "sourceClass": "org.apache.pulsar.io.datagenerator.DataGeneratorSource", + "sourceConfigClass": "org.apache.pulsar.io.datagenerator.DataGeneratorSourceConfig", + "sourceConfigFieldDefinitions": [ + { + "attributes": { + "defaultValue": "50", + "help": "How long to sleep between emitting messages", + "required": "true", + "sensitive": "false" + }, + "fieldName": "sleepBetweenMessages", + "typeName": "long" + } + ], + "typeClassName": "org.apache.pulsar.io.datagenerator.Person", + "version": "2.9.2.17" + }, + { + "description": "Kafka Source", + "iconLink": "https://docs.streamnative.io/images/connectors/kafka-logo.png", + "id": "pulsar-io-kafka", + "imageRepository": "streamnative/pulsar-io-kafka", + "imageTag": "2.9.2.17", + "name": "kafka", + "sinkDocLink": "https://docs.streamnative.io/hub/connector-kafka-sink", + "sourceClass": "org.apache.pulsar.io.kafka.KafkaBytesSource", + "sourceConfigClass": "org.apache.pulsar.io.kafka.KafkaSourceConfig", + "sourceDocLink": "https://docs.streamnative.io/hub/connector-kafka-source", + "sourceTypeClassName": "java.nio.ByteBuffer", + "version": "2.9.2.17" + }, + { + "description": "Cloud storage Sink", + "id": "pulsar-io-cloud-storage", + "imageRepository": "streamnative/pulsar-io-cloud-storage", + "imageTag": "2.9.2.17", + "name": "cloud-storage", + "sinkClass": "org.apache.pulsar.io.jcloud.sink.CloudStorageGenericRecordSink", + "sinkConfigClass": "org.apache.pulsar.io.jcloud.sink.CloudStorageSinkConfig", + "typeClassName": "org.apache.pulsar.client.api.schema.GenericRecord", + "version": "2.9.2.17" + } + ] + } + }, + { + "apiVersion": "k8s.streamnative.io/v1alpha1", + "kind": "Console", + "metadata": { + "labels": { + "k8s.streamnative.io/coordinator-name": "private-cloud" + }, + "name": "console", + "namespace": "pulsar" + }, + "spec": { + "image": "streamnative/private-cloud-console:v2.3.3", + "webServiceUrl": "http://brokers-broker:8080" + } + }, + { + "apiVersion": "k8s.streamnative.io/v1alpha1", + "kind": "OxiaCluster", + "metadata": { + "name": "oxiacluster-example", + "namespace": "default" + }, + "spec": { + "image": "streamnative/oxia:main", + "imagePullPolicy": "IfNotPresent", + "monitoringEnabled": true, + "server": { + "persistentVolumeClaimRetentionPolicy": { + "whenDeleted": "Delete" + }, + "replicas": 3 + } + } + }, + { + "apiVersion": "k8s.streamnative.io/v1alpha1", + "kind": "OxiaNamespace", + "metadata": { + "name": "oxianamespace-sample", + "namespace": "default" + }, + "spec": { + "clusterRef": { + "name": "oxiacluster-example", + "namespace": "default" + }, + "namespaceConfig": { + "initialShardCount": 2, + "name": "test-ns", + "replicationFactor": 2 + } + } + }, + { + "apiVersion": "k8s.streamnative.io/v1alpha1", + "kind": "OxiaNamespace", + "metadata": { + "name": "ns-sample", + "namespace": "oxia-test" + }, + "spec": { + "clusterRef": { + "name": "oxiacluster-example", + "namespace": "default" + }, + "namespaceConfig": { + "initialShardCount": 2, + "name": "test-ns2", + "replicationFactor": 2 + } + } + }, + { + "apiVersion": "k8s.streamnative.io/v1alpha1", + "kind": "PFSQLCluster", + "metadata": { + "name": "pfsqlcluster-sample" + }, + "spec": { + "gateway": { + "image": "docker.cloudsmith.io/streamnative/pfsql/pfsql-gateway:0.10.0" + }, + "ingressConfig": { + "hostName": "pfsql-gateway-example.local", + "path": "/" + }, + "pulsarClusterConfig": { + "builtinFunctions": [ + { + "bindStatements": [ + "io.streamnative.pfsql.tree.InsertInto", + "io.streamnative.pfsql.tree.InsertMulti" + ], + "className": "io.streamnative.pfsql.function.FilterRouteFunction", + "description": "pfsql-function", + "filename": "pfsql-function.jar", + "name": "pfsql-function", + "packageUrl": "function://public/default/filter-routing-function@0.1.0" + } + ], + "metadataTopic": "public/demo/pfsql-demo-metadata", + "serviceUrl": "pulsar://sn-platform-pulsar-broker.default.svc.cluster.local:6650", + "webServiceUrl": "http://sn-platform-pulsar-broker.default.svc.cluster.local:8080" + }, + "replicas": 1 + } + }, + { + "apiVersion": "k8s.streamnative.io/v1alpha1", + "kind": "PulsarCoordinator", + "metadata": { + "name": "private-cloud", + "namespace": "pulsar" + }, + "spec": { + "image": "streamnative/private-cloud:3.0.1.4", + "troubleshootings": [ + { + "action": "heapDump", + "id": 100000001, + "message": "test help dump", + "name": "test-broker-0", + "scope": "pods" + } + ] + } + }, + { + "apiVersion": "pulsar.streamnative.io/v1alpha1", + "kind": "PulsarBroker", + "metadata": { + "labels": { + "k8s.streamnative.io/coordinator-name": "private-cloud" + }, + "name": "brokers", + "namespace": "pulsar" + }, + "spec": { + "configurationMetadataStoreUrl": "zk-fdl-geo1.aws-use2-dixie-snc.streamnative.test.aws.sn2.dev", + "configurationStoreConfig": { + "zk": { + "certSecretName": "pulsar-tls", + "clusterIndex": 1 + } + }, + "image": "streamnative/private-cloud:3.0.1.4", + "metadataStoreUrl": "geo2-zk:2181", + "pod": { + "securityContext": { + "runAsNonRoot": true + } + }, + "replicas": 3, + "zkServers": "zookeepers-zk:2181" + } + }, + { + "apiVersion": "pulsar.streamnative.io/v1alpha1", + "kind": "PulsarProxy", + "metadata": { + "name": "proxys", + "namespace": "pulsar" + }, + "spec": { + "brokerAddress": "brokers-broker", + "image": "streamnative/private-cloud:3.0.1.4", + "pod": { + "resources": { + "requests": { + "cpu": "200m", + "memory": "512Mi" + } + }, + "securityContext": { + "runAsNonRoot": true + } + }, + "replicas": 2 + } + }, + { + "apiVersion": "zookeeper.streamnative.io/v1alpha1", + "kind": "ZooKeeperCluster", + "metadata": { + "labels": { + "k8s.streamnative.io/coordinator-name": "private-cloud" + }, + "name": "zookeepers", + "namespace": "pulsar" + }, + "spec": { + "image": "streamnative/private-cloud:3.0.1.4", + "istio": { + "authRules": [ + { + "fromSource": [ + { + "principals": [ + "cluster.local/ns/pulsar/sa/default" + ] + } + ] + }, + { + "toOperation": [ + { + "ports": [ + "2181", + "8000" + ] + } + ] + } + ], + "enabled": true, + "gateway": { + "advertisedDomain": "zk-fdl-geo1.aws-use2-dixie-snc.streamnative.test.aws.sn2.dev", + "create": true, + "selector": { + "cloud.streamnative.io/role": "istio-ingressgateway" + }, + "tls": { + "certSecretName": "istio-ingressgateway-tls", + "mode": "mutual", + "subjectAltNames": [ + "*.sncloud.test.sn2.dev" + ] + } + } + }, + "pod": { + "resources": { + "requests": { + "cpu": "50m", + "memory": "256Mi" + } + }, + "securityContext": { + "runAsNonRoot": true + } + }, + "replicas": 3 + } + } + ] + capabilities: Auto Pilot + categories: Streaming & Messaging + containerImage: quay.io/streamnativeio/sn-operator:v0.7.0-rc.13 + createdAt: "2024-09-13T09:19:19Z" + description: The StreamNative Operator is a commercial operator built for managing + StreamNative Private Cloud commercial components and enterprise features. + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operators.openshift.io/valid-subscription: '["StreamNative Private Cloud License"]' + operators.operatorframework.io/builder: operator-sdk-v1.31.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + support: StreamNative, Inc. + name: sn-operator.v0.7.0-rc.13 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: ApiKeys is the Schema for the apikeys API + displayName: Api Keys + kind: ApiKeys + name: apikeys.k8s.streamnative.io + version: v1alpha1 + - description: BookKeeperCluster is the Schema for the bookkeeperclusters API + displayName: BookKeeper Cluster + kind: BookKeeperCluster + name: bookkeeperclusters.bookkeeper.streamnative.io + version: v1alpha1 + - description: ConnectorCatalog is the Schema for the connectorcatalog API + displayName: Connector Catalog + kind: ConnectorCatalog + name: connectorcatalogs.k8s.streamnative.io + version: v1alpha1 + - description: Console is the Schema for the consoles API + displayName: Console + kind: Console + name: consoles.k8s.streamnative.io + version: v1alpha1 + - kind: KafkaConnect + name: kafkaconnects.k8s.streamnative.io + version: v1alpha1 + - description: OxiaCluster is the Schema for the oxiaclusters API + displayName: Oxia Cluster + kind: OxiaCluster + name: oxiaclusters.k8s.streamnative.io + version: v1alpha1 + - description: OxiaNamespace is the Schema for the oxianamespace API + displayName: Oxia Namespace + kind: OxiaNamespace + name: oxianamespaces.k8s.streamnative.io + version: v1alpha1 + - description: PFSQLCluster is the Schema for the pfsqlclusters API + displayName: PFSQLCluster + kind: PFSQLCluster + name: pfsqlclusters.k8s.streamnative.io + version: v1alpha1 + - kind: PulsarBrokerRevision + name: pulsarbrokerrevisions.pulsar.streamnative.io + version: v1alpha1 + - displayName: Pulsar Broker + kind: PulsarBroker + name: pulsarbrokers.pulsar.streamnative.io + version: v1alpha1 + - description: PulsarCoordinator is the Schema for the pulsarcoordinators API + displayName: Pulsar Coordinator + kind: PulsarCoordinator + name: pulsarcoordinators.k8s.streamnative.io + version: v1alpha1 + - description: PulsarProxy is the Schema for the pulsarproxies API + displayName: Pulsar Proxy + kind: PulsarProxy + name: pulsarproxies.pulsar.streamnative.io + version: v1alpha1 + - description: ZooKeeperCluster is the Schema for the zookeeperclusters API + displayName: ZooKeeper Cluster + kind: ZooKeeperCluster + name: zookeeperclusters.zookeeper.streamnative.io + version: v1alpha1 + description: | + StreamNative Private Cloud is an enterprise product which brings specific controllers for Kubernetes by providing specific Custom Resource Definitions (CRDs) that extend the basic Kubernetes orchestration capabilities to support the setup and management of StreamNative components. + + ### Capabilities + + With StreamNative Private Cloud, you can simplify operations and maintenance, including: + - Provisioning and managing multiple Pulsar clusters + - Scaling Pulsar clusters through rolling upgrades + - Managing the Pulsar cluster configurations through declarative APIs + - Simplify the cluster operation with Auto-Scaling + - Cost efficiency with the Lakehouse tiered storage + + ### Apply for trial + + Before installing StreamNative Private Cloud, you need to import a valid license. You can contact StreamNative to apply for a [free trial](https://streamnative.io/deployment/start-free-trial). + + ### Quick Start + Follow our [Quick Start](https://docs.streamnative.io/private/private-cloud-quickstart) guide to quickly provision and manage Pulsar clusters with the StreamNative Private Cloud. + displayName: StreamNative Operator + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgd2lkdGg9Ijc2OCIgaGVpZ2h0PSI3NjgiPgo8cGF0aCBkPSJNMCAwIEMyNTMuNDQgMCA1MDYuODggMCA3NjggMCBDNzY4IDI1My40NCA3NjggNTA2Ljg4IDc2OCA3NjggQzUxNC41NiA3NjggMjYxLjEyIDc2OCAwIDc2OCBDMCA1MTQuNTYgMCAyNjEuMTIgMCAwIFogIiBmaWxsPSIjRkVGRUZFIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIi8+CjxwYXRoIGQ9Ik0wIDAgQzYuMjYxOTA0MjkgMC4wMjUyOTg2IDEyLjUyMzgxOTMzIDAuMDI3Mzc3NzcgMTguNzg1NzY2ODQgMC4wMzIxMDE2MyBDMjkuOTMxNDgzODUgMC4wNDM3NTA0OSA0MS4wNzcwNjUzNSAwLjA3MjUwODUgNTIuMjIyNzIwOSAwLjExMDY3MjUgQzYyLjMzMjQ0ODU0IDAuMTQ1MTAyNDcgNzIuNDQyMTUxOTcgMC4xNjk5ODg0NyA4Mi41NTE5MjU5IDAuMTg1ODQ5MTkgQzgzLjIxOTg5MzM2IDAuMTg2OTAwMDggODMuODg3ODYwODMgMC4xODc5NTA5OCA4NC41NzYwNjk3MyAwLjE4OTAzMzcyIEM4Ny45MjgxNjI1MSAwLjE5NDI1NTExIDkxLjI4MDI1NTUxIDAuMTk5MzA5NjQgOTQuNjMyMzQ4NjYgMC4yMDQyODEzMyBDMTIyLjI5NzExMTkyIDAuMjQ1ODk4MzQgMTQ5Ljk2MTc0MTgyIDAuMzE2MDg2OTEgMTc3LjYyNjM4ODc5IDAuNDA1NTc1NzUgQzE3Ny42NDAzODA1NiAyLjk1NzE5MDA4IDE3Ny42NTA1NzQyMSA1LjUwODcyNjU1IDE3Ny42NTg2MTUzNSA4LjA2MDM2MDkxIEMxNzcuNjYyOTM1NzIgOC43NzcyMDU1NCAxNzcuNjY3MjU2MSA5LjQ5NDA1MDE4IDE3Ny42NzE3MDczOSAxMC4yMzI2MTczOCBDMTc3LjY4NDkyODExIDE1LjgzNDM5NjE1IDE3Ny4yNjMxOTI3MSAyMS4yNDU1OTk3MiAxNzYuMzc2Mzg4NzkgMjYuNzgwNTc1NzUgQzE3Ni4xNzUwNTMzNCAyOC4wOTk2NDkyNCAxNzYuMTc1MDUzMzQgMjguMDk5NjQ5MjQgMTc1Ljk2OTY1MDUxIDI5LjQ0NTM3MDY3IEMxNjkuOTA1MTQyMTYgNjcuNzk1Mjc5MjUgMTU1LjMwNjU0MTQ1IDEwNS42MDE4MjE5NCAxMjguNjI2Mzg4NzkgMTM0LjQwNTU3NTc1IEMxMjcuNzY2NTg0MSAxMzUuMzQ2NTkxMzggMTI2LjkwNjc3OTQxIDEzNi4yODc2MDcgMTI2LjAyMDkyMDA0IDEzNy4yNTcxMzgyNSBDMTA1Ljk3NjEyMTQ0IDE1OC4yNzkwMDk3NSA3OS44MTgxODk1NCAxNzAuNzYwMTU4ODMgNTEuNjI2Mzg4NzkgMTc2LjQwNTU3NTc1IEM1MC4wNDI3NzU1MSAxNzYuNzQ1ODg4MjUgNTAuMDQyNzc1NTEgMTc2Ljc0NTg4ODI1IDQ4LjQyNzE3MDA0IDE3Ny4wOTMwNzU3NSBDMzIuMDA0ODE4MTUgMTgwLjA2MDIyNTkxIDE0LjM2NzQ0MTMzIDE3OS4zNDEyNjU3NSAtMi4wNjExMTEyMSAxNzYuOTA1NTc1NzUgQy0zMC43NzU4NDMxMiAxNzIuNzE3MDQ1MDcgLTYwLjA1MzI1NDAzIDE3NC40NjkyMjQ1MiAtODcuMzczNjExMjEgMTg0LjQwNTU3NTc1IEMtODguMDQ2MTc5NTcgMTg0LjY0Njc5MTU3IC04OC43MTg3NDc5MyAxODQuODg4MDA3MzkgLTg5LjQxMTY5NzE1IDE4NS4xMzY1MzI3OCBDLTExMS4wODc4MjE3MyAxOTMuMDE3MjgyNzMgLTEyOS45MDU3Njk0OSAyMDUuMzIwMTUxMjUgLTE0Ni4zNzM2MTEyMSAyMjEuNDA1NTc1NzUgQy0xNDcuMjEwMjEyNzcgMjIyLjE4MDMwMjMxIC0xNDguMDQ2ODE0MzQgMjIyLjk1NTAyODg4IC0xNDguOTA4NzY3NDYgMjIzLjc1MzIzMiBDLTE4MS4yMTM0OTEwNyAyNTQuNDE5NjgxMTkgLTE5MS41MjMyMjEwNSAyOTUuODAwOTAyNjkgLTE5Ni4zNzM2MTEyMSAzMzguNDA1NTc1NzUgQy0xOTkuNzczNTk0NSAzMzUuMTAyNTA1MTcgLTIwMi40NTk1ODA4NyAzMzEuNjA0MzM2MzMgLTIwNS4wNjExMTEyMSAzMjcuNjU1NTc1NzUgQy0yMDUuNDkzMTg4ODUgMzI3LjAwMzA2ODQzIC0yMDUuOTI1MjY2NDkgMzI2LjM1MDU2MTEgLTIwNi4zNzA0MzczOCAzMjUuNjc4MjgwODMgQy0yMTAuNzIzOTU2OTYgMzE5LjAxMzQ2NyAtMjE0LjY2MTA5ODYgMzEyLjEzNjUxMDgxIC0yMTguNDQwOTk0MDIgMzA1LjEzMzExNDgxIEMtMjE5LjIyODY0MjMxIDMwMy42NzQxMDk3NyAtMjIwLjAzMDA2NTU3IDMwMi4yMjI1NTM3MiAtMjIwLjgzNDU0ODcxIDMwMC43NzI3NjMyNSBDLTIyNC42MDc4MDM4NCAyOTMuNjgyODg4OTYgLTIyNy4wODc3ODc4MyAyODYuMTIwODYzMjEgLTIyOS42NDYwNzIxNSAyNzguNTMxMDY0MDMgQy0yMzAuMzEyOTAzMzIgMjc2LjU4MjkzMjQyIC0yMzEuMDE3MjIxODcgMjc0LjY0NzczNzM5IC0yMzEuNzI1MTczNzEgMjcyLjcxNDE2OTUgQy0yNDguNDI3NjM3ODUgMjI2LjAzOTQ5MjEyIC0yNDQuNTA0NjMyNCAxNjkuMDA0MzA4MjggLTIyMy40OTg2MTEyMSAxMjQuMzY2NTEzMjUgQy0yMjEuNTQ4NjE0MzkgMTIwLjMzMDEyNTg3IC0yMTkuNDg0MzI4MiAxMTYuMzU5ODY4OTQgLTIxNy4zNzM2MTEyMSAxMTIuNDA1NTc1NzUgQy0yMTYuNzU3NDM5MzQgMTExLjI0NDEzMDQ0IC0yMTYuMTQxMjY3NDYgMTEwLjA4MjY4NTEzIC0yMTUuNTA2NDIzNzEgMTA4Ljg4NjA0NDUgQy0yMDguMDAyMjc0NjUgOTUuMjYzMzY3MjcgLTE5OS4wNjc5MjM3IDgyLjcwMjA5MjI0IC0xODguMzczNjExMjEgNzEuNDA1NTc1NzUgQy0xODcuMjAwOTMyNTEgNzAuMDU2NjEyMDIgLTE4Ni4wMzQwMDQ4NyA2OC43MDI2MjE2NCAtMTg0Ljg3MzYxMTIxIDY3LjM0MzA3NTc1IEMtMTY5LjE2MTM0MTU1IDQ5LjM0NDcyNTI4IC0xNTAuMjY0MjkwMjggMzUuNzUwMjQ0OTcgLTEyOS4zNzM2MTEyMSAyNC40MDU1NzU3NSBDLTEyOC43NTgwODM4NyAyNC4wNjY4NzQ1OCAtMTI4LjE0MjU1NjUyIDIzLjcyODE3MzQxIC0xMjcuNTA4Mzc2ODQgMjMuMzc5MjA4NTYgQy0xMTEuMjI4NDc5MTkgMTQuNDk2NzMzMDUgLTkzLjQ1NDYyMzA5IDguMzU0MzU4NDUgLTc1LjM3MzYxMTIxIDQuNDA1NTc1NzUgQy03NC41NTIwOTI1NiA0LjIyNDI3MzY0IC03My43MzA1NzM5MSA0LjA0Mjk3MTUzIC03Mi44ODQxNjA3NiAzLjg1NjE3NTQyIEMtNDguODkxOTkxNzQgLTEuMTQ0NTk4MTkgLTI0LjM2OTczNjYyIC0wLjExNTM0MDc5IDAgMCBaICIgZmlsbD0iIzAwOTFGRSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNDE5LjM3MzYxMTIxMTc3NjczLDQwLjU5NDQyNDI0Nzc0MTcpIi8+CjxwYXRoIGQ9Ik0wIDAgQzMuNDc3MDY0OTggMy4yMTQ0OTQ4NiA2LjA5NjczNTc5IDYuODE1ODE5NzkgOC42ODc1IDEwLjc1IEM5LjMzODg3OTM5IDExLjczNzQ2MjE2IDkuMzM4ODc5MzkgMTEuNzM3NDYyMTYgMTAuMDAzNDE3OTcgMTIuNzQ0ODczMDUgQzE4LjM1MTU4MzQ1IDI1LjU2MTI2Mjk1IDI1LjE0MDI3NTc3IDM4Ljg3ODU2MDU5IDMxIDUzIEMzMS4zOTk2MDkzNyA1My45NjE2NDA2MiAzMS43OTkyMTg3NSA1NC45MjMyODEyNSAzMi4yMTA5Mzc1IDU1LjkxNDA2MjUgQzM3LjUyMzkyODA5IDY5LjY0MjgzMDE4IDQwLjc2MjMxMjU4IDg0LjQ3OTgxNjMxIDQzIDk5IEM0My4xMDQ0MTQwNiA5OS42NjcyNTA5OCA0My4yMDg4MjgxMyAxMDAuMzM0NTAxOTUgNDMuMzE2NDA2MjUgMTAxLjAyMTk3MjY2IEM1MS4yNTM5MzkwNSAxNTQuMDEwMDI3ODcgMzYuNjUzMTE4MDcgMjA4LjU5NDIyMDgyIDUuMzI4MTI1IDI1MS43MzA0Njg3NSBDMC45MTU5NzY1IDI1Ny42NDg4OTQ3OCAtMy44NDQ1NTMxIDI2My4yMzQ5OTg3IC04Ljg0NzY1NjI1IDI2OC42NjAxNTYyNSBDLTEwLjk2NzE2NjE0IDI3MC45NjQzMDU4NCAtMTMuMDE0MzUzNDIgMjczLjMxOTk1NDM0IC0xNS4wNjI1IDI3NS42ODc1IEMtMTguNzYyNzgwNjkgMjc5Ljg0NTc3MjIxIC0yMi43MzEyNzM4NSAyODMuNDM5MDAzMzEgLTI3IDI4NyBDLTI4LjMwOTA0Mjk3IDI4OC4xNDA4MjAzMSAtMjguMzA5MDQyOTcgMjg4LjE0MDgyMDMxIC0yOS42NDQ1MzEyNSAyODkuMzA0Njg3NSBDLTM2Ljc2NjE2MzA2IDI5NS40MjUyODY3MyAtNDQuMjAxODYyOTkgMzAwLjc2NTkzMzMzIC01Mi4xMjUgMzA1LjgwMTc1NzgxIEMtNTMuODg4ODQ4NzQgMzA2LjkyODk2NzQgLTU1LjYzMTkzODE3IDMwOC4wODMyMTUwNSAtNTcuMzc1IDMwOS4yNDIxODc1IEMtOTEuNTc2MDgyNzQgMzMxLjQxOTQ5MDU0IC0xMzEuODczMzI1OTEgMzM4LjE4NTYzMDUyIC0xNzEuODMzMDA3ODEgMzM4LjExMzUyNTM5IEMtMTc0LjAzMTc5NDIyIDMzOC4xMTMyNDI5NSAtMTc2LjIzMDU4MDcyIDMzOC4xMTM0MDIzNyAtMTc4LjQyOTM2NzA3IDMzOC4xMTM5Njc5IEMtMTg0LjM2ODU1ODAzIDMzOC4xMTQyNTM2MyAtMTkwLjMwNzcyODYxIDMzOC4xMDgzOTMwNiAtMTk2LjI0NjkxNDg2IDMzOC4xMDEzOTM5NCBDLTIwMi40NjQ4ODE0NyAzMzguMDk1MTIzMTYgLTIwOC42ODI4NDg1OSAzMzguMDk0NTUzNjYgLTIxNC45MDA4MTc4NyAzMzguMDkzMzY4NTMgQy0yMjUuOTk0Mzg5MDcgMzM4LjA5MDQ0MjI5IC0yMzcuMDg3OTUxODcgMzM4LjA4MzIyOTI2IC0yNDguMTgxNTE5MjQgMzM4LjA3MzcyNTgxIEMtMjU4LjI0ODc3OTI5IDMzOC4wNjUxNDc1NCAtMjY4LjMxNjAzNzg1IDMzOC4wNTg5MTAxMSAtMjc4LjM4MzMwMDc4IDMzOC4wNTQ5MzE2NCBDLTI3OS4zNzc3MjE3OCAzMzguMDU0NTM3NTYgLTI3OS4zNzc3MjE3OCAzMzguMDU0NTM3NTYgLTI4MC4zOTIyMzIwOSAzMzguMDU0MTM1NTEgQy0yODMuNzE4NDMyMzUgMzM4LjA1MjgzMDM2IC0yODcuMDQ0NjMyNjMgMzM4LjA1MTU2ODk0IC0yOTAuMzcwODMyOTIgMzM4LjA1MDMyMzYxIEMtMzE3LjkxMzg5Mzc5IDMzOC4wMzk4ODQwMyAtMzQ1LjQ1Njk0NjM3IDMzOC4wMjIzMDU4NiAtMzczIDMzOCBDLTM3My4wMTk0NjczIDMzNC44MDk3NDE3NSAtMzczLjAzMTE0NzMyIDMzMS42MTk0OTkwMyAtMzczLjA0MTUwMzkxIDMyOC40MjkxOTkyMiBDLTM3My4wNDcwNjgwMiAzMjcuNTMyODMyNDkgLTM3My4wNTI2MzIxNCAzMjYuNjM2NDY1NzYgLTM3My4wNTgzNjQ4NyAzMjUuNzEyOTM2NCBDLTM3My4wNzUzMzM4NyAzMTguNzMzNDg0MTQgLTM3Mi41NDU2Njg1NiAzMTIuMDExNzQ4OTUgLTM3MS4zNzUgMzA1LjEyNSBDLTM3MS4xOTg5NjI0IDMwNC4wNDIwMjYzNyAtMzcxLjAyMjkyNDggMzAyLjk1OTA1MjczIC0zNzAuODQxNTUyNzMgMzAxLjg0MzI2MTcyIEMtMzY4LjI2MDU4OTIgMjg2Ljc1ODQ0OTY3IC0zNjQuNDg0NDc2NzcgMjcxLjkwMzgzMjA5IC0zNTggMjU4IEMtMzU3LjM4MjQ0NTQ0IDI1Ni41ODYwOTc3NiAtMzU2Ljc2NTI5OTIyIDI1NS4xNzIwMTcxNSAtMzU2LjE0ODQzNzUgMjUzLjc1NzgxMjUgQy0zNTAuNTg5ODg0OSAyNDEuMjQzOTM2MTUgLTM0NC4wNTYwNjk1OCAyMjkuMDgyODI4MTcgLTMzNiAyMTggQy0zMzUuNjEzNDQyMzggMjE3LjQ2NjgxMTUyIC0zMzUuMjI2ODg0NzcgMjE2LjkzMzYyMzA1IC0zMzQuODI4NjEzMjggMjE2LjM4NDI3NzM0IEMtMzEyLjExNDU2MzAzIDE4NS4yOTA5ODYwMiAtMjc5LjM3NDk2ODMyIDE2Ny42ODE4MDYxNCAtMjQxLjgwNzg2MTMzIDE2MS40MjExNDI1OCBDLTIyMy44NDk5Nzc1NyAxNTguNzI3Njk0MjMgLTIwNi4xODE0NjE3MiAxNTkuNzkxNDkwNjcgLTE4OC4yNSAxNjIgQy0xNjEuNTkyOTg2NzggMTY1LjI0NTAzOTUzIC0xMzYuNTIyNTEwMTEgMTY0LjQ1MzgwMjM0IC0xMTEgMTU1IEMtMTA5Ljc2NTA3ODEzIDE1NC41NDc1MzkwNiAtMTA4LjUzMDE1NjI1IDE1NC4wOTUwNzgxMiAtMTA3LjI1NzgxMjUgMTUzLjYyODkwNjI1IEMtNjUuOTU2ODU4NjEgMTM4LjAyMzEwNzA4IC0zNC41NjU4NzcxMSAxMDguMTE0NDYwNjMgLTE1LjMyNDIxODc1IDY4LjU1NDY4NzUgQy01LjM2Njk4Njk2IDQ2LjM3NjA0NzE4IC0xLjg2ODg4NDM1IDI0LjA0NzIwNjcyIDAgMCBaICIgZmlsbD0iIzAwOTFGRiIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNTUyLDM5MCkiLz4KPHBhdGggZD0iTTAgMCBDMTUuNTI0NzIxNDcgMTEuMjA1MzQzMzIgMjUuNjkzNzY2MTYgMjUuMTE4MTM5ODcgMjkuNTExNzE4NzUgNDQuMTA5Mzc1IEMzMS43MjMzNTE4NiA2MC44NjA4NTM1IDI4LjQ3MDMwMDQ4IDc3LjA2MDk1MzY5IDE4LjkwNjI1IDkxLjA5NzY1NjI1IEM4LjI1NTM4MTgxIDEwNC44MzUwNjg1NyAtNi41MjM0MzgwNSAxMTYuNTU2ODk5OTYgLTI0LjI0MjE4NzUgMTE4Ljg4MjgxMjUgQy00My44NTM3OTE4MSAxMjAuMzYwMzk5MTMgLTU5LjI2NTYwMjcgMTE3LjI3MzU3MDU2IC03NC44NzEwOTM3NSAxMDQuODk0NTMxMjUgQy04Ny4zODAxMzcyOCA5NC4xMzQ4NzI3NiAtOTYuODIwMDAzMTkgNzkuNzk0Nzk2NjUgLTk4LjM3ODkwNjI1IDYzLjAzMTI1IEMtOTguNDkzODU2MDEgNTkuODYwMjIyMTkgLTk4LjUwMzYzNjk2IDU2LjcwNzkzMTAzIC05OC40Njg3NSA1My41MzUxNTYyNSBDLTk4LjQ4MDM1MTU2IDUyLjQ3NjE5MTQxIC05OC40OTE5NTMxMyA1MS40MTcyMjY1NiAtOTguNTAzOTA2MjUgNTAuMzI2MTcxODggQy05OC40NDI4MDE1IDMzLjc5NzMzNjU4IC05MC45NTU0NzIzMSAyMC4yNDMxNTEwOSAtNzkuNjU2MjUgOC40OTYwOTM3NSBDLTU4LjIxMTA1MTMzIC0xMS41NzYwODkxNSAtMjUuMjE5ODA1OSAtMTUuOTY1NzY0MjIgMCAwIFogIiBmaWxsPSIjMDAwMDJCIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0MjIuMDkzNzUsMzI5LjkwMjM0Mzc1KSIvPgo8L3N2Zz4K + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bookkeeper.streamnative.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bookkeeper.streamnative.io + resources: + - bookkeeperclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - bookkeeper.streamnative.io + resources: + - bookkeeperclusters/finalizers + verbs: + - update + - apiGroups: + - bookkeeper.streamnative.io + resources: + - bookkeeperclusters/status + verbs: + - get + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - compute.functionmesh.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - apikeys + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - apikeys/finalizers + verbs: + - update + - apiGroups: + - k8s.streamnative.io + resources: + - apikeys/status + verbs: + - get + - patch + - update + - apiGroups: + - k8s.streamnative.io + resources: + - connectorcatalogs + verbs: + - get + - list + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - consoles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - consoles/finalizers + verbs: + - update + - apiGroups: + - k8s.streamnative.io + resources: + - consoles/status + verbs: + - get + - patch + - update + - apiGroups: + - k8s.streamnative.io + resources: + - kafkaconnects + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - kafkaconnects/finalizers + verbs: + - update + - apiGroups: + - k8s.streamnative.io + resources: + - kafkaconnects/status + verbs: + - get + - patch + - update + - apiGroups: + - k8s.streamnative.io + resources: + - oxiaclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - oxiaclusters/finalizers + verbs: + - update + - apiGroups: + - k8s.streamnative.io + resources: + - oxiaclusters/status + verbs: + - get + - patch + - update + - apiGroups: + - k8s.streamnative.io + resources: + - oxianamespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - oxianamespaces/finalizers + verbs: + - update + - apiGroups: + - k8s.streamnative.io + resources: + - oxianamespaces/status + verbs: + - get + - patch + - update + - apiGroups: + - k8s.streamnative.io + resources: + - pfsqlclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - pfsqlclusters/finalizers + verbs: + - update + - apiGroups: + - k8s.streamnative.io + resources: + - pfsqlclusters/status + verbs: + - get + - patch + - update + - apiGroups: + - k8s.streamnative.io + resources: + - pulsarcoordinators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - k8s.streamnative.io + resources: + - pulsarcoordinators/finalizers + verbs: + - update + - apiGroups: + - k8s.streamnative.io + resources: + - pulsarcoordinators/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.istio.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pulsar.streamnative.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarbrokerrevissions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarbrokerrevissions/finalizers + verbs: + - update + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarbrokerrevissions/status + verbs: + - get + - patch + - update + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarbrokers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarbrokers/finalizers + verbs: + - update + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarbrokers/status + verbs: + - get + - patch + - update + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarproxies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarproxies/finalizers + verbs: + - update + - apiGroups: + - pulsar.streamnative.io + resources: + - pulsarproxies/status + verbs: + - get + - patch + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.istio.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - zookeeper.streamnative.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - zookeeper.streamnative.io + resources: + - zookeeperclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - zookeeper.streamnative.io + resources: + - zookeeperclusters/finalizers + verbs: + - update + - apiGroups: + - zookeeper.streamnative.io + resources: + - zookeeperclusters/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: sn-operator-controller-manager + deployments: + - label: + app: sn-operator + control-plane: controller-manager + name: sn-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + app: sn-operator + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + traffic.sidecar.istio.io/excludeInboundPorts: "9443" + labels: + app: sn-operator + control-plane: controller-manager + service.istio.io/canonical-name: sn-operator + service.istio.io/canonical-revision: 0.7.0-rc.13 + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 + imagePullPolicy: IfNotPresent + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: {} + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + env: + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: RUN_PULSAR_CONTROLLERS + value: "true" + - name: DEFAULT_ENABLE_TOOLSET + value: "true" + image: quay.io/streamnativeio/sn-operator:v0.7.0-rc.13 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 300Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: sn-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: sn-operator-controller-manager + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - streamnative + - pulsar + links: + - name: Home Page + url: https://streamnative.io + - name: Documentation + url: https://docs.streamnative.io + maintainers: + - email: cloud@streamnative.io + name: StreamNative Cloud + maturity: alpha + provider: + name: StreamNative + url: https://streamnative.io + version: 0.7.0-rc.13 + webhookdefinitions: + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: sn-operator-controller-manager + failurePolicy: Fail + generateName: bookkeepercluster.kb.io + rules: + - apiGroups: + - bookkeeper.streamnative.io + apiVersions: + - v1alpha1 + operations: + - CREATE + resources: + - bookkeeperclusters + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-bookkeeper-streamnative-io-v1alpha1-bookkeepercluster + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - connectorcatalogs.k8s.streamnative.io + - pulsarcoordinators.k8s.streamnative.io + deploymentName: sn-operator-controller-manager + generateName: cconnectorcatalogspulsarcoordinators.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: sn-operator-controller-manager + failurePolicy: Fail + generateName: mconnectorcatalog.kb.io + rules: + - apiGroups: + - k8s.streamnative.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - connectorcatalogs + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-k8s-streamnative-io-v1alpha1-connectorcatalog + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: sn-operator-controller-manager + failurePolicy: Fail + generateName: mpulsarbroker.kb.io + rules: + - apiGroups: + - pulsar.streamnative.io + apiVersions: + - v1alpha1 + operations: + - CREATE + resources: + - pulsarbrokers + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-pulsar-streamnative-io-v1alpha1-pulsarbroker + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: sn-operator-controller-manager + failurePolicy: Fail + generateName: mpulsarcoordinator.kb.io + rules: + - apiGroups: + - k8s.streamnative.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - pulsarcoordinators + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-k8s-streamnative-io-v1alpha1-pulsarcoordinator + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: sn-operator-controller-manager + failurePolicy: Fail + generateName: mpulsarproxy.kb.io + rules: + - apiGroups: + - pulsar.streamnative.io + apiVersions: + - v1alpha1 + operations: + - CREATE + resources: + - pulsarproxies + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-pulsar-streamnative-io-v1alpha1-pulsarproxy + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: sn-operator-controller-manager + failurePolicy: Fail + generateName: vconnectorcatalog.kb.io + rules: + - apiGroups: + - k8s.streamnative.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - connectorcatalogs + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-k8s-streamnative-io-v1alpha1-connectorcatalog + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: sn-operator-controller-manager + failurePolicy: Fail + generateName: vpulsarcoordinator.kb.io + rules: + - apiGroups: + - k8s.streamnative.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - pulsarcoordinators + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-k8s-streamnative-io-v1alpha1-pulsarcoordinator + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: sn-operator-controller-manager + failurePolicy: Fail + generateName: zookeepercluster.kb.io + rules: + - apiGroups: + - zookeeper.streamnative.io + apiVersions: + - v1alpha1 + operations: + - CREATE + resources: + - zookeeperclusters + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-zookeeper-streamnative-io-v1alpha1-zookeepercluster diff --git a/operators/sn-operator/0.7.0-rc.13/manifests/zookeeper.streamnative.io_zookeeperclusters.yaml b/operators/sn-operator/0.7.0-rc.13/manifests/zookeeper.streamnative.io_zookeeperclusters.yaml new file mode 100644 index 00000000000..f211088e78a --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/manifests/zookeeper.streamnative.io_zookeeperclusters.yaml @@ -0,0 +1,4890 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: zookeeperclusters.zookeeper.streamnative.io +spec: + group: zookeeper.streamnative.io + names: + categories: + - pulsar + kind: ZooKeeperCluster + listKind: ZooKeeperClusterList + plural: zookeeperclusters + shortNames: + - zk + singular: zookeepercluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.replicas + name: Replicas + type: integer + - jsonPath: .status.readyReplicas + name: Ready Replicas + type: integer + - jsonPath: .spec.image + name: Desired Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ZooKeeperCluster is the Schema for the zookeeperclusters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ZooKeeperClusterSpec defines the desired state of ZooKeeperCluster + properties: + advancedOptions: + description: AdvancedOptions contains advancedOptions for additional + customization the pod + properties: + customStartupCommand: + description: CustomStartupCommand defines a custom command to + use for starting up + type: string + staticServerList: + description: |- + StaticServerList defines a list of static servers to be used in the zookeeper config. + this overrides the default generated list of servers + properties: + servers: + description: Servers is the list of zookeeper servers used + items: + properties: + clientAddress: + description: ClientAddress is the address to bind for + client connections, defaults to `0.0.0.0` + type: string + id: + description: ID is the id of this server + type: integer + listeners: + description: Listeners is an array of listeners, must + have at least one listener + items: + properties: + electionPort: + description: ElectionPort is the port for connecting + to leader, defaults to 3888 + type: integer + followerPort: + description: FollowerPort is the port for connecting + to leader, defaults to 2888 + type: integer + hostname: + description: Hostname is the name of the listener + type: string + role: + description: Role is the type of node this is, + options are participant or observer, defaults + to participant + type: string + required: + - hostname + type: object + type: array + port: + description: ClientPort is the port to bind for client + connections, defaults to `2181` + type: integer + required: + - id + - listeners + type: object + type: array + required: + - servers + type: object + type: object + apiObjects: + description: APIObjects allows precise control over how components + (services, statefulset and so on) should be managed + properties: + clientService: + description: ClientService defines the Zookeeper Client Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + configMap: + description: ConfigMap defines the configmap resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + headlessService: + description: HeadlessService defines the Zookeeper Headless Service + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + pdb: + description: PDB defines the podDisruptionBudget resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + type: object + statefulSet: + description: StatefulSet defines the Zookeeper Cluster Statefulset + resource template. + properties: + managed: + description: Managed config if this object should be managed + by controller + type: boolean + metadata: + description: |- + Standard object's metadata used to customize the name, labels, annotations of the object. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource. + nullable: true + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource. + nullable: true + type: object + name: + description: Name of the resource within a namespace. + It must be unique. + type: string + type: object + replaceEnabled: + description: Enable replace if needed when ReplaceEnabled + is true + type: boolean + updatePolicy: + description: UpdatePolicy defines which field to update. + items: + description: UpdateMode defines how to update resource. + type: string + type: array + volumeClaimTemplates: + description: |- + VolumeClaimTemplates is a list of claims that pods are allowed to reference. + If a non-empty list is specified, the original values in the desired STS will be replaced. + items: + description: PersistentVolumeClaim is a user's request for + and claim to a persistent volume + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + spec defines the desired characteristics of a volume requested by a pod author. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + status: + description: |- + status represents the current information/status of a persistent volume claim. + Read-only. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + accessModes: + description: |- + accessModes contains the actual access modes the volume backing the PVC has. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + allocatedResourceStatuses: + additionalProperties: + description: |- + When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource + that it does not recognizes, then it should ignore that update and let other controllers + handle it. + type: string + description: "allocatedResourceStatuses stores status + of resource being resized for the given PVC.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nClaimResourceStatus + can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState + set when resize controller starts resizing the + volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState + set when resize has failed in resize controller + with a terminal error.\n\t- NodeResizePending:\n\t\tState + set when resize controller has finished resizing + the volume but further resizing of\n\t\tvolume + is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState + set when kubelet starts resizing the volume.\n\t- + NodeResizeFailed:\n\t\tState set when resizing + has failed in kubelet with a terminal error. Transient + errors don't set\n\t\tNodeResizeFailed.\nFor example: + if expanding a PVC for more capacity - this field + can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] + = \"NodeResizeFailed\"\nWhen this field is not + set, it means that no resize operation is in progress + for the given PVC.\n\n\nA controller that receives + PVC update with previously unknown resourceName + or ClaimResourceStatus\nshould ignore the update + for the purpose it was designed. For example - + a controller that\nonly is responsible for resizing + capacity of the volume, should ignore PVC updates + that change other valid\nresources associated + with PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + x-kubernetes-map-type: granular + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: "allocatedResources tracks the resources + allocated to a PVC including its capacity.\nKey + names follow standard Kubernetes label syntax. + Valid values are either:\n\t* Un-prefixed keys:\n\t\t- + storage - the capacity of the volume.\n\t* Custom + resources must use implementation-defined prefixed + names such as \"example.com/my-custom-resource\"\nApart + from above values - keys that are unprefixed or + have kubernetes.io prefix are considered\nreserved + and hence may not be used.\n\n\nCapacity reported + here may be larger than the actual capacity when + a volume expansion operation\nis requested.\nFor + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used.\nIf allocatedResources + is not set, PVC.spec.resources alone is used for + quota calculation.\nIf a volume expansion capacity + request is lowered, allocatedResources is only\nlowered + if there are no expansion operations in progress + and if the actual volume capacity\nis equal or + lower than the requested capacity.\n\n\nA controller + that receives PVC update with previously unknown + resourceName\nshould ignore the update for the + purpose it was designed. For example - a controller + that\nonly is responsible for resizing capacity + of the volume, should ignore PVC updates that + change other valid\nresources associated with + PVC.\n\n\nThis is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature." + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: |- + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we + probed the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time + the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: message is the human-readable + message indicating details about last transition. + type: string + reason: + description: |- + reason is a unique, this should be a short, machine understandable string that gives the reason + for condition's last transition. If it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + currentVolumeAttributesClassName: + description: |- + currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. + When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim + This is an alpha field and requires enabling VolumeAttributesClass feature. + type: string + modifyVolumeStatus: + description: |- + ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. + When this is unset, there is no ModifyVolume operation being attempted. + This is an alpha field and requires enabling VolumeAttributesClass feature. + properties: + status: + description: "status is the status of the ControllerModifyVolume + operation. It can be in any of following states:\n + - Pending\n Pending indicates that the PersistentVolumeClaim + cannot be modified due to unmet requirements, + such as\n the specified VolumeAttributesClass + not existing.\n - InProgress\n InProgress + indicates that the volume is being modified.\n + - Infeasible\n Infeasible indicates that + the request has been rejected as invalid by + the CSI driver. To\n\t resolve the error, + a valid VolumeAttributesClass needs to be + specified.\nNote: New statuses can be added + in the future. Consumers should check for + unknown statuses and fail appropriately." + type: string + targetVolumeAttributesClassName: + description: targetVolumeAttributesClassName + is the name of the VolumeAttributesClass the + PVC currently being reconciled + type: string + required: + - status + type: object + phase: + description: phase represents the current phase + of PersistentVolumeClaim. + type: string + type: object + type: object + type: array + volumeExpansionEnabled: + description: Expand volume size automatically if needed when + VolumeExpansionEnabled is true + type: boolean + volumeMounts: + description: |- + VolumeMounts is a list of volumes to mount into the container's filesystem. + If a non-empty list is specified, the original values of the main container in the desired STS will be replaced. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + type: object + type: object + conf: + description: |- + Conf defines the zookeeper configuration. It will be used for generating + the configuration file used by zookeeper process. + Deprecated: use `config` + nullable: true + properties: + custom: + additionalProperties: + type: string + description: Custom accepts other configurations + nullable: true + type: object + globalOutstandingLimit: + description: |- + GlobalOutstandingLimit limits the number of queued outstanding requests + + + The default value is 100000 + type: integer + initLimit: + description: |- + InitLimit is the number of ticks that the initial synchronization phase can take. + + + The default value is 10. + type: integer + maxClientCnxns: + description: |- + MaxClientCnxns limits the maximum number of client connections. + + + The default value is 1000 + type: integer + serverCnxnFactory: + description: |- + ServerCnxnFactory is the ServerCnxnFactory implementation. + + + The default value is org.apache.zookeeper.server.NettyServerCnxnFactory + type: string + snapCount: + description: |- + SnapCount is the number of transactions recorded in the transaction log before a snapshot can be taken. + + + The default value is 1000000 + type: integer + syncLimit: + description: |- + SyncLimit is the number of ticks that can pass between sending a request and + getting an acknowledgement + + + The default value is 5. + type: integer + tickTime: + description: |- + TickTime is the number of milliseconds of each tick. A tick is the basic time + unit used by ZooKeeper, as measured in milliseconds + + + The default value is 2000. + type: integer + type: object + config: + description: Config defines the zookeeper configuration + nullable: true + properties: + custom: + additionalProperties: + type: string + description: Custom accepts other configurations + nullable: true + type: object + globalOutstandingLimit: + description: |- + GlobalOutstandingLimit limits the number of queued outstanding requests + + + The default value is 100000 + type: integer + initLimit: + description: |- + InitLimit is the number of ticks that the initial synchronization phase can take. + + + The default value is 10. + type: integer + maxClientCnxns: + description: |- + MaxClientCnxns limits the maximum number of client connections. + + + The default value is 1000 + type: integer + serverCnxnFactory: + description: |- + ServerCnxnFactory is the ServerCnxnFactory implementation. + + + The default value is org.apache.zookeeper.server.NettyServerCnxnFactory + type: string + snapCount: + description: |- + SnapCount is the number of transactions recorded in the transaction log before a snapshot can be taken. + + + The default value is 1000000 + type: integer + syncLimit: + description: |- + SyncLimit is the number of ticks that can pass between sending a request and + getting an acknowledgement + + + The default value is 5. + type: integer + tickTime: + description: |- + TickTime is the number of milliseconds of each tick. A tick is the basic time + unit used by ZooKeeper, as measured in milliseconds + + + The default value is 2000. + type: integer + type: object + customization: + description: Customization allows the desired manifests of operator + managed resources to be customized. + items: + properties: + manifest: + description: Manifest defines the patch to apply to customize + the desired resource + type: string + match: + description: Match defines what resource should be customized + by this customization layer + nullable: true + properties: + groupVersionKinds: + description: Matches the group, version, and kind of the + resource. + items: + properties: + group: + description: |- + Group is the group of the resource. + Matches all groups if it's empty or `*`. + type: string + kind: + description: |- + Kind is the kind of the resource. + Matches all kinds if it's `*`. + type: string + version: + description: |- + Version is the version of the resource. + Matches all versions if it's empty or `*`. + type: string + required: + - kind + type: object + nullable: true + type: array + name: + description: |- + Name matches the resource name defined in the metadata. + It could be defined as a Regex pattern, like `^.*-bk$`. + type: string + type: object + required: + - manifest + type: object + nullable: true + type: array + image: + description: |- + Image is the container image used to run zookeeper pods. + default is apachepulsar/pulsar:latest + type: string + imagePullPolicy: + description: Image pull policy, one of Always, Never, IfNotPresent, + default to Always. + type: string + istio: + description: Istio defines the configurations for istio + properties: + authRules: + description: AuthRules define the AuthorizationPolicies + items: + properties: + fromSource: + items: + properties: + principals: + items: + type: string + type: array + type: object + type: array + toOperation: + description: ToOperation defines the ports that the rule + applies to + items: + properties: + ports: + description: Ports defines the ports that the rule + applies to + items: + type: string + type: array + type: object + type: array + type: object + type: array + enabled: + description: Enabled defines whether to enable Istio + type: boolean + gateway: + description: |- + Gateway defines the gateway configuration, Gateway will be ignored if Gateways is not empty + The operator could either create a gateway automatically or use an existing one + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used to + detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record from + wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines the + name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should be\n + \ name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of the + secret in the Broker workload namespace.\nRequired in + both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + gateways: + description: Gateways define a list of gateway configurations, + Gateway will be used if Gateways is empty + items: + properties: + advertisedDomain: + description: AdvertisedDomain defines the domain name for + the gateway, used solely when serving a list of gateways + type: string + create: + description: Create defines whether to create a gateway + type: boolean + gateways: + description: Gateways defines a list of existing gateways + items: + type: string + nullable: true + type: array + key: + default: istio-generatedid + description: Key is used to identify the gateway and related + resources, used solely when serving a list of gateways + type: string + route: + description: Route defines route policy for the gateway + properties: + topologyAware: + description: TopologyAware defines + properties: + key: + description: Key defines the node label key used + to detect Pod topology info + type: string + subDomain: + description: SubDomain defines url generation rule + for broker Pod + type: string + required: + - key + type: object + useWildcardDNS: + description: UseWildcardDNS means inherit DNS record + from wildcard DNS, only works for externalDNS + type: boolean + type: object + selector: + additionalProperties: + type: string + description: Selector defines the selector for the gateway + to create + nullable: true + type: object + tls: + properties: + certSecretName: + description: "SIMPLE mode:\n CertSecretName defines + the name of the secret that contains the\n certificate + to use in Istio Ingress Gateway. The value should + be\n name of the secret in the gateway workload namespace.\nPASSTHROUGH + mode:\n\t CertSecretName defines the name of the secret + that contains the\n\t certificate to use in Broker. + The value should be name of the secret\n name of + the secret in the Broker workload namespace.\nRequired + in both SIMPLE and PASSTHROUGH mode." + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be + secured using TLS. The value of this field determines how TLS is + enforced. + type: string + subjectAltNames: + description: SubjectAltNames defines the subject alternative + names for the certificate + items: + type: string + type: array + trustCertsEnabled: + description: TrustCertsEnabled defines whether to enable + trust store + type: boolean + type: object + type: object + maxItems: 10 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + mtls: + description: Mtls defines the mTLS configuration + properties: + mode: + default: strict + type: string + type: object + revision: + default: default + description: Revision defines which Istio control plane inject + sidecar + type: string + trustDomain: + description: TrustDomain corresponds to the trust root of a system + and is part of a workload identity + type: string + type: object + labels: + additionalProperties: + type: string + description: |- + Labels specifies the labels to attach to the stateful set the operator creates for + the zookeeper cluster. + nullable: true + type: object + logConfig: + description: LogConfig defines the log configuration + properties: + format: + default: text + description: Format is the log format, value is 'json' or 'text' + enum: + - json + - text + type: string + level: + default: INFO + description: Level is the log level + enum: + - INFO + - DEBUG + - TRACE + - WARN + - ERROR + - FATAL + - ALL + - "OFF" + type: string + template: + description: Template is the log Configuration content, can use + golang template syntax + type: string + type: object + persistence: + description: Persistence defines the persistent volume used for the + zookeeper pod + properties: + data: + description: Data is the spec to define the data PVC for the container + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + dataLog: + description: DataLog is the spec to define the data-log PVC for + the container + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeAttributesClassName: + description: |- + volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. + If specified, the CSI driver will create or update the volume with the attributes defined + in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, + it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass + will be applied to the claim but it's not allowed to reset this field to empty string once it is set. + If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass + will be set by the persistentvolume controller if it exists. + If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be + set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource + exists. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass + (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the PersistentVolume + backing this claim. + type: string + type: object + reclaimPolicy: + description: VolumeReclaimPolicy defines how to reclaim PV. + type: string + type: object + pod: + description: Pod defines the policy for creating a zookeeper pod for + the cluster + properties: + affinity: + description: Affinity specifies the scheduling constraints of + a pod + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: Annotations specifies the annotations to attach to + pods the operator creates + type: object + debug: + description: Debug defines a switch enable debug + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace + to use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: |- + InitContainers defines init containers of the pod. A typical use case could be using an init + container to download a remote jar to a local path. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + jvmOptions: + description: JvmOptions defines the Jvm options passed to the + container + nullable: true + properties: + extraOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcLoggingOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + gcOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + memoryOptions: + items: + type: string + nullable: true + type: array + x-kubernetes-list-type: set + type: object + x-kubernetes-map-type: granular + labels: + additionalProperties: + type: string + description: Labels specifies the labels to attach to pod the + operator creates for the cluster. + type: object + minReadySeconds: + description: |- + MinReadySeconds is the minimum time the pod must be ready without any of its + container crashing, for it to be considered available. + Only available when feature gate StatefulSetMinReadySeconds is enabled(enabled by default from v1.25.0). + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run + on a node, the node must have each of the indicated key-value pairs as labels. + type: object + resources: + description: Resources specifies the resource requirements of + containers to run in the pod + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + secretRefs: + description: SecretRefs defines how to mount required secrets + into containers + items: + properties: + mountPath: + type: string + secretName: + type: string + required: + - mountPath + - secretName + type: object + type: array + x-kubernetes-list-map-keys: + - secretName + x-kubernetes-list-type: map + securityContext: + description: |- + SecurityContext specifies the security context for the entire pod + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context + properties: + fsGroup: + format: int64 + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem specifies whether the + container use a read-only filesystem. + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run pods. + type: string + sidecars: + description: Sidecars defines sidecar containers running alongside + with the main function container in the pod. + items: + description: |- + A single application container that you want to run within a pod. + The Container API from the core group is not used directly to avoid unneeded fields + and reduce the size of the CRD. New fields could be added as needed. + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed within a shell. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. + items: + description: EnvFromSource represents the source of a + set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + livenessProbe: + description: Periodic probe of container liveness. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + name: + description: |- + Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + type: string + readinessProbe: + description: |- + Periodic probe of container service readiness. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + resources: + description: Compute Resources required by this container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + startupProbe: + description: StartupProbe indicates that the Pod has successfully + initialized. + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + + If this is not specified, the default behavior is defined by gRPC. + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + format: int32 + type: integer + type: object + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + required: + - name + type: object + type: array + terminationGracePeriodSeconds: + description: |- + TerminationGracePeriodSeconds is the amount of time that kubernetes will give + for a pod before terminating it. + format: int64 + type: integer + tolerations: + description: Tolerations specifies the tolerations of a Pod + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + updateStrategy: + description: UpdateStrategy defines the update strategy of the + pod + nullable: true + properties: + partition: + description: |- + Partition indicates the ordinal at which the StatefulSet should be + partitioned. + Default value is 0. + format: int32 + type: integer + podUIDsToDelete: + description: PodUIDsToDelete is a list of pod UIDs to delete. + items: + type: string + nullable: true + type: array + type: + description: |- + Type indicates the type of the StatefulSetUpdateStrategy. + Default is RollingUpdate. + type: string + type: object + vars: + description: Vars specifies the environment variables of a Pod + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + volumes: + description: Volumes defines extra volumes of the pod. + items: + description: |- + Volume represents a named volume in a pod that may be accessed by any container in the pod. + The Volume API from the core group is not used directly to avoid unneeded fields defined in `VolumeSource` + and reduce the size of the CRD. New fields in VolumeSource could be added as needed. + properties: + configMap: + description: ConfigMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Volume's name. + Must be a DNS_LABEL and unique within the pod. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + secret: + description: Secret represents a secret that should populate + this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a + volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + replicas: + default: 3 + description: |- + Replicas is the expected size of the zookeeper cluster. + The zookeeper operator will eventually make the size of the running cluster + equal to the expected size. + If unspecified, defaults to 3. + format: int32 + minimum: 0 + type: integer + type: object + status: + description: ZooKeeperClusterStatus defines the observed state of ZooKeeperCluster + properties: + conditions: + description: Conditions represent observations of the ZookeeperCluster's + state + items: + description: |- + Condition represents an observation of an object's state. Conditions are an + extension mechanism intended to be used when the details of an observation + are not a priori known or would not apply to all instances of a given Kind. + + + Conditions should be added to explicitly convey properties that users and + components care about rather than requiring those properties to be inferred + from other observations. Once defined, the meaning of a Condition can not be + changed arbitrarily - it becomes part of the API, and has the same + backwards- and forwards-compatibility concerns of any other part of the API. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + description: |- + ConditionReason is intended to be a one-word, CamelCase representation of + the category of cause of the current status. It is intended to be used in + concise output, such as one-line kubectl get output, and in summarizing + occurrences of causes. + type: string + status: + type: string + type: + description: |- + ConditionType is the type of the condition and is typically a CamelCased + word or short phrase. + + + Condition types should indicate state in the "abnormal-true" polarity. For + example, if the condition indicates when a policy is invalid, the "is valid" + case is probably the norm, so the condition should be called "Invalid". + type: string + required: + - status + - type + type: object + type: array + externalServiceEndpoint: + description: ExternalServiceEndpoint is the external service endpoint + (ip:port) + type: string + internalServiceEndpoint: + description: InternalServiceEndpoint is the internal service endpoint + (ip:port) + type: string + labelSelector: + description: Label selector for scaling + type: string + numReadyServers: + description: NumReadyServers is the number of zookeeper servers in + the cluster that are in ready status + format: int32 + type: integer + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this cluster. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + onMeshReplicas: + description: OnMeshReplicas is the number of Pods with service mesh + enabled + format: int32 + type: integer + pendingChanges: + description: PendingChanges shows the skipped changes when the rollout + is paused + items: + properties: + action: + type: string + apiVersion: + type: string + diff: + type: string + kind: + type: string + name: + type: string + required: + - action + - apiVersion + - diff + - kind + - name + type: object + nullable: true + type: array + readyReplicas: + description: ReadyReplicas is the number of ready zookeeper servers + in the cluster + format: int32 + type: integer + replicas: + description: Replicas is the number of desired zookeeper servers in + the cluster + format: int32 + type: integer + servers: + description: Servers is the list of servers in the zookeeper cluster + properties: + notReady: + items: + type: string + type: array + ready: + items: + type: string + type: array + required: + - notReady + - ready + type: object + updatedReplicas: + description: UpdatedReplicas is the number of zookeeper servers that + has been updated to the latest configuration + format: int32 + type: integer + required: + - conditions + - externalServiceEndpoint + - internalServiceEndpoint + - numReadyServers + - replicas + - servers + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/sn-operator/0.7.0-rc.13/metadata/annotations.yaml b/operators/sn-operator/0.7.0-rc.13/metadata/annotations.yaml new file mode 100644 index 00000000000..a62feb484cd --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/metadata/annotations.yaml @@ -0,0 +1,17 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: sn-operator + operators.operatorframework.io.bundle.channels.v1: alpha,beta + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.31.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + # OpenShift annotations. + com.redhat.openshift.versions: v4.6-v4.15 diff --git a/operators/sn-operator/0.7.0-rc.13/tests/scorecard/config.yaml b/operators/sn-operator/0.7.0-rc.13/tests/scorecard/config.yaml new file mode 100644 index 00000000000..21f1d101ef8 --- /dev/null +++ b/operators/sn-operator/0.7.0-rc.13/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}